From dd0b6b7e289fb78a448ecf62766e2af92801c8ae Mon Sep 17 00:00:00 2001 From: rwatson Date: Thu, 21 Aug 2003 18:39:16 +0000 Subject: Introduce two new MAC Framework and MAC policy entry points: mac_reflect_mbuf_icmp() mac_reflect_mbuf_tcp() These entry points permit MAC policies to do "update in place" changes to the labels on ICMP and TCP mbuf headers when an ICMP or TCP response is generated to a packet outside of the context of an existing socket. For example, in respond to a ping or a RST packet to a SYN on a closed port. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- sys/netinet/ip_icmp.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sys/netinet/ip_icmp.c') diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 6aaee47..f4df251 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -648,6 +648,9 @@ icmp_reflect(m) goto done; } match: +#ifdef MAC + mac_reflect_mbuf_icmp(m); +#endif t = IA_SIN(ia)->sin_addr; ip->ip_src = t; ip->ip_ttl = ip_defttl; -- cgit v1.1