From f476cee6025c9a56bad1af5eefc46de8cae24547 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Tue, 30 Jul 2002 23:06:07 +0000
Subject: Introduce support for Mandatory Access Control and extensible kernel
 access control.

Label network interface structures, permitting security features to
be maintained on those objects.  if_label will be used to authorize
data flow using the network interface.  if_label will be protected
using the same synchronization primitives as other mutable entries
in struct ifnet.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
---
 sys/net/if_var.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/net/if_var.h b/sys/net/if_var.h
index 534bd44..6390ee1 100644
--- a/sys/net/if_var.h
+++ b/sys/net/if_var.h
@@ -74,6 +74,7 @@ struct	socket;
 struct	ether_header;
 #endif
 
+#include <sys/mac.h>		/* struct label */
 #include <sys/queue.h>		/* get TAILQ macros */
 
 #ifdef _KERNEL
@@ -174,6 +175,7 @@ struct ifnet {
 	struct	ifqueue *if_poll_slowq;	/* input queue for slow devices */
 	struct	ifprefixhead if_prefixhead; /* list of prefixes per if */
 	u_int8_t *if_broadcastaddr;	/* linklevel broadcast bytestring */
+	struct	label if_label;		/* interface MAC label */
 };
 
 typedef void if_init_f_t(void *);
-- 
cgit v1.1