summaryrefslogtreecommitdiffstats
path: root/sys/security/mac/mac_inet6.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security/mac/mac_inet6.c')
-rw-r--r--sys/security/mac/mac_inet6.c100
1 files changed, 99 insertions, 1 deletions
diff --git a/sys/security/mac/mac_inet6.c b/sys/security/mac/mac_inet6.c
index 65a93e1..068455b 100644
--- a/sys/security/mac/mac_inet6.c
+++ b/sys/security/mac/mac_inet6.c
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2007 Robert N. M. Watson
+ * Copyright (c) 2007-2008 Robert N. M. Watson
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@@ -49,10 +49,108 @@ __FBSDID("$FreeBSD$");
#include <net/if.h>
#include <net/if_var.h>
+#include <netinet/in.h>
+#include <netinet/ip6.h>
+#include <netinet6/ip6_var.h>
+
#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
#include <security/mac/mac_policy.h>
+static struct label *
+mac_ip6q_label_alloc(int flag)
+{
+ struct label *label;
+ int error;
+
+ label = mac_labelzone_alloc(flag);
+ if (label == NULL)
+ return (NULL);
+
+ MAC_CHECK(ip6q_init_label, label, flag);
+ if (error) {
+ MAC_PERFORM(ip6q_destroy_label, label);
+ mac_labelzone_free(label);
+ return (NULL);
+ }
+ return (label);
+}
+
+int
+mac_ip6q_init(struct ip6q *q6, int flag)
+{
+
+ if (mac_labeled & MPC_OBJECT_IPQ) {
+ q6->ip6q_label = mac_ip6q_label_alloc(flag);
+ if (q6->ip6q_label == NULL)
+ return (ENOMEM);
+ } else
+ q6->ip6q_label = NULL;
+ return (0);
+}
+
+static void
+mac_ip6q_label_free(struct label *label)
+{
+
+ MAC_PERFORM(ip6q_destroy_label, label);
+ mac_labelzone_free(label);
+}
+
+void
+mac_ip6q_destroy(struct ip6q *q6)
+{
+
+ if (q6->ip6q_label != NULL) {
+ mac_ip6q_label_free(q6->ip6q_label);
+ q6->ip6q_label = NULL;
+ }
+}
+
+void
+mac_ip6q_reassemble(struct ip6q *q6, struct mbuf *m)
+{
+ struct label *label;
+
+ label = mac_mbuf_to_label(m);
+
+ MAC_PERFORM(ip6q_reassemble, q6, q6->ip6q_label, m, label);
+}
+
+void
+mac_ip6q_create(struct mbuf *m, struct ip6q *q6)
+{
+ struct label *label;
+
+ label = mac_mbuf_to_label(m);
+
+ MAC_PERFORM(ip6q_create, m, label, q6, q6->ip6q_label);
+}
+
+int
+mac_ip6q_match(struct mbuf *m, struct ip6q *q6)
+{
+ struct label *label;
+ int result;
+
+ label = mac_mbuf_to_label(m);
+
+ result = 1;
+ MAC_BOOLEAN(ip6q_match, &&, m, label, q6, q6->ip6q_label);
+
+ return (result);
+}
+
+void
+mac_ip6q_update(struct mbuf *m, struct ip6q *q6)
+{
+ struct label *label;
+
+ label = mac_mbuf_to_label(m);
+
+ MAC_PERFORM(ip6q_update, m, label, q6, q6->ip6q_label);
+}
+
void
mac_netinet6_nd6_send(struct ifnet *ifp, struct mbuf *m)
{
OpenPOWER on IntegriCloud