diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-10-28 15:55:23 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-10-28 15:55:23 +0000 |
| commit | 2bca3d4001f67728691cf776e9d18d9c59c19365 (patch) | |
| tree | 6903d27f86e038a8c03b0705e717026eb4846831 /sys/security/mac_test | |
| parent | 5b4c0a83ffe5155893733797736e14c3b44f759a (diff) | |
| download | FreeBSD-src-2bca3d4001f67728691cf776e9d18d9c59c19365.zip FreeBSD-src-2bca3d4001f67728691cf776e9d18d9c59c19365.tar.gz | |
Move towards more explicit support for various network protocol stacks
in the TrustedBSD MAC Framework:
- Add mac_atalk.c and add explicit entry point mac_netatalk_aarp_send()
for AARP packet labeling, rather than using a generic link layer
entry point.
- Add mac_inet6.c and add explicit entry point mac_netinet6_nd6_send()
for ND6 packet labeling, rather than using a generic link layer entry
point.
- Add expliict entry point mac_netinet_arp_send() for ARP packet
labeling, and mac_netinet_igmp_send() for IGMP packet labeling,
rather than using a generic link layer entry point.
- Remove previous genering link layer entry point,
mac_mbuf_create_linklayer() as it is no longer used.
- Add implementations of new entry points to various policies, largely
by replicating the existing link layer entry point for them; remove
old link layer entry point implementation.
- Make MAC_IFNET_LOCK(), MAC_IFNET_UNLOCK(), and mac_ifnet_mtx global
to the MAC Framework rather than static to mac_net.c as it is now
needed outside of mac_net.c.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac_test')
| -rw-r--r-- | sys/security/mac_test/mac_test.c | 60 |
1 files changed, 48 insertions, 12 deletions
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 6c88010..69b5c27 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -1015,17 +1015,6 @@ test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, COUNTER_INC(inpcb_create_mbuf); } -COUNTER_DECL(mbuf_create_linklayer); -static void -test_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *mbuf, struct label *mbuflabel) -{ - - LABEL_CHECK(ifplabel, MAGIC_IFNET); - LABEL_CHECK(mbuflabel, MAGIC_MBUF); - COUNTER_INC(mbuf_create_linklayer); -} - COUNTER_DECL(bpfdesc_create_mbuf); static void test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel, @@ -1086,6 +1075,28 @@ test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, return (1); } +COUNTER_DECL(netatalk_aarp_send); +static void +test_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *mbuf, struct label *mbuflabel) +{ + + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(netatalk_aarp_send); +} + +COUNTER_DECL(netinet_arp_send); +static void +test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *mbuf, struct label *mbuflabel) +{ + + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(netinet_arp_send); +} + COUNTER_DECL(netinet_icmp_reply); static void test_netinet_icmp_reply(struct mbuf *m, struct label *mlabel) @@ -1095,6 +1106,17 @@ test_netinet_icmp_reply(struct mbuf *m, struct label *mlabel) COUNTER_INC(netinet_icmp_reply); } +COUNTER_DECL(netinet_igmp_send); +static void +test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *mbuf, struct label *mbuflabel) +{ + + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(netinet_igmp_send); +} + COUNTER_DECL(netinet_tcp_reply); static void test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) @@ -1104,6 +1126,17 @@ test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) COUNTER_INC(netinet_tcp_reply); } +COUNTER_DECL(netinet6_nd6_send); +static void +test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *mbuf, struct label *mbuflabel) +{ + + LABEL_CHECK(ifplabel, MAGIC_IFNET); + LABEL_CHECK(mbuflabel, MAGIC_MBUF); + COUNTER_INC(netinet6_nd6_send); +} + COUNTER_DECL(ifnet_relabel); static void test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, @@ -2686,14 +2719,17 @@ static struct mac_policy_ops test_ops = .mpo_netinet_fragment = test_netinet_fragment, .mpo_ipq_create = test_ipq_create, .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, - .mpo_mbuf_create_linklayer = test_mbuf_create_linklayer, .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = test_mbuf_create_multicast_encap, .mpo_mbuf_create_netlayer = test_mbuf_create_netlayer, .mpo_ipq_match = test_ipq_match, + .mpo_netatalk_aarp_send = test_netatalk_aarp_send, + .mpo_netinet_arp_send = test_netinet_arp_send, .mpo_netinet_icmp_reply = test_netinet_icmp_reply, + .mpo_netinet_igmp_send = test_netinet_igmp_send, .mpo_netinet_tcp_reply = test_netinet_tcp_reply, + .mpo_netinet6_nd6_send = test_netinet6_nd6_send, .mpo_ifnet_relabel = test_ifnet_relabel, .mpo_ipq_update = test_ipq_update, .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, |
