diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c index 5b209afed474..c4c5892448ce 100644 --- a/sys/contrib/pf/net/pf.c +++ b/sys/contrib/pf/net/pf.c @@ -1820,7 +1820,7 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af, if (replyto) mac_mbuf_create_netlayer(replyto, m); else - mac_mbuf_create_from_firewall(m); + mac_netinet_firewall_send(m); #else (void)replyto; #endif diff --git a/sys/netatalk/aarp.c b/sys/netatalk/aarp.c index 2e705e2e9126..c34e4b79de01 100644 --- a/sys/netatalk/aarp.c +++ b/sys/netatalk/aarp.c @@ -177,7 +177,7 @@ aarpwhohas(struct ifnet *ifp, struct sockaddr_at *sat) if (m == NULL) return; #ifdef MAC - mac_create_mbuf_linklayer(ifp, m); + mac_mbuf_create_linklayer(ifp, m); #endif m->m_len = sizeof(*ea); m->m_pkthdr.len = sizeof(*ea); @@ -602,7 +602,7 @@ aarpprobe(void *arg) if (m == NULL) return; #ifdef MAC - mac_create_mbuf_linklayer(ifp, m); + mac_mbuf_create_linklayer(ifp, m); #endif m->m_len = sizeof(*ea); m->m_pkthdr.len = sizeof(*ea); diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c index 36f50546d879..df0975237a6c 100644 --- a/sys/netinet/if_ether.c +++ b/sys/netinet/if_ether.c @@ -323,7 +323,7 @@ arprequest(struct ifnet *ifp, struct in_addr *sip, struct in_addr *tip, ah = mtod(m, struct arphdr *); bzero((caddr_t)ah, m->m_len); #ifdef MAC - mac_create_mbuf_linklayer(ifp, m); + mac_mbuf_create_linklayer(ifp, m); #endif ah->ar_pro = htons(ETHERTYPE_IP); ah->ar_hln = ifp->if_addrlen; /* hardware address length */ diff --git a/sys/netinet/igmp.c b/sys/netinet/igmp.c index 1b26bfc834ea..b623a410994c 100644 --- a/sys/netinet/igmp.c +++ b/sys/netinet/igmp.c @@ -471,7 +471,7 @@ igmp_sendpkt(struct in_multi *inm, int type, unsigned long addr) m->m_pkthdr.rcvif = loif; #ifdef MAC - mac_create_mbuf_linklayer(inm->inm_ifp, m); + mac_mbuf_create_linklayer(inm->inm_ifp, m); #endif m->m_pkthdr.len = sizeof(struct ip) + IGMP_MINLEN; MH_ALIGN(m, IGMP_MINLEN + sizeof(struct ip)); diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index db407e590006..b815707e5eba 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -1621,7 +1621,7 @@ send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq, if (replyto != NULL) mac_mbuf_create_netlayer(replyto, m); else - mac_mbuf_create_from_firewall(m); + mac_netinet_firewall_send(m); #else (void)replyto; /* don't warn about unused arg */ #endif diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c index 6fce08475b29..6d0f41369d5c 100644 --- a/sys/netinet6/nd6.c +++ b/sys/netinet6/nd6.c @@ -2114,7 +2114,7 @@ nd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m0, } #ifdef MAC - mac_create_mbuf_linklayer(ifp, m); + mac_mbuf_create_linklayer(ifp, m); #endif if ((ifp->if_flags & IFF_LOOPBACK) != 0) { return ((*ifp->if_output)(origifp, m, (struct sockaddr *)dst, diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 9e551d870fca..b0971d8efc35 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -147,8 +147,7 @@ int mac_kld_check_load(struct ucred *cred, struct vnode *vp); int mac_kld_check_stat(struct ucred *cred); void mac_mbuf_copy(struct mbuf *, struct mbuf *); -void mac_mbuf_create_from_firewall(struct mbuf *m); -void mac_create_mbuf_linklayer(struct ifnet *ifp, struct mbuf *m); +void mac_mbuf_create_linklayer(struct ifnet *ifp, struct mbuf *m); void mac_mbuf_create_multicast_encap(struct mbuf *m, struct ifnet *ifp, struct mbuf *mnew); void mac_mbuf_create_netlayer(struct mbuf *m, struct mbuf *mnew); @@ -163,6 +162,7 @@ void mac_mount_create(struct ucred *cred, struct mount *mp); void mac_mount_destroy(struct mount *); void mac_mount_init(struct mount *); +void mac_netinet_firewall_send(struct mbuf *m); void mac_netinet_fragment(struct mbuf *m, struct mbuf *frag); void mac_netinet_icmp_reply(struct mbuf *m); void mac_netinet_tcp_reply(struct mbuf *m); diff --git a/sys/security/mac/mac_inet.c b/sys/security/mac/mac_inet.c index c5f640301ecc..ae160a5d5aef 100644 --- a/sys/security/mac/mac_inet.c +++ b/sys/security/mac/mac_inet.c @@ -276,13 +276,13 @@ mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp) } void -mac_mbuf_create_from_firewall(struct mbuf *m) +mac_netinet_firewall_send(struct mbuf *m) { struct label *label; M_ASSERTPKTHDR(m); label = mac_mbuf_to_label(m); - MAC_PERFORM(mbuf_create_from_firewall, m, label); + MAC_PERFORM(netinet_firewall_send, m, label); } /* diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index 406e1f829b7a..5d8aea16226e 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -310,14 +310,14 @@ mac_bpfdesc_create_mbuf(struct bpf_d *d, struct mbuf *m) } void -mac_create_mbuf_linklayer(struct ifnet *ifp, struct mbuf *m) +mac_mbuf_create_linklayer(struct ifnet *ifp, struct mbuf *m) { struct label *label; label = mac_mbuf_to_label(m); MAC_IFNET_LOCK(ifp); - MAC_PERFORM(create_mbuf_linklayer, ifp, ifp->if_label, m, label); + MAC_PERFORM(mbuf_create_linklayer, ifp, ifp->if_label, m, label); MAC_IFNET_UNLOCK(ifp); } diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index f09735d16d6e..8dbe9ea16e40 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -221,9 +221,7 @@ typedef int (*mpo_kld_check_stat_t)(struct ucred *cred); typedef void (*mpo_mbuf_copy_label_t)(struct label *src, struct label *dest); -typedef void (*mpo_mbuf_create_from_firewall_t)(struct mbuf *m, - struct label *label); -typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp, +typedef void (*mpo_mbuf_create_linklayer_t)(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel); typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m, @@ -243,6 +241,8 @@ typedef void (*mpo_mount_create_t)(struct ucred *cred, struct mount *mp, typedef void (*mpo_mount_destroy_label_t)(struct label *label); typedef void (*mpo_mount_init_label_t)(struct label *label); +typedef void (*mpo_netinet_firewall_send_t)(struct mbuf *m, + struct label *mlabel); typedef void (*mpo_netinet_fragment_t)(struct mbuf *m, struct label *mlabel, struct mbuf *frag, struct label *fraglabel); @@ -678,8 +678,7 @@ struct mac_policy_ops { mpo_kld_check_stat_t mpo_kld_check_stat; mpo_mbuf_copy_label_t mpo_mbuf_copy_label; - mpo_mbuf_create_from_firewall_t mpo_mbuf_create_from_firewall; - mpo_create_mbuf_linklayer_t mpo_create_mbuf_linklayer; + mpo_mbuf_create_linklayer_t mpo_mbuf_create_linklayer; mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap; mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer; mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label; @@ -690,6 +689,7 @@ struct mac_policy_ops { mpo_mount_destroy_label_t mpo_mount_destroy_label; mpo_mount_init_label_t mpo_mount_init_label; + mpo_netinet_firewall_send_t mpo_netinet_firewall_send; mpo_netinet_fragment_t mpo_netinet_fragment; mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply; mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply; diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index c50ff44fef86..fc2baa9880da 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1268,7 +1268,7 @@ biba_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, } static void -biba_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, +biba_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel) { struct mac_biba *dest; @@ -1372,13 +1372,13 @@ biba_inpcb_sosetlabel(struct socket *so, struct label *solabel, } static void -biba_mbuf_create_from_firewall(struct mbuf *m, struct label *label) +biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel) { struct mac_biba *dest; - dest = SLOT(label); + dest = SLOT(mlabel); - /* XXX: where is the label for the firewall really comming from? */ + /* XXX: where is the label for the firewall really coming from? */ biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); } @@ -3320,7 +3320,7 @@ static struct mac_policy_ops mac_biba_ops = .mpo_sysvshm_create = biba_sysvshm_create, .mpo_ipq_create = biba_ipq_create, .mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf, - .mpo_create_mbuf_linklayer = biba_create_mbuf_linklayer, + .mpo_mbuf_create_linklayer = biba_mbuf_create_linklayer, .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = biba_mbuf_create_multicast_encap, @@ -3412,7 +3412,7 @@ static struct mac_policy_ops mac_biba_ops = .mpo_vnode_check_stat = biba_vnode_check_stat, .mpo_vnode_check_unlink = biba_vnode_check_unlink, .mpo_vnode_check_write = biba_vnode_check_write, - .mpo_mbuf_create_from_firewall = biba_mbuf_create_from_firewall, + .mpo_netinet_firewall_send = biba_netinet_firewall_send, .mpo_priv_check = biba_priv_check, }; diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 4203ad5edf72..8eb2067c5071 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -1332,7 +1332,7 @@ lomac_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, } static void -lomac_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, +lomac_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel) { struct mac_lomac *dest; @@ -1457,7 +1457,7 @@ lomac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, } static void -lomac_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel) +lomac_netinet_firewall_send(struct mbuf *m, struct label *mlabel) { struct mac_lomac *dest; @@ -2878,7 +2878,7 @@ static struct mac_policy_ops lomac_ops = .mpo_inpcb_create = lomac_inpcb_create, .mpo_ipq_create = lomac_ipq_create, .mpo_inpcb_create_mbuf = lomac_inpcb_create_mbuf, - .mpo_create_mbuf_linklayer = lomac_create_mbuf_linklayer, + .mpo_mbuf_create_linklayer = lomac_mbuf_create_linklayer, .mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = lomac_mbuf_create_multicast_encap, @@ -2936,7 +2936,7 @@ static struct mac_policy_ops lomac_ops = .mpo_vnode_check_unlink = lomac_vnode_check_unlink, .mpo_vnode_check_write = lomac_vnode_check_write, .mpo_thread_userret = lomac_thread_userret, - .mpo_mbuf_create_from_firewall = lomac_mbuf_create_from_firewall, + .mpo_netinet_firewall_send = lomac_netinet_firewall_send, .mpo_priv_check = lomac_priv_check, }; diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 440af2a0b53d..ce7fae922063 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -1190,7 +1190,7 @@ mls_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, } static void -mls_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, +mls_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel) { struct mac_mls *dest; @@ -1294,7 +1294,7 @@ mls_inpcb_sosetlabel(struct socket *so, struct label *solabel, } static void -mls_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel) +mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel) { struct mac_mls *dest; @@ -2947,7 +2947,7 @@ static struct mac_policy_ops mls_ops = .mpo_sysvsem_create = mls_sysvsem_create, .mpo_sysvshm_create = mls_sysvshm_create, .mpo_inpcb_create_mbuf = mls_inpcb_create_mbuf, - .mpo_create_mbuf_linklayer = mls_create_mbuf_linklayer, + .mpo_mbuf_create_linklayer = mls_mbuf_create_linklayer, .mpo_bpfdesc_create_mbuf = mls_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = mls_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = mls_mbuf_create_multicast_encap, @@ -3035,7 +3035,7 @@ static struct mac_policy_ops mls_ops = .mpo_vnode_check_stat = mls_vnode_check_stat, .mpo_vnode_check_unlink = mls_vnode_check_unlink, .mpo_vnode_check_write = mls_vnode_check_write, - .mpo_mbuf_create_from_firewall = mls_mbuf_create_from_firewall, + .mpo_netinet_firewall_send = mls_netinet_firewall_send, }; MAC_POLICY_SET(&mls_ops, mac_mls, "TrustedBSD MAC/MLS", diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 4e15ffc42ddf..6c3ac334e0ed 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -405,7 +405,7 @@ stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, } static void -stub_create_mbuf_linklayer(struct ifnet *ifp, struct label *iflpabel, +stub_mbuf_create_linklayer(struct ifnet *ifp, struct label *iflpabel, struct mbuf *m, struct label *mlabel) { @@ -441,7 +441,7 @@ stub_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel, } static void -stub_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel) +stub_netinet_firewall_send(struct mbuf *m, struct label *mlabel) { } @@ -1521,12 +1521,12 @@ static struct mac_policy_ops stub_ops = .mpo_ipq_reassemble = stub_ipq_reassemble, .mpo_netinet_fragment = stub_netinet_fragment, .mpo_inpcb_create_mbuf = stub_inpcb_create_mbuf, - .mpo_create_mbuf_linklayer = stub_create_mbuf_linklayer, + .mpo_mbuf_create_linklayer = stub_mbuf_create_linklayer, .mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = stub_mbuf_create_multicast_encap, .mpo_mbuf_create_netlayer = stub_mbuf_create_netlayer, - .mpo_mbuf_create_from_firewall = stub_mbuf_create_from_firewall, + .mpo_netinet_firewall_send = stub_netinet_firewall_send, .mpo_ipq_match = stub_ipq_match, .mpo_netinet_icmp_reply = stub_netinet_icmp_reply, .mpo_netinet_tcp_reply = stub_netinet_tcp_reply, diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 5369ff68dd8f..04a657174d45 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -955,15 +955,15 @@ test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, COUNTER_INC(inpcb_create_mbuf); } -COUNTER_DECL(create_mbuf_linklayer); +COUNTER_DECL(mbuf_create_linklayer); static void -test_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, +test_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel, struct mbuf *mbuf, struct label *mbuflabel) { LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(mbuflabel, MAGIC_MBUF); - COUNTER_INC(create_mbuf_linklayer); + COUNTER_INC(mbuf_create_linklayer); } COUNTER_DECL(bpfdesc_create_mbuf); @@ -2561,7 +2561,7 @@ static struct mac_policy_ops test_ops = .mpo_netinet_fragment = test_netinet_fragment, .mpo_ipq_create = test_ipq_create, .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, - .mpo_create_mbuf_linklayer = test_create_mbuf_linklayer, + .mpo_mbuf_create_linklayer = test_mbuf_create_linklayer, .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = test_mbuf_create_multicast_encap,