diff options
-rw-r--r-- | sys/contrib/pf/net/pf.c | 2 | ||||
-rw-r--r-- | sys/netinet/ip_fw2.c | 2 | ||||
-rw-r--r-- | sys/netinet/ip_icmp.c | 4 | ||||
-rw-r--r-- | sys/security/mac/mac_framework.h | 5 | ||||
-rw-r--r-- | sys/security/mac/mac_inet.c | 31 | ||||
-rw-r--r-- | sys/security/mac/mac_net.c | 11 | ||||
-rw-r--r-- | sys/security/mac/mac_policy.h | 14 | ||||
-rw-r--r-- | sys/security/mac_biba/mac_biba.c | 39 | ||||
-rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 39 | ||||
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 39 | ||||
-rw-r--r-- | sys/security/mac_stub/mac_stub.c | 34 | ||||
-rw-r--r-- | sys/security/mac_test/mac_test.c | 29 |
12 files changed, 159 insertions, 90 deletions
diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c index c4c5892..b751f33 100644 --- a/sys/contrib/pf/net/pf.c +++ b/sys/contrib/pf/net/pf.c @@ -1818,7 +1818,7 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af, #ifdef __FreeBSD__ #ifdef MAC if (replyto) - mac_mbuf_create_netlayer(replyto, m); + mac_netinet_firewall_reply(replyto, m); else mac_netinet_firewall_send(m); #else diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index b815707..77fc59f 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -1619,7 +1619,7 @@ send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq, #ifdef MAC if (replyto != NULL) - mac_mbuf_create_netlayer(replyto, m); + mac_netinet_firewall_reply(replyto, m); else mac_netinet_firewall_send(m); #else diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 35718c9..8df3523 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -221,7 +221,7 @@ stdreply: icmpelen = max(8, min(icmp_quotelen, oip->ip_len - oiphlen)); if (m == NULL) goto freeit; #ifdef MAC - mac_mbuf_create_netlayer(n, m); + mac_netinet_icmp_reply(n, m); #endif icmplen = min(icmplen, M_TRAILINGSPACE(m) - sizeof(struct ip) - ICMP_MINLEN); m_align(m, ICMP_MINLEN + icmplen); @@ -699,7 +699,7 @@ icmp_reflect(struct mbuf *m) } match: #ifdef MAC - mac_netinet_icmp_reply(m); + mac_netinet_icmp_replyinplace(m); #endif t = IA_SIN(ia)->sin_addr; ip->ip_src = t; diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 5605a66..3ea3490 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -154,7 +154,6 @@ int mac_kld_check_stat(struct ucred *cred); void mac_mbuf_copy(struct mbuf *, struct mbuf *); void mac_mbuf_create_multicast_encap(struct mbuf *m, struct ifnet *ifp, struct mbuf *mnew); -void mac_mbuf_create_netlayer(struct mbuf *m, struct mbuf *mnew); int mac_mbuf_init(struct mbuf *, int); void mac_mbuf_tag_copy(struct m_tag *, struct m_tag *); @@ -169,9 +168,11 @@ void mac_mount_init(struct mount *); void mac_netatalk_aarp_send(struct ifnet *ifp, struct mbuf *m); void mac_netinet_arp_send(struct ifnet *ifp, struct mbuf *m); +void mac_netinet_firewall_reply(struct mbuf *mrecv, struct mbuf *msend); void mac_netinet_firewall_send(struct mbuf *m); void mac_netinet_fragment(struct mbuf *m, struct mbuf *frag); -void mac_netinet_icmp_reply(struct mbuf *m); +void mac_netinet_icmp_reply(struct mbuf *mrecv, struct mbuf *msend); +void mac_netinet_icmp_replyinplace(struct mbuf *m); void mac_netinet_igmp_send(struct ifnet *ifp, struct mbuf *m); void mac_netinet_tcp_reply(struct mbuf *m); diff --git a/sys/security/mac/mac_inet.c b/sys/security/mac/mac_inet.c index 22c134f..6533cf0 100644 --- a/sys/security/mac/mac_inet.c +++ b/sys/security/mac/mac_inet.c @@ -234,13 +234,25 @@ mac_netinet_arp_send(struct ifnet *ifp, struct mbuf *m) } void -mac_netinet_icmp_reply(struct mbuf *m) +mac_netinet_icmp_reply(struct mbuf *mrecv, struct mbuf *msend) +{ + struct label *mrecvlabel, *msendlabel; + + mrecvlabel = mac_mbuf_to_label(mrecv); + msendlabel = mac_mbuf_to_label(msend); + + MAC_PERFORM(netinet_icmp_reply, mrecv, mrecvlabel, msend, + msendlabel); +} + +void +mac_netinet_icmp_replyinplace(struct mbuf *m) { struct label *label; label = mac_mbuf_to_label(m); - MAC_PERFORM(netinet_icmp_reply, m, label); + MAC_PERFORM(netinet_icmp_replyinplace, m, label); } void @@ -300,6 +312,21 @@ mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp) } void +mac_netinet_firewall_reply(struct mbuf *mrecv, struct mbuf *msend) +{ + struct label *mrecvlabel, *msendlabel; + + M_ASSERTPKTHDR(mrecv); + M_ASSERTPKTHDR(msend); + + mrecvlabel = mac_mbuf_to_label(mrecv); + msendlabel = mac_mbuf_to_label(msend); + + MAC_PERFORM(netinet_firewall_reply, mrecv, mrecvlabel, msend, + msendlabel); +} + +void mac_netinet_firewall_send(struct mbuf *m) { struct label *label; diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index af05875..c451a29 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -334,17 +334,6 @@ mac_mbuf_create_multicast_encap(struct mbuf *m, struct ifnet *ifp, MAC_IFNET_UNLOCK(ifp); } -void -mac_mbuf_create_netlayer(struct mbuf *m, struct mbuf *mnew) -{ - struct label *mlabel, *mnewlabel; - - mlabel = mac_mbuf_to_label(m); - mnewlabel = mac_mbuf_to_label(mnew); - - MAC_PERFORM(mbuf_create_netlayer, m, mlabel, mnew, mnewlabel); -} - int mac_bpfdesc_check_receive(struct bpf_d *d, struct ifnet *ifp) { diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 7b606b5..8f26818 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -225,9 +225,6 @@ typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m, struct label *mlabel, struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew, struct label *mnewlabel); -typedef void (*mpo_mbuf_create_netlayer_t)(struct mbuf *m, - struct label *mlabel, struct mbuf *mnew, - struct label *mnewlabel); typedef void (*mpo_mbuf_destroy_label_t)(struct label *label); typedef int (*mpo_mbuf_init_label_t)(struct label *label, int flag); @@ -245,12 +242,18 @@ typedef void (*mpo_netatalk_aarp_send_t)(struct ifnet *ifp, typedef void (*mpo_netinet_arp_send_t)(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel); +typedef void (*mpo_netinet_firewall_reply_t)(struct mbuf *mrecv, + struct label *mrecvlabel, struct mbuf *msend, + struct label *msendlabel); typedef void (*mpo_netinet_firewall_send_t)(struct mbuf *m, struct label *mlabel); typedef void (*mpo_netinet_fragment_t)(struct mbuf *m, struct label *mlabel, struct mbuf *frag, struct label *fraglabel); -typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *m, +typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *mrecv, + struct label *mrecvlabel, struct mbuf *msend, + struct label *msendlabel); +typedef void (*mpo_netinet_icmp_replyinplace_t)(struct mbuf *m, struct label *mlabel); typedef void (*mpo_netinet_igmp_send_t)(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, @@ -690,7 +693,6 @@ struct mac_policy_ops { mpo_mbuf_copy_label_t mpo_mbuf_copy_label; mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap; - mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer; mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label; mpo_mbuf_init_label_t mpo_mbuf_init_label; @@ -702,9 +704,11 @@ struct mac_policy_ops { mpo_netatalk_aarp_send_t mpo_netatalk_aarp_send; mpo_netinet_arp_send_t mpo_netinet_arp_send; + mpo_netinet_firewall_reply_t mpo_netinet_firewall_reply; mpo_netinet_firewall_send_t mpo_netinet_firewall_send; mpo_netinet_fragment_t mpo_netinet_fragment; mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply; + mpo_netinet_icmp_replyinplace_t mpo_netinet_icmp_replyinplace; mpo_netinet_igmp_send_t mpo_netinet_igmp_send; mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply; diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index d96c4e1..5702c01 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1304,18 +1304,6 @@ biba_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel, biba_copy_effective(source, dest); } -static void -biba_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel, - struct mbuf *newm, struct label *mnewlabel) -{ - struct mac_biba *source, *dest; - - source = SLOT(mlabel); - dest = SLOT(mnewlabel); - - biba_copy_effective(source, dest); -} - static int biba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, struct label *ipqlabel) @@ -1383,6 +1371,18 @@ biba_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, } static void +biba_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + biba_copy_effective(source, dest); +} + +static void biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel) { struct mac_biba *dest; @@ -1394,6 +1394,18 @@ biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel) } static void +biba_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_biba *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + biba_copy_effective(source, dest); +} + +static void biba_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel) { @@ -3356,7 +3368,6 @@ static struct mac_policy_ops mac_biba_ops = .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = biba_mbuf_create_multicast_encap, - .mpo_mbuf_create_netlayer = biba_mbuf_create_netlayer, .mpo_ipq_match = biba_ipq_match, .mpo_ifnet_relabel = biba_ifnet_relabel, .mpo_ipq_update = biba_ipq_update, @@ -3446,7 +3457,9 @@ static struct mac_policy_ops mac_biba_ops = .mpo_vnode_check_write = biba_vnode_check_write, .mpo_netatalk_aarp_send = biba_netatalk_aarp_send, .mpo_netinet_arp_send = biba_netinet_arp_send, + .mpo_netinet_firewall_reply = biba_netinet_firewall_reply, .mpo_netinet_firewall_send = biba_netinet_firewall_send, + .mpo_netinet_icmp_reply = biba_netinet_icmp_reply, .mpo_netinet_igmp_send = biba_netinet_igmp_send, .mpo_netinet6_nd6_send = biba_netinet6_nd6_send, .mpo_priv_check = biba_priv_check, diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index d670d19..796badc 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -1368,18 +1368,6 @@ lomac_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel, lomac_copy_single(source, dest); } -static void -lomac_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel, - struct mbuf *mnew, struct label *mnewlabel) -{ - struct mac_lomac *source, *dest; - - source = SLOT(mlabel); - dest = SLOT(mnewlabel); - - lomac_copy_single(source, dest); -} - static int lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, struct label *ipqlabel) @@ -1468,6 +1456,18 @@ lomac_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, } static void +lomac_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + lomac_copy_single(source, dest); +} + +static void lomac_netinet_firewall_send(struct mbuf *m, struct label *mlabel) { struct mac_lomac *dest; @@ -1479,6 +1479,18 @@ lomac_netinet_firewall_send(struct mbuf *m, struct label *mlabel) } static void +lomac_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + lomac_copy_single(source, dest); +} + +static void lomac_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel) { @@ -2914,7 +2926,6 @@ static struct mac_policy_ops lomac_ops = .mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = lomac_mbuf_create_multicast_encap, - .mpo_mbuf_create_netlayer = lomac_mbuf_create_netlayer, .mpo_ipq_match = lomac_ipq_match, .mpo_ifnet_relabel = lomac_ifnet_relabel, .mpo_ipq_update = lomac_ipq_update, @@ -2970,7 +2981,9 @@ static struct mac_policy_ops lomac_ops = .mpo_thread_userret = lomac_thread_userret, .mpo_netatalk_aarp_send = lomac_netatalk_aarp_send, .mpo_netinet_arp_send = lomac_netinet_arp_send, + .mpo_netinet_firewall_reply = lomac_netinet_firewall_reply, .mpo_netinet_firewall_send = lomac_netinet_firewall_send, + .mpo_netinet_icmp_reply = lomac_netinet_icmp_reply, .mpo_netinet_igmp_send = lomac_netinet_igmp_send, .mpo_netinet6_nd6_send = lomac_netinet6_nd6_send, .mpo_priv_check = lomac_priv_check, diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 46deacf..701eb6d 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -1226,18 +1226,6 @@ mls_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel, mls_copy_effective(source, dest); } -static void -mls_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel, - struct mbuf *mnew, struct label *mnewlabel) -{ - struct mac_mls *source, *dest; - - source = SLOT(mlabel); - dest = SLOT(mnewlabel); - - mls_copy_effective(source, dest); -} - static int mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, struct label *ipqlabel) @@ -1305,6 +1293,18 @@ mls_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, } static void +mls_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + mls_copy_effective(source, dest); +} + +static void mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel) { struct mac_mls *dest; @@ -1316,6 +1316,18 @@ mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel) } static void +mls_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + struct mac_mls *source, *dest; + + source = SLOT(mrecvlabel); + dest = SLOT(msendlabel); + + mls_copy_effective(source, dest); +} + +static void mls_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel) { @@ -2983,7 +2995,6 @@ static struct mac_policy_ops mls_ops = .mpo_bpfdesc_create_mbuf = mls_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = mls_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = mls_mbuf_create_multicast_encap, - .mpo_mbuf_create_netlayer = mls_mbuf_create_netlayer, .mpo_ipq_match = mls_ipq_match, .mpo_ifnet_relabel = mls_ifnet_relabel, .mpo_ipq_update = mls_ipq_update, @@ -3069,7 +3080,9 @@ static struct mac_policy_ops mls_ops = .mpo_vnode_check_write = mls_vnode_check_write, .mpo_netatalk_aarp_send = mls_netatalk_aarp_send, .mpo_netinet_arp_send = mls_netinet_arp_send, + .mpo_netinet_firewall_reply = mls_netinet_firewall_reply, .mpo_netinet_firewall_send = mls_netinet_firewall_send, + .mpo_netinet_icmp_reply = mls_netinet_icmp_reply, .mpo_netinet_igmp_send = mls_netinet_igmp_send, .mpo_netinet6_nd6_send = mls_netinet6_nd6_send, }; diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 71c175b..687378f 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -427,22 +427,22 @@ stub_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel, } static void -stub_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel, - struct mbuf *mnew, struct label *mnewlabel) +stub_netatalk_aarp_send(struct ifnet *ifp, struct label *iflpabel, + struct mbuf *m, struct label *mlabel) { } static void -stub_netatalk_aarp_send(struct ifnet *ifp, struct label *iflpabel, +stub_netinet_arp_send(struct ifnet *ifp, struct label *iflpabel, struct mbuf *m, struct label *mlabel) { } static void -stub_netinet_arp_send(struct ifnet *ifp, struct label *iflpabel, - struct mbuf *m, struct label *mlabel) +stub_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) { } @@ -454,6 +454,19 @@ stub_netinet_firewall_send(struct mbuf *m, struct label *mlabel) } static void +stub_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) +{ + +} + +static void +stub_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) +{ + +} + +static void stub_netinet_igmp_send(struct ifnet *ifp, struct label *iflpabel, struct mbuf *m, struct label *mlabel) { @@ -476,12 +489,6 @@ stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, } static void -stub_netinet_icmp_reply(struct mbuf *m, struct label *mlabel) -{ - -} - -static void stub_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) { @@ -1545,14 +1552,17 @@ static struct mac_policy_ops stub_ops = .mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = stub_mbuf_create_multicast_encap, - .mpo_mbuf_create_netlayer = stub_mbuf_create_netlayer, .mpo_netatalk_aarp_send = stub_netatalk_aarp_send, .mpo_netinet_arp_send = stub_netinet_arp_send, + .mpo_netinet_firewall_reply = stub_netinet_firewall_reply, .mpo_netinet_firewall_send = stub_netinet_firewall_send, + .mpo_netinet_icmp_reply = stub_netinet_icmp_reply, + .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace, .mpo_netinet_igmp_send = stub_netinet_igmp_send, .mpo_netinet6_nd6_send = stub_netinet6_nd6_send, .mpo_ipq_match = stub_ipq_match, .mpo_netinet_icmp_reply = stub_netinet_icmp_reply, + .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace, .mpo_netinet_tcp_reply = stub_netinet_tcp_reply, .mpo_ifnet_relabel = stub_ifnet_relabel, .mpo_ipq_update = stub_ipq_update, diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 69b5c27..b0d4ea8 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -1050,18 +1050,6 @@ test_mbuf_create_multicast_encap(struct mbuf *oldmbuf, COUNTER_INC(mbuf_create_multicast_encap); } -COUNTER_DECL(mbuf_create_netlayer); -static void -test_mbuf_create_netlayer(struct mbuf *oldmbuf, - struct label *oldmbuflabel, struct mbuf *newmbuf, - struct label *newmbuflabel) -{ - - LABEL_CHECK(oldmbuflabel, MAGIC_MBUF); - LABEL_CHECK(newmbuflabel, MAGIC_MBUF); - COUNTER_INC(mbuf_create_netlayer); -} - COUNTER_DECL(ipq_match); static int test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, @@ -1099,13 +1087,24 @@ test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, COUNTER_DECL(netinet_icmp_reply); static void -test_netinet_icmp_reply(struct mbuf *m, struct label *mlabel) +test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) { - LABEL_CHECK(mlabel, MAGIC_MBUF); + LABEL_CHECK(mrecvlabel, MAGIC_MBUF); + LABEL_CHECK(msendlabel, MAGIC_MBUF); COUNTER_INC(netinet_icmp_reply); } +COUNTER_DECL(netinet_icmp_replyinplace); +static void +test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) +{ + + LABEL_CHECK(mlabel, MAGIC_MBUF); + COUNTER_INC(netinet_icmp_replyinplace); +} + COUNTER_DECL(netinet_igmp_send); static void test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, @@ -2722,11 +2721,11 @@ static struct mac_policy_ops test_ops = .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = test_mbuf_create_multicast_encap, - .mpo_mbuf_create_netlayer = test_mbuf_create_netlayer, .mpo_ipq_match = test_ipq_match, .mpo_netatalk_aarp_send = test_netatalk_aarp_send, .mpo_netinet_arp_send = test_netinet_arp_send, .mpo_netinet_icmp_reply = test_netinet_icmp_reply, + .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, .mpo_netinet_igmp_send = test_netinet_igmp_send, .mpo_netinet_tcp_reply = test_netinet_tcp_reply, .mpo_netinet6_nd6_send = test_netinet6_nd6_send, |