diff options
author | rwatson <rwatson@FreeBSD.org> | 2008-10-26 22:46:37 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2008-10-26 22:46:37 +0000 |
commit | 432d006baee145f31cb162ef67acf255de6b4635 (patch) | |
tree | afc4eb79fc1edd05f0118dd582da3915014ef082 /sys/security/mac_biba/mac_biba.c | |
parent | 0db6d4519ceacc0d9c0af2e667962f6c0546029e (diff) | |
download | FreeBSD-src-432d006baee145f31cb162ef67acf255de6b4635.zip FreeBSD-src-432d006baee145f31cb162ef67acf255de6b4635.tar.gz |
Implement MAC policy support for IPv6 fragment reassembly queues,
modeled on IPv4 fragment reassembly queue support.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac_biba/mac_biba.c')
-rw-r--r-- | sys/security/mac_biba/mac_biba.c | 54 |
1 files changed, 53 insertions, 1 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index c1520a2..5680a57 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002, 2007 Robert N. M. Watson + * Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson * Copyright (c) 2001-2005 McAfee, Inc. * Copyright (c) 2006 SPARTA, Inc. * All rights reserved. @@ -1170,6 +1170,51 @@ biba_inpcb_sosetlabel(struct socket *so, struct label *solabel, } static void +biba_ip6q_create(struct mbuf *m, struct label *mlabel, struct ip6q *q6, + struct label *q6label) +{ + struct mac_biba *source, *dest; + + source = SLOT(mlabel); + dest = SLOT(q6label); + + biba_copy_effective(source, dest); +} + +static int +biba_ip6q_match(struct mbuf *m, struct label *mlabel, struct ip6q *q6, + struct label *q6label) +{ + struct mac_biba *a, *b; + + a = SLOT(q6label); + b = SLOT(mlabel); + + return (biba_equal_effective(a, b)); +} + +static void +biba_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, + struct label *mlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(q6label); + dest = SLOT(mlabel); + + /* Just use the head, since we require them all to match. */ + biba_copy_effective(source, dest); +} + +static void +biba_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, + struct label *q6label) +{ + + /* NOOP: we only accept matching labels, so no need to update */ +} + +static void biba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q, struct label *qlabel) { @@ -3325,6 +3370,13 @@ static struct mac_policy_ops mac_biba_ops = .mpo_inpcb_init_label = biba_init_label_waitcheck, .mpo_inpcb_sosetlabel = biba_inpcb_sosetlabel, + .mpo_ip6q_create = biba_ip6q_create, + .mpo_ip6q_destroy_label = biba_destroy_label, + .mpo_ip6q_init_label = biba_init_label_waitcheck, + .mpo_ip6q_match = biba_ip6q_match, + .mpo_ip6q_reassemble = biba_ip6q_reassemble, + .mpo_ip6q_update = biba_ip6q_update, + .mpo_ipq_create = biba_ipq_create, .mpo_ipq_destroy_label = biba_destroy_label, .mpo_ipq_init_label = biba_init_label_waitcheck, |