Rename 'mac_mbuf_create_from_firewall' to 'mac_netinet_firewall_send' as
we move towards netinet as a pseudo-object for the MAC Framework. Rename 'mac_create_mbuf_linklayer' to 'mac_mbuf_create_linklayer' to reflect general object-first ordering preference. Sponsored by: SPARTA (original patches against Mac OS X) Obtained from: TrustedBSD Project, Apple Computer
This commit is contained in:
Robert Watson
parent
4064334ff6
commit
8640764682
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=173018
@ -1820,7 +1820,7 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
|
||||
if (replyto)
|
||||
mac_mbuf_create_netlayer(replyto, m);
|
||||
else
|
||||
mac_mbuf_create_from_firewall(m);
|
||||
mac_netinet_firewall_send(m);
|
||||
#else
|
||||
(void)replyto;
|
||||
#endif
|
||||
|
||||
@ -177,7 +177,7 @@ aarpwhohas(struct ifnet *ifp, struct sockaddr_at *sat)
|
||||
if (m == NULL)
|
||||
return;
|
||||
#ifdef MAC
|
||||
mac_create_mbuf_linklayer(ifp, m);
|
||||
mac_mbuf_create_linklayer(ifp, m);
|
||||
#endif
|
||||
m->m_len = sizeof(*ea);
|
||||
m->m_pkthdr.len = sizeof(*ea);
|
||||
@ -602,7 +602,7 @@ aarpprobe(void *arg)
|
||||
if (m == NULL)
|
||||
return;
|
||||
#ifdef MAC
|
||||
mac_create_mbuf_linklayer(ifp, m);
|
||||
mac_mbuf_create_linklayer(ifp, m);
|
||||
#endif
|
||||
m->m_len = sizeof(*ea);
|
||||
m->m_pkthdr.len = sizeof(*ea);
|
||||
|
||||
@ -323,7 +323,7 @@ arprequest(struct ifnet *ifp, struct in_addr *sip, struct in_addr *tip,
|
||||
ah = mtod(m, struct arphdr *);
|
||||
bzero((caddr_t)ah, m->m_len);
|
||||
#ifdef MAC
|
||||
mac_create_mbuf_linklayer(ifp, m);
|
||||
mac_mbuf_create_linklayer(ifp, m);
|
||||
#endif
|
||||
ah->ar_pro = htons(ETHERTYPE_IP);
|
||||
ah->ar_hln = ifp->if_addrlen; /* hardware address length */
|
||||
|
||||
@ -471,7 +471,7 @@ igmp_sendpkt(struct in_multi *inm, int type, unsigned long addr)
|
||||
|
||||
m->m_pkthdr.rcvif = loif;
|
||||
#ifdef MAC
|
||||
mac_create_mbuf_linklayer(inm->inm_ifp, m);
|
||||
mac_mbuf_create_linklayer(inm->inm_ifp, m);
|
||||
#endif
|
||||
m->m_pkthdr.len = sizeof(struct ip) + IGMP_MINLEN;
|
||||
MH_ALIGN(m, IGMP_MINLEN + sizeof(struct ip));
|
||||
|
||||
@ -1621,7 +1621,7 @@ send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq,
|
||||
if (replyto != NULL)
|
||||
mac_mbuf_create_netlayer(replyto, m);
|
||||
else
|
||||
mac_mbuf_create_from_firewall(m);
|
||||
mac_netinet_firewall_send(m);
|
||||
#else
|
||||
(void)replyto; /* don't warn about unused arg */
|
||||
#endif
|
||||
|
||||
@ -2114,7 +2114,7 @@ nd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m0,
|
||||
}
|
||||
|
||||
#ifdef MAC
|
||||
mac_create_mbuf_linklayer(ifp, m);
|
||||
mac_mbuf_create_linklayer(ifp, m);
|
||||
#endif
|
||||
if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
|
||||
return ((*ifp->if_output)(origifp, m, (struct sockaddr *)dst,
|
||||
|
||||
@ -147,8 +147,7 @@ int mac_kld_check_load(struct ucred *cred, struct vnode *vp);
|
||||
int mac_kld_check_stat(struct ucred *cred);
|
||||
|
||||
void mac_mbuf_copy(struct mbuf *, struct mbuf *);
|
||||
void mac_mbuf_create_from_firewall(struct mbuf *m);
|
||||
void mac_create_mbuf_linklayer(struct ifnet *ifp, struct mbuf *m);
|
||||
void mac_mbuf_create_linklayer(struct ifnet *ifp, struct mbuf *m);
|
||||
void mac_mbuf_create_multicast_encap(struct mbuf *m, struct ifnet *ifp,
|
||||
struct mbuf *mnew);
|
||||
void mac_mbuf_create_netlayer(struct mbuf *m, struct mbuf *mnew);
|
||||
@ -163,6 +162,7 @@ void mac_mount_create(struct ucred *cred, struct mount *mp);
|
||||
void mac_mount_destroy(struct mount *);
|
||||
void mac_mount_init(struct mount *);
|
||||
|
||||
void mac_netinet_firewall_send(struct mbuf *m);
|
||||
void mac_netinet_fragment(struct mbuf *m, struct mbuf *frag);
|
||||
void mac_netinet_icmp_reply(struct mbuf *m);
|
||||
void mac_netinet_tcp_reply(struct mbuf *m);
|
||||
|
||||
@ -276,13 +276,13 @@ mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp)
|
||||
}
|
||||
|
||||
void
|
||||
mac_mbuf_create_from_firewall(struct mbuf *m)
|
||||
mac_netinet_firewall_send(struct mbuf *m)
|
||||
{
|
||||
struct label *label;
|
||||
|
||||
M_ASSERTPKTHDR(m);
|
||||
label = mac_mbuf_to_label(m);
|
||||
MAC_PERFORM(mbuf_create_from_firewall, m, label);
|
||||
MAC_PERFORM(netinet_firewall_send, m, label);
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@ -310,14 +310,14 @@ mac_bpfdesc_create_mbuf(struct bpf_d *d, struct mbuf *m)
|
||||
}
|
||||
|
||||
void
|
||||
mac_create_mbuf_linklayer(struct ifnet *ifp, struct mbuf *m)
|
||||
mac_mbuf_create_linklayer(struct ifnet *ifp, struct mbuf *m)
|
||||
{
|
||||
struct label *label;
|
||||
|
||||
label = mac_mbuf_to_label(m);
|
||||
|
||||
MAC_IFNET_LOCK(ifp);
|
||||
MAC_PERFORM(create_mbuf_linklayer, ifp, ifp->if_label, m, label);
|
||||
MAC_PERFORM(mbuf_create_linklayer, ifp, ifp->if_label, m, label);
|
||||
MAC_IFNET_UNLOCK(ifp);
|
||||
}
|
||||
|
||||
|
||||
@ -221,9 +221,7 @@ typedef int (*mpo_kld_check_stat_t)(struct ucred *cred);
|
||||
|
||||
typedef void (*mpo_mbuf_copy_label_t)(struct label *src,
|
||||
struct label *dest);
|
||||
typedef void (*mpo_mbuf_create_from_firewall_t)(struct mbuf *m,
|
||||
struct label *label);
|
||||
typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp,
|
||||
typedef void (*mpo_mbuf_create_linklayer_t)(struct ifnet *ifp,
|
||||
struct label *ifplabel, struct mbuf *m,
|
||||
struct label *mlabel);
|
||||
typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m,
|
||||
@ -243,6 +241,8 @@ typedef void (*mpo_mount_create_t)(struct ucred *cred, struct mount *mp,
|
||||
typedef void (*mpo_mount_destroy_label_t)(struct label *label);
|
||||
typedef void (*mpo_mount_init_label_t)(struct label *label);
|
||||
|
||||
typedef void (*mpo_netinet_firewall_send_t)(struct mbuf *m,
|
||||
struct label *mlabel);
|
||||
typedef void (*mpo_netinet_fragment_t)(struct mbuf *m,
|
||||
struct label *mlabel, struct mbuf *frag,
|
||||
struct label *fraglabel);
|
||||
@ -678,8 +678,7 @@ struct mac_policy_ops {
|
||||
mpo_kld_check_stat_t mpo_kld_check_stat;
|
||||
|
||||
mpo_mbuf_copy_label_t mpo_mbuf_copy_label;
|
||||
mpo_mbuf_create_from_firewall_t mpo_mbuf_create_from_firewall;
|
||||
mpo_create_mbuf_linklayer_t mpo_create_mbuf_linklayer;
|
||||
mpo_mbuf_create_linklayer_t mpo_mbuf_create_linklayer;
|
||||
mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap;
|
||||
mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer;
|
||||
mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label;
|
||||
@ -690,6 +689,7 @@ struct mac_policy_ops {
|
||||
mpo_mount_destroy_label_t mpo_mount_destroy_label;
|
||||
mpo_mount_init_label_t mpo_mount_init_label;
|
||||
|
||||
mpo_netinet_firewall_send_t mpo_netinet_firewall_send;
|
||||
mpo_netinet_fragment_t mpo_netinet_fragment;
|
||||
mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply;
|
||||
mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply;
|
||||
|
||||
@ -1268,7 +1268,7 @@ biba_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
|
||||
}
|
||||
|
||||
static void
|
||||
biba_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
|
||||
biba_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
struct mac_biba *dest;
|
||||
@ -1372,13 +1372,13 @@ biba_inpcb_sosetlabel(struct socket *so, struct label *solabel,
|
||||
}
|
||||
|
||||
static void
|
||||
biba_mbuf_create_from_firewall(struct mbuf *m, struct label *label)
|
||||
biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
struct mac_biba *dest;
|
||||
|
||||
dest = SLOT(label);
|
||||
dest = SLOT(mlabel);
|
||||
|
||||
/* XXX: where is the label for the firewall really comming from? */
|
||||
/* XXX: where is the label for the firewall really coming from? */
|
||||
biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
|
||||
}
|
||||
|
||||
@ -3320,7 +3320,7 @@ static struct mac_policy_ops mac_biba_ops =
|
||||
.mpo_sysvshm_create = biba_sysvshm_create,
|
||||
.mpo_ipq_create = biba_ipq_create,
|
||||
.mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf,
|
||||
.mpo_create_mbuf_linklayer = biba_create_mbuf_linklayer,
|
||||
.mpo_mbuf_create_linklayer = biba_mbuf_create_linklayer,
|
||||
.mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf,
|
||||
.mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf,
|
||||
.mpo_mbuf_create_multicast_encap = biba_mbuf_create_multicast_encap,
|
||||
@ -3412,7 +3412,7 @@ static struct mac_policy_ops mac_biba_ops =
|
||||
.mpo_vnode_check_stat = biba_vnode_check_stat,
|
||||
.mpo_vnode_check_unlink = biba_vnode_check_unlink,
|
||||
.mpo_vnode_check_write = biba_vnode_check_write,
|
||||
.mpo_mbuf_create_from_firewall = biba_mbuf_create_from_firewall,
|
||||
.mpo_netinet_firewall_send = biba_netinet_firewall_send,
|
||||
.mpo_priv_check = biba_priv_check,
|
||||
};
|
||||
|
||||
|
||||
@ -1332,7 +1332,7 @@ lomac_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
|
||||
}
|
||||
|
||||
static void
|
||||
lomac_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
|
||||
lomac_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
struct mac_lomac *dest;
|
||||
@ -1457,7 +1457,7 @@ lomac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
|
||||
}
|
||||
|
||||
static void
|
||||
lomac_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel)
|
||||
lomac_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
struct mac_lomac *dest;
|
||||
|
||||
@ -2878,7 +2878,7 @@ static struct mac_policy_ops lomac_ops =
|
||||
.mpo_inpcb_create = lomac_inpcb_create,
|
||||
.mpo_ipq_create = lomac_ipq_create,
|
||||
.mpo_inpcb_create_mbuf = lomac_inpcb_create_mbuf,
|
||||
.mpo_create_mbuf_linklayer = lomac_create_mbuf_linklayer,
|
||||
.mpo_mbuf_create_linklayer = lomac_mbuf_create_linklayer,
|
||||
.mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf,
|
||||
.mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf,
|
||||
.mpo_mbuf_create_multicast_encap = lomac_mbuf_create_multicast_encap,
|
||||
@ -2936,7 +2936,7 @@ static struct mac_policy_ops lomac_ops =
|
||||
.mpo_vnode_check_unlink = lomac_vnode_check_unlink,
|
||||
.mpo_vnode_check_write = lomac_vnode_check_write,
|
||||
.mpo_thread_userret = lomac_thread_userret,
|
||||
.mpo_mbuf_create_from_firewall = lomac_mbuf_create_from_firewall,
|
||||
.mpo_netinet_firewall_send = lomac_netinet_firewall_send,
|
||||
.mpo_priv_check = lomac_priv_check,
|
||||
};
|
||||
|
||||
|
||||
@ -1190,7 +1190,7 @@ mls_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
|
||||
}
|
||||
|
||||
static void
|
||||
mls_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
|
||||
mls_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
struct mac_mls *dest;
|
||||
@ -1294,7 +1294,7 @@ mls_inpcb_sosetlabel(struct socket *so, struct label *solabel,
|
||||
}
|
||||
|
||||
static void
|
||||
mls_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel)
|
||||
mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
struct mac_mls *dest;
|
||||
|
||||
@ -2947,7 +2947,7 @@ static struct mac_policy_ops mls_ops =
|
||||
.mpo_sysvsem_create = mls_sysvsem_create,
|
||||
.mpo_sysvshm_create = mls_sysvshm_create,
|
||||
.mpo_inpcb_create_mbuf = mls_inpcb_create_mbuf,
|
||||
.mpo_create_mbuf_linklayer = mls_create_mbuf_linklayer,
|
||||
.mpo_mbuf_create_linklayer = mls_mbuf_create_linklayer,
|
||||
.mpo_bpfdesc_create_mbuf = mls_bpfdesc_create_mbuf,
|
||||
.mpo_ifnet_create_mbuf = mls_ifnet_create_mbuf,
|
||||
.mpo_mbuf_create_multicast_encap = mls_mbuf_create_multicast_encap,
|
||||
@ -3035,7 +3035,7 @@ static struct mac_policy_ops mls_ops =
|
||||
.mpo_vnode_check_stat = mls_vnode_check_stat,
|
||||
.mpo_vnode_check_unlink = mls_vnode_check_unlink,
|
||||
.mpo_vnode_check_write = mls_vnode_check_write,
|
||||
.mpo_mbuf_create_from_firewall = mls_mbuf_create_from_firewall,
|
||||
.mpo_netinet_firewall_send = mls_netinet_firewall_send,
|
||||
};
|
||||
|
||||
MAC_POLICY_SET(&mls_ops, mac_mls, "TrustedBSD MAC/MLS",
|
||||
|
||||
@ -405,7 +405,7 @@ stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_mbuf_linklayer(struct ifnet *ifp, struct label *iflpabel,
|
||||
stub_mbuf_create_linklayer(struct ifnet *ifp, struct label *iflpabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
@ -441,7 +441,7 @@ stub_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel,
|
||||
}
|
||||
|
||||
static void
|
||||
stub_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel)
|
||||
stub_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
}
|
||||
@ -1521,12 +1521,12 @@ static struct mac_policy_ops stub_ops =
|
||||
.mpo_ipq_reassemble = stub_ipq_reassemble,
|
||||
.mpo_netinet_fragment = stub_netinet_fragment,
|
||||
.mpo_inpcb_create_mbuf = stub_inpcb_create_mbuf,
|
||||
.mpo_create_mbuf_linklayer = stub_create_mbuf_linklayer,
|
||||
.mpo_mbuf_create_linklayer = stub_mbuf_create_linklayer,
|
||||
.mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf,
|
||||
.mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf,
|
||||
.mpo_mbuf_create_multicast_encap = stub_mbuf_create_multicast_encap,
|
||||
.mpo_mbuf_create_netlayer = stub_mbuf_create_netlayer,
|
||||
.mpo_mbuf_create_from_firewall = stub_mbuf_create_from_firewall,
|
||||
.mpo_netinet_firewall_send = stub_netinet_firewall_send,
|
||||
.mpo_ipq_match = stub_ipq_match,
|
||||
.mpo_netinet_icmp_reply = stub_netinet_icmp_reply,
|
||||
.mpo_netinet_tcp_reply = stub_netinet_tcp_reply,
|
||||
|
||||
@ -955,15 +955,15 @@ test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
|
||||
COUNTER_INC(inpcb_create_mbuf);
|
||||
}
|
||||
|
||||
COUNTER_DECL(create_mbuf_linklayer);
|
||||
COUNTER_DECL(mbuf_create_linklayer);
|
||||
static void
|
||||
test_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
|
||||
test_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *mbuf, struct label *mbuflabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(ifplabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(mbuflabel, MAGIC_MBUF);
|
||||
COUNTER_INC(create_mbuf_linklayer);
|
||||
COUNTER_INC(mbuf_create_linklayer);
|
||||
}
|
||||
|
||||
COUNTER_DECL(bpfdesc_create_mbuf);
|
||||
@ -2561,7 +2561,7 @@ static struct mac_policy_ops test_ops =
|
||||
.mpo_netinet_fragment = test_netinet_fragment,
|
||||
.mpo_ipq_create = test_ipq_create,
|
||||
.mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
|
||||
.mpo_create_mbuf_linklayer = test_create_mbuf_linklayer,
|
||||
.mpo_mbuf_create_linklayer = test_mbuf_create_linklayer,
|
||||
.mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
|
||||
.mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
|
||||
.mpo_mbuf_create_multicast_encap = test_mbuf_create_multicast_encap,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user