d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3193579b66
freebsd-dev/sys/netinet6
History
Robert Watson a557af222b Introduce a MAC label reference in 'struct inpcb', which caches 
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
..
ah6.h
ah_aesxcbcmac.c
ah_aesxcbcmac.h
ah_core.c - m_cat() may free the mbuf on 2nd arg, so m_pkthdr manipulation has 2003-11-15 06:18:09 +00:00
ah_input.c - m_cat() may free the mbuf on 2nd arg, so m_pkthdr manipulation has 2003-11-15 06:18:09 +00:00
ah_output.c
ah.h oops, correct wrong change in previous commit. 2003-11-15 06:16:36 +00:00
dest6.c
esp6.h
esp_aesctr.c
esp_aesctr.h
esp_core.c - m_cat() may free the mbuf on 2nd arg, so m_pkthdr manipulation has 2003-11-15 06:18:09 +00:00
esp_input.c - m_cat() may free the mbuf on 2nd arg, so m_pkthdr manipulation has 2003-11-15 06:18:09 +00:00
esp_output.c preparation for 64bit sequence number. 2003-11-15 05:41:41 +00:00
esp_rijndael.c cleanup rijndael API. 2003-11-11 18:58:54 +00:00
esp_rijndael.h enable aes-xcbc-mac and aes-ctr, again. 2003-11-10 10:39:14 +00:00
esp.h
frag6.c
icmp6.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
icmp6.h
in6_cksum.c
in6_gif.c
in6_gif.h
in6_ifattach.c use arc4random. 2003-10-31 16:06:05 +00:00
in6_ifattach.h
in6_pcb.c
in6_pcb.h source address selection part of RFC3484. 2003-11-04 20:22:33 +00:00
in6_prefix.c
in6_prefix.h
in6_proto.c source address selection part of RFC3484. 2003-11-04 20:22:33 +00:00
in6_rmx.c
in6_src.c reflect ip6_pktopts and ip6_moptions into embeded scope of 2003-11-12 21:39:12 +00:00
in6_var.h
in6.c replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF 2003-11-08 23:36:32 +00:00
in6.h byebye in6_ifawithscope(). it was a function for old source 2003-11-05 17:19:31 +00:00
ip6_ecn.h
ip6_forward.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
ip6_fw.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ip6_fw.h Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ip6_id.c
ip6_input.c o add a flags parameter to netisr_register that is used to specify 2003-11-08 22:28:40 +00:00
ip6_mroute.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ip6_mroute.h
ip6_output.c correct to look right interface. 2003-11-17 07:53:32 +00:00
ip6_var.h source address selection part of RFC3484. 2003-11-04 20:22:33 +00:00
ip6.h
ip6protosw.h
ipcomp6.h
ipcomp_core.c
ipcomp_input.c
ipcomp_output.c
ipcomp.h
ipsec6.h - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
ipsec.c nuke obsoleted ipsec_gethist(). it just did panic to notify user 2003-11-07 20:38:45 +00:00
ipsec.h nuke obsoleted ipsec_gethist(). it just did panic to notify user 2003-11-07 20:38:45 +00:00
mld6_var.h rename MLD6_* to MLD_*. 2003-10-31 16:07:15 +00:00
mld6.c rename MLD6_* to MLD_*. 2003-10-31 16:07:15 +00:00
nd6_nbr.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
nd6_rtr.c replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF 2003-11-08 23:36:32 +00:00
nd6.c replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF 2003-11-08 23:36:32 +00:00
nd6.h use arc4random. 2003-10-31 16:06:05 +00:00
pim6_var.h
pim6.h
raw_ip6.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
raw_ip6.h
README
route6.c
scope6_var.h
scope6.c
tcp6_var.h
udp6_output.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
udp6_usrreq.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
udp6_var.h

README 

a note to committers about KAME tree
$FreeBSD$
KAME project


FreeBSD IPv6/IPsec tree is from KAMEproject (http://www.kame.net/).
To synchronize KAME tree and FreeBSD better today and in the future,
please understand the following:

- DO NOT MAKE COSTMETIC CHANGES.
  "Cosmetic changes" here includes tabify, untabify, removal of space at EOL,
  minor KNF items, and whatever adds more output lines on "diff freebsd kame".
  To make future synchronization easier. it is critical to preserve certain
  statements in the code.  Also, as KAME tree supports all 4 BSDs (Free, Open,
  Net, BSD/OS) in single shared tree, it is not always possible to backport
  FreeBSD changes into KAME tree.  So again, please do not make cosmetic
  changes.  Even if you think it a right thing, that will bite KAME guys badly
  during upgrade attempts, and prevent us from synchronizing two trees.
  (you don't usually make cosmetic changes against third-party code, do you?)

- REPORT CHANGES/BUGS TO KAME GUYS.
  It is not always possible for KAME guys to watch all the freebsd mailing
  list traffic, as the traffic is HUGE.  So if possible, please, inform
  kame guys of changes you made in IPv6/IPsec related portion.  Contact
  path would be snap-users@kame.net or KAME PR database on www.kame.net.
  (or to core@kame.net if it is necessary to make it confidential)

Thank you for your cooperation and have a happy IPv6 life!


Note: KAME-origin code is in the following locations.
The above notice applies to corresponding manpages too.
The list may not be complete.  If you see $KAME$ in the code, it is from
KAME distribution.  If you see some file that is IPv6/IPsec related, it is
highly possible that the file is from KAME distribution.

include/ifaddrs.h
lib/libc/net
lib/libc/net/getaddrinfo.c
lib/libc/net/getifaddrs.c
lib/libc/net/getnameinfo.c
lib/libc/net/ifname.c
lib/libc/net/ip6opt.c
lib/libc/net/map_v4v6.c
lib/libc/net/name6.c
lib/libftpio
lib/libipsec
sbin/ip6fw
sbin/ping6
sbin/rtsol
share/doc/IPv6
share/man/man4/ip6.4
share/man/man4/inet6.4
sys/crypto (except sys/crypto/rc4)
sys/kern/uipc_mbuf2.c
sys/net/if_faith.[ch]
sys/net/if_gif.[ch]
sys/net/if_stf.[ch]
sys/net/pfkeyv2.h
sys/netinet/icmp6.h
sys/netinet/in_gif.[ch]
sys/netinet/ip6.h
sys/netinet/ip_encap.[ch]
sys/netinet6
sys/netkey
usr.sbin/faithd
usr.sbin/gifconfig
usr.sbin/ifmcstat
usr.sbin/mld6query
usr.sbin/ndp
usr.sbin/pim6dd
usr.sbin/pim6sd
usr.sbin/prefix
usr.sbin/rip6query
usr.sbin/route6d
usr.sbin/rrenumd
usr.sbin/rtadvd
usr.sbin/rtsold
usr.sbin/scope6config
usr.sbin/setkey
usr.sbin/traceroute6