From 8315bb904de1f1c34053b85fab46b2f15bea6d42 Mon Sep 17 00:00:00 2001 From: rwatson Date: Wed, 17 Dec 2003 14:55:11 +0000 Subject: Switch TCP over to using the inpcb label when responding in timed wait, rather than the socket label. This avoids reaching up to the socket layer during connection close, which requires locking changes. To do this, introduce MAC Framework entry point mac_create_mbuf_from_inpcb(), which is called from tcp_twrespond() instead of calling mac_create_mbuf_from_socket() or mac_create_mbuf_netlayer(). Introduce MAC Policy entry point mpo_create_mbuf_from_inpcb(), and implementations for various policies, which generally just copy label data from the inpcb to the mbuf. Assert the inpcb lock in the entry point since we require consistency for the inpcb label reference. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- sys/security/mac_lomac/mac_lomac.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'sys/security/mac_lomac/mac_lomac.c') diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index a8a4a98..10608d1 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -1340,6 +1340,18 @@ mac_lomac_create_fragment(struct mbuf *datagram, struct label *datagramlabel, } static void +mac_lomac_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_lomac *source, *dest; + + source = SLOT(inplabel); + dest = SLOT(mlabel); + + mac_lomac_copy_single(source, dest); +} + +static void mac_lomac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) @@ -2680,6 +2692,7 @@ static struct mac_policy_ops mac_lomac_ops = .mpo_create_ifnet = mac_lomac_create_ifnet, .mpo_create_inpcb_from_socket = mac_lomac_create_inpcb_from_socket, .mpo_create_ipq = mac_lomac_create_ipq, + .mpo_create_mbuf_from_inpcb = mac_lomac_create_mbuf_from_inpcb, .mpo_create_mbuf_from_mbuf = mac_lomac_create_mbuf_from_mbuf, .mpo_create_mbuf_linklayer = mac_lomac_create_mbuf_linklayer, .mpo_create_mbuf_from_bpfdesc = mac_lomac_create_mbuf_from_bpfdesc, -- cgit v1.1