Commit Graph

18 Commits

Author SHA1 Message Date
rwatson
9c969b771a Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
obrien
5dd6703eeb Use __FBSDID(). 2003-06-11 07:00:30 +00:00
tanimura
e6fa9b9e92 Back out my lats commit of locking down a socket, it conflicts with hsu's work.
Requested by:	hsu
2002-05-31 11:52:35 +00:00
tanimura
92d8381dd5 Lock down a socket, milestone 1.
o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a
  socket buffer. The mutex in the receive buffer also protects the data
  in struct socket.

o Determine the lock strategy for each members in struct socket.

o Lock down the following members:

  - so_count
  - so_options
  - so_linger
  - so_state

o Remove *_locked() socket APIs.  Make the following socket APIs
  touching the members above now require a locked socket:

 - sodisconnect()
 - soisconnected()
 - soisconnecting()
 - soisdisconnected()
 - soisdisconnecting()
 - sofree()
 - soref()
 - sorele()
 - sorwakeup()
 - sotryfree()
 - sowakeup()
 - sowwakeup()

Reviewed by:	alfred
2002-05-20 05:41:09 +00:00
tanimura
89ec521d91 Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.
Requested by:	bde

Since locking sigio_lock is usually followed by calling pgsigio(),
move the declaration of sigio_lock and the definitions of SIGIO_*() to
sys/signalvar.h.

While I am here, sort include files alphabetically, where possible.
2002-04-30 01:54:54 +00:00
arr
ab6fdd245b - Nuke some more not needed #ifdef cruft. 2002-04-21 01:41:05 +00:00
alfred
8c4c86de23 Remove __P. 2002-03-20 02:39:27 +00:00
julian
5596676e6c KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
phk
937783b154 Add back some #include <sys/systm.h> which were needed when <sys/ktr.h>
doesn't mess us up.

Noted by:	Harti Brandt <brandt@fokus.gmd.de>
2000-10-30 20:37:01 +00:00
phk
f3419eb077 Remove more unused #includes. 2000-10-27 21:14:25 +00:00
phk
beadbd4365 Remove unneeded #include <machine/clock.h> 2000-10-15 14:19:01 +00:00
phk
fe59073f8d Remove the #include kitchensink <netatm/kern_include.h> and add
the #includes to the respective source files.

Also un-nest includes in <dev/hfa/fore_include.h>

I have run src/tools/tools/kerninclude to remove 1239 clearly
unneeded #includes reducing the total from 3524 includes to 2285.
2000-10-12 08:14:20 +00:00
green
eb94f20ec0 Modify to work with the new sbreserve(). 1999-10-09 23:24:59 +00:00
peter
3b842d34e8 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
phk
c55aa9c23d Copy application name and connection attributes for accept() sockets from
listen() socket.

Allow setsockopt(APPLNAME) after socket is connected.
1998-12-11 21:47:21 +00:00
phk
ef1becbf8e Trivial stylish changes, mostly to silence gcc.
Reviewed by:	Mike Spengler <mks@networkcs.com>
Submitted by:	phk
1998-10-31 20:07:01 +00:00
phk
231bd37d3c Two patches from the HARP people:
Various Makefile related fixes.

-Wformat fixes.

Submitted by:	Mike Spengler <mks@networkcs.com>
1998-09-17 09:35:02 +00:00
phk
c3dd1fa899 Add new files for HARP3
Host ATM Research Platform (HARP), Network Computing Services, Inc.
This software was developed with the support of the Defense Advanced
Research Projects Agency (DARPA).
1998-09-15 08:23:17 +00:00