From 549e4c9e4e56724ff220be33279d6862ed89071e Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Tue, 30 Jul 2002 23:09:20 +0000
Subject: [PATCH] Introduce support for Mandatory Access Control and extensible
 kernel access control.

Label IP fragment reassembly queues, permitting security features to
be maintained on those objects.  ipq_label will be used to manage
the reassembly of fragments into IP datagrams using security
properties.  This permits policies to deny the reassembly of fragments,
as well as influence the resulting label of a datagram following
reassembly.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
---
 sys/netinet/ip_var.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h
index 79f833610afa..4efb58930d5d 100644
--- a/sys/netinet/ip_var.h
+++ b/sys/netinet/ip_var.h
@@ -68,6 +68,7 @@ struct ipq {
 	u_int32_t ipq_div_info;		/* ipfw divert port & flags */
 	u_int16_t ipq_div_cookie;	/* ipfw divert cookie */
 #endif
+	struct label ipq_label;		/* MAC label */
 };
 #endif /* _KERNEL */