freebsd-skq/sys/netipx
rwatson 9c969b771a Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
..
ipx_cksum.c
ipx_if.h
ipx_input.c o add a flags parameter to netisr_register that is used to specify 2003-11-08 22:28:40 +00:00
ipx_ip.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ipx_ip.h
ipx_outputfl.c
ipx_pcb.c
ipx_pcb.h
ipx_proto.c
ipx_usrreq.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
ipx_var.h
ipx.c
ipx.h
README
spx_debug.c
spx_debug.h
spx_timer.h
spx_usrreq.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
spx_var.h
spx.h

$FreeBSD$

This protocol implements IPX/SPX over Ethernet_II frame type 0x8137.
Please note: the SPX implementation may require further work and testing
to insure proper operation.

Mike Mitchell, Network Engineer
AMTECH Systems Corporation, Technology and Manufacturing
8600 Jefferson Street, Albuquerque, New Mexico 87113 (505) 856-8000
supervisor@alb.asctmd.com

John Hay
Some Company
Some Address
jhay@mikom.csir.co.za

--- Copyright Information ---

Copyright (c) 1984, 1985, 1986, 1987, 1993
The Regents of the University of California.  All rights reserved.

Modifications Copyright (c) 1995, Mike Mitchell
Modifications Copyright (c) 1995, John Hay