d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
25024d95e9
freebsd-nq/sys
History
Christian S.J. Peron d94f2a68f8 Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point 
exists to allow the mandatory access control policy to properly initialize
mbufs generated by the firewall. An example where this might happen is keep
alive packets, or ICMP error packets in response to other packets.

This takes care of kernel panics associated with un-initialize mbuf labels
when the firewall generates packets.

[1] I modified this patch from it's original version, the initial patch
    introduced a number of entry points which were programmatically
    equivalent. So I introduced only one. Instead, we should leverage
    mac_create_mbuf_netlayer() which is used for similar situations,
    an example being icmp_error()

    This will minimize the impact associated with the MFC

Submitted by:	mlaier [1]
MFC after:	1 week

This is a RELENG_6 candidate
2006-09-12 04:25:13 +00:00
..
amd64 Add a new ddb command 'show lapic' to dump details about the local APIC 2006-09-11 20:12:42 +00:00
arm MFp4: first cut at getting I2C transfers working (generically). I'm 2006-09-07 21:53:28 +00:00
boot - Include <sys/reboot.h> to get the RB_* defines. 2006-09-05 19:28:03 +00:00
bsm Merge OpenBSM 1.0 alpha 10 changes into src/sys/bsm; comment spelling 2006-09-02 10:49:44 +00:00
cam null commit to provide commit message to previous 2006-09-11 17:57:23 +00:00
coda
compat The Linux unlink syscall uses a different errno value when trying to unlink 2006-09-10 13:47:56 +00:00
conf Include agp_i810.c in amd64 AGP builds to get support for the Intel 915 Express 2006-09-05 16:55:13 +00:00
contrib Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point 2006-09-12 04:25:13 +00:00
crypto GCC 3.4.6 gets confused on this file and produces bogus warning. 2006-08-26 21:48:00 +00:00
ddb Fix two nits in the ps header that offset each other making them largely 2006-08-01 22:30:55 +00:00
dev - Revert making bus_generic_add_child() the default for BUS_ADD_CHILD(). 2006-09-11 22:20:37 +00:00
fs while (0); -> while (0) in multi-line macros 2006-08-17 22:50:33 +00:00
gdb
geom Delay an orphan event if provider has still in-flight I/O requests. 2006-09-10 09:11:54 +00:00
gnu
i4b
i386 Add a new ddb command 'show lapic' to dump details about the local APIC 2006-09-11 20:12:42 +00:00
ia64 Implement casuword32, compare and set user integer, thank Marcel Moolenarr 2006-08-28 02:28:15 +00:00
isa Eliminate one set of XBOX #ifdefs. The Xbox code just needs to set a 2006-08-09 23:47:38 +00:00
isofs/cd9660
kern - Revert making bus_generic_add_child() the default for BUS_ADD_CHILD(). 2006-09-11 22:20:37 +00:00
libkern Add strstr() function to the libkern. 2006-08-12 15:28:39 +00:00
modules Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point 2006-09-12 04:25:13 +00:00
net First step of TSO (TCP segmentation offload) support in our network stack. 2006-09-06 21:51:59 +00:00
net80211 More statistics fixups: 2006-08-10 06:04:00 +00:00
netatalk Since soisdisconnected() is no longer called in pru_detach(), call it 2006-08-05 14:14:34 +00:00
netatm Change semantics of socket close and detach. Add a new protocol switch 2006-07-21 17:11:15 +00:00
netgraph s/USBDEVNAME/device_get_nameunit/g 2006-09-07 23:38:09 +00:00
netinet Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point 2006-09-12 04:25:13 +00:00
netinet6 All multicast listeners on a port should get one copy of the packet. This 2006-09-07 18:44:54 +00:00
netipsec Fix build breakage from previous commit which confused key_abort and key_close. 2006-07-22 09:18:02 +00:00
netipx Change semantics of socket close and detach. Add a new protocol switch 2006-07-21 17:11:15 +00:00
netkey With exception of the if_name() macro, all definitions in net_osdep.h 2006-08-04 21:27:40 +00:00
netnatm Change semantics of socket close and detach. Add a new protocol switch 2006-07-21 17:11:15 +00:00
netncp - Fix ncp_poll() to not panic if the socket doesn't have any pending data. 2006-08-03 15:31:52 +00:00
netsmb Fix misalignment bugs caused by invalid type casts of pointers 2006-08-22 03:05:51 +00:00
nfs
nfs4client
nfsclient Fix for a deadlock triggered by a 'umount -f' causing a NFS request to never 2006-08-29 22:00:12 +00:00
nfsserver - Add a new function nfsrv_destroycache() to tear down the server request 2006-08-01 16:27:14 +00:00
opencrypto
pc98 Fix style nits. No md5 changes in .o's. ;-) 2006-09-08 21:46:01 +00:00
pccard
pci Minor overhaul of SMBus support: 2006-09-11 20:52:41 +00:00
posix4
powerpc In cpu_set_user_tls(), properly set the thread pointer. It is 0x7000 2006-09-01 06:05:40 +00:00
rpc
security Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point 2006-09-12 04:25:13 +00:00
sparc64 Do as the USII CPU manual suggests and leave interrupts enabled 2006-09-03 21:20:21 +00:00
sys Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point 2006-09-12 04:25:13 +00:00
tools
ufs While checking for update of snapshot file in the ffs_copyonwrite, 2006-08-21 17:20:19 +00:00
vm Make vm_page_release_contig() static. 2006-09-03 22:24:08 +00:00
Makefile Don't need to special case arm here anymore 2006-08-10 06:29:43 +00:00