d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3193579b66
freebsd-dev/sys/net
History
Robert Watson a557af222b Introduce a MAC label reference in 'struct inpcb', which caches 
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
..
bpf_compat.h Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
bpf_filter.c
bpf.c - Implement selwakeuppri() which allows raising the priority of a 2003-11-09 09:17:26 +00:00
bpf.h Add a new macro M_ASSERTVALID which ensures that the mbuf in question 2003-10-19 22:33:41 +00:00
bpfdesc.h Modify the MAC Framework so that instead of embedding a (struct label) 2003-11-12 03:14:31 +00:00
bridge.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
bridge.h network interface and link layer changes: 2002-11-15 00:00:15 +00:00
bsd_comp.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ethernet.h general cleanups mostly aimed at improving portability of drivers 2002-11-14 23:28:47 +00:00
fddi.h network interface and link layer changes: 2002-11-15 00:00:15 +00:00
if_arc.h - add support for IPX (tested with mount -t nwfs and mars_nwe), 2003-01-24 01:32:20 +00:00
if_arcsubr.c Introduce ip_fastforward and remove ip_flow. 2003-11-14 21:02:22 +00:00
if_arp.h - Use if_broadcastaddr from struct ifnet rather than relying on 2003-03-21 17:53:16 +00:00
if_atm.h Remove the ATMIOCENA and ATMIOCDIS ioctl. Everyting has been converted 2003-08-06 14:53:27 +00:00
if_atmsubr.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
if_disc.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
if_dl.h
if_ef.c Introduce ip_fastforward and remove ip_flow. 2003-11-14 21:02:22 +00:00
if_ethersubr.c Introduce ip_fastforward and remove ip_flow. 2003-11-14 21:02:22 +00:00
if_faith.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
if_fddisubr.c Introduce ip_fastforward and remove ip_flow. 2003-11-14 21:02:22 +00:00
if_gif.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
if_gif.h - after gif_set_tunnel(), psrc/pdst may be null. set IFF_RUNNING accordingly. 2002-10-16 19:49:37 +00:00
if_gre.c Fix a bug whereby the physical endpoints of a gre(4) tunnel would not 2003-11-14 20:58:00 +00:00
if_gre.h MFS: recognize gre packets used in the WCCP protocol. 2002-12-07 14:22:05 +00:00
if_iso88025subr.c Introduce ip_fastforward and remove ip_flow. 2003-11-14 21:02:22 +00:00
if_llc.h s/__attribute__((__packed__))/__packed/g 2002-09-23 06:25:08 +00:00
if_loop.c Remove the m_defrag call from if_loop; testing with m_fragment 2003-11-11 17:58:36 +00:00
if_media.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
if_media.h add monitor mode 2003-07-21 02:49:42 +00:00
if_mib.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
if_mib.h
if_ppp.c Introduce ip_fastforward and remove ip_flow. 2003-11-14 21:02:22 +00:00
if_ppp.h
if_pppvar.h
if_sl.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
if_slvar.h
if_sppp.h
if_spppsubr.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
if_stf.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
if_stf.h
if_tap.c - Implement selwakeuppri() which allows raising the priority of a 2003-11-09 09:17:26 +00:00
if_tap.h
if_tapvar.h
if_tun.c - Implement selwakeuppri() which allows raising the priority of a 2003-11-09 09:17:26 +00:00
if_tun.h
if_tunvar.h Correctly name r_unit member tun_unit. 2003-09-27 21:43:16 +00:00
if_types.h use official # for IFT_STF 2003-10-26 14:29:04 +00:00
if_var.h Modify the MAC Framework so that instead of embedding a (struct label) 2003-11-12 03:14:31 +00:00
if_vlan_var.h - In vlan_input(), always mask off all but the VLID bits from tags 2003-07-08 21:54:20 +00:00
if_vlan.c - vlan_start(): Increment the correct interface statistics member. 2003-11-12 12:58:19 +00:00
if.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
if.h Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
iso88025.h Fix whitespace issues. 2003-03-15 23:55:33 +00:00
net_osdep.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
net_osdep.h - update comments to refrect recent BSDs. 2003-11-04 14:08:31 +00:00
netisr.c o add a flags parameter to netisr_register that is used to specify 2003-11-08 22:28:40 +00:00
netisr.h o add a flags parameter to netisr_register that is used to specify 2003-11-08 22:28:40 +00:00
pfil.c o update PFIL_HOOKS support to current API used by netbsd 2003-09-23 17:54:04 +00:00
pfil.h o update PFIL_HOOKS support to current API used by netbsd 2003-09-23 17:54:04 +00:00
pfkeyv2.h fix comments. 2003-11-14 18:17:07 +00:00
ppp_comp.h
ppp_deflate.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ppp_defs.h
ppp_tty.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
radix.c While cleaning out my tree, fix another strict alias warning that would 2003-09-22 23:24:18 +00:00
radix.h add R_Zalloc definition that returns pre-zero'd memory 2003-08-19 17:23:07 +00:00
raw_cb.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
raw_cb.h
raw_usrreq.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
route.c replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF 2003-11-08 23:36:32 +00:00
route.h replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF 2003-11-08 23:36:32 +00:00
rtsock.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
slcompress.c Don't use ovbcopy(); use void * instead of char *. 2003-04-04 12:11:46 +00:00
slcompress.h
slip.h
zlib.c chase more of the MIN/MAX mess. *sigh* 2003-02-02 13:52:25 +00:00
zlib.h