diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-10-28 17:12:48 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-10-28 17:12:48 +0000 |
commit | 369fd04f480478bfb9d2cb1566ec0189185a020e (patch) | |
tree | 538321b7fe182a0082beacd5d1ff13b9d63f3fca /sys/security/mac_lomac | |
parent | 6b31aa449ccb86216e7b0fbfdaf1540f5cf34e82 (diff) | |
download | FreeBSD-src-369fd04f480478bfb9d2cb1566ec0189185a020e.zip FreeBSD-src-369fd04f480478bfb9d2cb1566ec0189185a020e.tar.gz |
Continue to move from generic network entry points in the TrustedBSD MAC
Framework by moving from mac_mbuf_create_netlayer() to more specific
entry points for specific network services:
- mac_netinet_firewall_reply() to be used when replying to in-bound TCP
segments in pf and ipfw (etc).
- Rename mac_netinet_icmp_reply() to mac_netinet_icmp_replyinplace() and
add mac_netinet_icmp_reply(), reflecting that in some cases we overwrite
a label in place, but in others we apply the label to a new mbuf.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac_lomac')
-rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 39 |
1 files changed, 26 insertions, 13 deletions
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index d670d19..796badc 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -1368,18 +1368,6 @@ lomac_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel, lomac_copy_single(source, dest); } -static void -lomac_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel, - struct mbuf *mnew, struct label *mnewlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(mlabel); - dest = SLOT(mnewlabel); - - lomac_copy_single(source, dest); -} - static int lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, struct label *ipqlabel) @@ -1468,6 +1456,18 @@ lomac_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, } static void +lomac_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + lomac_copy_single(source, dest); +} + +static void lomac_netinet_firewall_send(struct mbuf *m, struct label *mlabel) { struct mac_lomac *dest; @@ -1479,6 +1479,18 @@ lomac_netinet_firewall_send(struct mbuf *m, struct label *mlabel) } static void +lomac_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + lomac_copy_single(source, dest); +} + +static void lomac_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel) { @@ -2914,7 +2926,6 @@ static struct mac_policy_ops lomac_ops = .mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = lomac_mbuf_create_multicast_encap, - .mpo_mbuf_create_netlayer = lomac_mbuf_create_netlayer, .mpo_ipq_match = lomac_ipq_match, .mpo_ifnet_relabel = lomac_ifnet_relabel, .mpo_ipq_update = lomac_ipq_update, @@ -2970,7 +2981,9 @@ static struct mac_policy_ops lomac_ops = .mpo_thread_userret = lomac_thread_userret, .mpo_netatalk_aarp_send = lomac_netatalk_aarp_send, .mpo_netinet_arp_send = lomac_netinet_arp_send, + .mpo_netinet_firewall_reply = lomac_netinet_firewall_reply, .mpo_netinet_firewall_send = lomac_netinet_firewall_send, + .mpo_netinet_icmp_reply = lomac_netinet_icmp_reply, .mpo_netinet_igmp_send = lomac_netinet_igmp_send, .mpo_netinet6_nd6_send = lomac_netinet6_nd6_send, .mpo_priv_check = lomac_priv_check, |