From 369fd04f480478bfb9d2cb1566ec0189185a020e Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Sun, 28 Oct 2007 17:12:48 +0000
Subject: Continue to move from generic network entry points in the TrustedBSD
 MAC Framework by moving from mac_mbuf_create_netlayer() to more specific
 entry points for specific network services:

- mac_netinet_firewall_reply() to be used when replying to in-bound TCP
  segments in pf and ipfw (etc).

- Rename mac_netinet_icmp_reply() to mac_netinet_icmp_replyinplace() and
  add mac_netinet_icmp_reply(), reflecting that in some cases we overwrite
  a label in place, but in others we apply the label to a new mbuf.

Obtained from:	TrustedBSD Project
---
 sys/contrib/pf/net/pf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sys/contrib/pf')

diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c
index c4c5892..b751f33 100644
--- a/sys/contrib/pf/net/pf.c
+++ b/sys/contrib/pf/net/pf.c
@@ -1818,7 +1818,7 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
 #ifdef __FreeBSD__
 #ifdef MAC
 	if (replyto)
-		mac_mbuf_create_netlayer(replyto, m);
+		mac_netinet_firewall_reply(replyto, m);
 	else
 		mac_netinet_firewall_send(m);
 #else
-- 
cgit v1.1