diff options
author | rwatson <rwatson@FreeBSD.org> | 2003-12-17 14:55:11 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2003-12-17 14:55:11 +0000 |
commit | 8315bb904de1f1c34053b85fab46b2f15bea6d42 (patch) | |
tree | 6f403547f45a548d093633ddb92a1c06f17404e9 /sys/security/mac_mls | |
parent | 71deee9e60194502532d1e090e2a0342fd47c484 (diff) | |
download | FreeBSD-src-8315bb904de1f1c34053b85fab46b2f15bea6d42.zip FreeBSD-src-8315bb904de1f1c34053b85fab46b2f15bea6d42.tar.gz |
Switch TCP over to using the inpcb label when responding in timed
wait, rather than the socket label. This avoids reaching up to
the socket layer during connection close, which requires locking
changes. To do this, introduce MAC Framework entry point
mac_create_mbuf_from_inpcb(), which is called from tcp_twrespond()
instead of calling mac_create_mbuf_from_socket() or
mac_create_mbuf_netlayer(). Introduce MAC Policy entry point
mpo_create_mbuf_from_inpcb(), and implementations for various
policies, which generally just copy label data from the inpcb to
the mbuf. Assert the inpcb lock in the entry point since we
require consistency for the inpcb label reference.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security/mac_mls')
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 3a73467..96016ce 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -1130,6 +1130,18 @@ mac_mls_create_fragment(struct mbuf *datagram, struct label *datagramlabel, } static void +mac_mls_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(inplabel); + dest = SLOT(mlabel); + + mac_mls_copy_single(source, dest); +} + +static void mac_mls_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) @@ -2470,6 +2482,7 @@ static struct mac_policy_ops mac_mls_ops = .mpo_create_ifnet = mac_mls_create_ifnet, .mpo_create_inpcb_from_socket = mac_mls_create_inpcb_from_socket, .mpo_create_ipq = mac_mls_create_ipq, + .mpo_create_mbuf_from_inpcb = mac_mls_create_mbuf_from_inpcb, .mpo_create_mbuf_from_mbuf = mac_mls_create_mbuf_from_mbuf, .mpo_create_mbuf_linklayer = mac_mls_create_mbuf_linklayer, .mpo_create_mbuf_from_bpfdesc = mac_mls_create_mbuf_from_bpfdesc, |