Introduce support for Mandatory Access Control and extensible

kernel access control. Label IP fragment reassembly queues, permitting security features to be maintained on those objects. ipq_label will be used to manage the reassembly of fragments into IP datagrams using security properties. This permits policies to deny the reassembly of fragments, as well as influence the resulting label of a datagram following reassembly. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
2002-07-30 23:09:20 +00:00 · 2002-07-30 23:09:20 +00:00 · 2cef0b1901
commit 2cef0b1901
parent f476cee602
1 changed files with 1 additions and 0 deletions
--- a/sys/netinet/ip_var.h
+++ b/sys/netinet/ip_var.h
@ -68,6 +68,7 @@ struct ipq {
 	u_int32_t ipq_div_info;		/* ipfw divert port & flags */
 	u_int16_t ipq_div_cookie;	/* ipfw divert cookie */
 #endif
+	struct label ipq_label;		/* MAC label */
 };
 #endif /* _KERNEL */