Introduce experimental support for MAC in the AppleTalk/EtherTalk stack.

Label link layer mbufs as they are created for transmission, check mbufs before delivering them to sockets, label mbufs as they are created from sockets, and preserve mbuf labels if mbufs are copied. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
2002-08-15 18:58:44 +00:00 · 2002-08-15 18:58:44 +00:00 · e43a71ac7a
commit e43a71ac7a
parent 2877957282
3 changed files with 28 additions and 0 deletions
--- a/sys/netatalk/aarp.c
+++ b/sys/netatalk/aarp.c
@ -6,9 +6,11 @@
 */

 #include "opt_atalk.h"
+#include "opt_mac.h"

 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/mac.h>
 #include <sys/mbuf.h>
 #include <sys/kernel.h>
 #include <sys/socket.h>
@ -128,6 +130,9 @@ aarpwhohas( struct arpcom *ac, struct sockaddr_at *sat )
    if (( m = m_gethdr( M_DONTWAIT, MT_DATA )) == NULL ) {
 	return;
    }
+#ifdef MAC
+    mac_create_mbuf_linklayer(&ac->ac_if, m);
+#endif
    m->m_len = sizeof( *ea );
    m->m_pkthdr.len = sizeof( *ea );
    MH_ALIGN( m, sizeof( *ea ));
@ -549,6 +554,9 @@ aarpprobe( void *arg )
    if (( m = m_gethdr( M_DONTWAIT, MT_DATA )) == NULL ) {
 	return;
    }
+#ifdef MAC
+    mac_create_mbuf_linklayer(&ac->ac_if, m);
+#endif
    m->m_len = sizeof( *ea );
    m->m_pkthdr.len = sizeof( *ea );
    MH_ALIGN( m, sizeof( *ea ));
--- a/sys/netatalk/ddp_input.c
+++ b/sys/netatalk/ddp_input.c
@ -5,9 +5,12 @@
 * $FreeBSD$
 */

+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
+#include <sys/mac.h>
 #include <sys/mbuf.h>
 #include <sys/signalvar.h>
 #include <sys/socket.h>
@ -395,6 +398,13 @@ ddp_input( m, ifp, elh, phase )
 	return;
    }

+#ifdef MAC
+    if (mac_check_socket_deliver(ddp->ddp_socket, m) != 0) {
+	m_freem( m );
+	return;
+    }
+#endif
+
    /* 
     * If we found one, deliver th epacket to the socket
     */
--- a/sys/netatalk/ddp_output.c
+++ b/sys/netatalk/ddp_output.c
@ -23,8 +23,11 @@

 /* $FreeBSD$ */

+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/mac.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
@ -48,6 +51,10 @@ ddp_output( struct mbuf *m, struct socket *so)
    struct ddpehdr	*deh;
    struct ddpcb *ddp = sotoddpcb( so );

+#ifdef MAC
+    mac_create_mbuf_from_socket(so, m);
+#endif
+
    M_PREPEND( m, sizeof( struct ddpehdr ), M_TRYWAIT );

    deh = mtod( m, struct ddpehdr *);
@ -195,6 +202,9 @@ ddp_route( struct mbuf *m, struct route *ro)
 	    printf("ddp_route: no buffers\n");
 	    return( ENOBUFS );
 	}
+#ifdef MAC
+	mac_create_mbuf_from_mbuf(m, m0);
+#endif
 	m0->m_next = m;
 	/* XXX perhaps we ought to align the header? */
 	m0->m_len = SZ_ELAPHDR;