diff options
author | rwatson <rwatson@FreeBSD.org> | 2003-08-21 18:21:22 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2003-08-21 18:21:22 +0000 |
commit | 32ed1a62a81fa74b7ba72050f7fcc471b032f95c (patch) | |
tree | 269bdd075acbd16f8db9b0379a3518d07ca3cd76 /sys/security/mac/mac_internal.h | |
parent | 31a9062bd5a40857d69d229a261f64e30a94e727 (diff) | |
download | FreeBSD-src-32ed1a62a81fa74b7ba72050f7fcc471b032f95c.zip FreeBSD-src-32ed1a62a81fa74b7ba72050f7fcc471b032f95c.tar.gz |
Introduce two new MAC Framework and MAC policy entry points:
mac_reflect_mbuf_icmp()
mac_reflect_mbuf_tcp()
These entry points permit MAC policies to do "update in place"
changes to the labels on ICMP and TCP mbuf headers when an ICMP or
TCP response is generated to a packet outside of the context of
an existing socket. For example, in respond to a ping or a RST
packet to a SYN on a closed port.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security/mac/mac_internal.h')
-rw-r--r-- | sys/security/mac/mac_internal.h | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index dcd8831..490b492 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -2398,6 +2398,25 @@ mac_fragment_match(struct mbuf *fragment, struct ipq *ipq) } void +mac_reflect_mbuf_icmp(struct mbuf *m) +{ + struct label *label; + + label = mbuf_to_label(m); + + MAC_PERFORM(reflect_mbuf_icmp, m, label); +} +void +mac_reflect_mbuf_tcp(struct mbuf *m) +{ + struct label *label; + + label = mbuf_to_label(m); + + MAC_PERFORM(reflect_mbuf_tcp, m, label); +} + +void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq) { struct label *label; |