d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-skq/sys/netinet6
History
rwatson 9c969b771a Introduce a MAC label reference in 'struct inpcb', which caches 
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
..
ah6.h
- correct signedness mixups.
2003-10-12 11:08:18 +00:00
ah_aesxcbcmac.c
support AES XCBC MAC for AH.
2003-10-13 04:56:04 +00:00
ah_aesxcbcmac.h
support AES XCBC MAC for AH.
2003-10-13 04:56:04 +00:00
ah_core.c
- m_cat() may free the mbuf on 2nd arg, so m_pkthdr manipulation has
2003-11-15 06:18:09 +00:00
ah_input.c
- m_cat() may free the mbuf on 2nd arg, so m_pkthdr manipulation has
2003-11-15 06:18:09 +00:00
ah_output.c
- avoid hardcoded values.
2003-10-12 12:03:25 +00:00
ah.h
oops, correct wrong change in previous commit.
2003-11-15 06:16:36 +00:00
dest6.c
remove unused variable.
2003-10-12 15:14:33 +00:00
esp6.h
esp_aesctr.c
- support AES counter mode for ESP.
2003-10-13 14:57:41 +00:00
esp_aesctr.h
- support AES counter mode for ESP.
2003-10-13 14:57:41 +00:00
esp_core.c
- m_cat() may free the mbuf on 2nd arg, so m_pkthdr manipulation has
2003-11-15 06:18:09 +00:00
esp_input.c
- m_cat() may free the mbuf on 2nd arg, so m_pkthdr manipulation has
2003-11-15 06:18:09 +00:00
esp_output.c
preparation for 64bit sequence number.
2003-11-15 05:41:41 +00:00
esp_rijndael.c
cleanup rijndael API.
2003-11-11 18:58:54 +00:00
esp_rijndael.h
enable aes-xcbc-mac and aes-ctr, again.
2003-11-10 10:39:14 +00:00
esp.h
- support AES counter mode for ESP.
2003-10-13 14:57:41 +00:00
frag6.c
add ECN support in layer-3.
2003-10-29 15:07:04 +00:00
icmp6.c
- cleanup SP refcnt issue.
2003-11-04 16:02:05 +00:00
icmp6.h
in6_cksum.c
- fix typo in comments.
2003-10-08 18:26:08 +00:00
in6_gif.c
add ECN support in layer-3.
2003-10-29 15:07:04 +00:00
in6_gif.h
- fix typo in comments.
2003-10-08 18:26:08 +00:00
in6_ifattach.c
use arc4random.
2003-10-31 16:06:05 +00:00
in6_ifattach.h
nuku unused functions in6_nigroup_attach() and
2003-10-31 15:51:28 +00:00
in6_pcb.c
Overhaul routing table entry cleanup by introducing a new rtexpunge
2003-10-30 23:02:51 +00:00
in6_pcb.h
source address selection part of RFC3484.
2003-11-04 20:22:33 +00:00
in6_prefix.c
return(code) -> return (code)
2003-10-06 14:02:09 +00:00
in6_prefix.h
in6_proto.c
source address selection part of RFC3484.
2003-11-04 20:22:33 +00:00
in6_rmx.c
Overhaul routing table entry cleanup by introducing a new rtexpunge
2003-10-30 23:02:51 +00:00
in6_src.c
reflect ip6_pktopts and ip6_moptions into embeded scope of
2003-11-12 21:39:12 +00:00
in6_var.h
add management part of address selection policy described in
2003-10-30 15:29:17 +00:00
in6.c
replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF
2003-11-08 23:36:32 +00:00
in6.h
byebye in6_ifawithscope(). it was a function for old source
2003-11-05 17:19:31 +00:00
ip6_ecn.h
add ECN support in layer-3.
2003-10-29 15:07:04 +00:00
ip6_forward.c
- cleanup SP refcnt issue.
2003-11-04 16:02:05 +00:00
ip6_fw.c
Replace the if_name and if_unit members of struct ifnet with new members
2003-10-31 18:32:15 +00:00
ip6_fw.h
Replace the if_name and if_unit members of struct ifnet with new members
2003-10-31 18:32:15 +00:00
ip6_id.c
add randomtab for ip6_randomflowlabel().
2003-10-01 21:45:57 +00:00
ip6_input.c
o add a flags parameter to netisr_register that is used to specify
2003-11-08 22:28:40 +00:00
ip6_mroute.c
Replace the if_name and if_unit members of struct ifnet with new members
2003-10-31 18:32:15 +00:00
ip6_mroute.h
just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.
2002-04-19 04:46:24 +00:00
ip6_output.c
correct to look right interface.
2003-11-17 07:53:32 +00:00
ip6_var.h
source address selection part of RFC3484.
2003-11-04 20:22:33 +00:00
ip6.h
ip6protosw.h
- fix typo in comments.
2003-10-08 18:26:08 +00:00
ipcomp6.h
ipcomp_core.c
- fix typo in comments.
2003-10-08 18:26:08 +00:00
ipcomp_input.c
- typo. found by markus@openbsd
2003-10-09 18:44:54 +00:00
ipcomp_output.c
sync with the latest KAME (just a cosmetic change)
2003-04-28 08:21:57 +00:00
ipcomp.h
just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.
2002-04-19 04:46:24 +00:00
ipsec6.h
- cleanup SP refcnt issue.
2003-11-04 16:02:05 +00:00
ipsec.c
nuke obsoleted ipsec_gethist(). it just did panic to notify user
2003-11-07 20:38:45 +00:00
ipsec.h
nuke obsoleted ipsec_gethist(). it just did panic to notify user
2003-11-07 20:38:45 +00:00
mld6_var.h
rename MLD6_* to MLD_*.
2003-10-31 16:07:15 +00:00
mld6.c
rename MLD6_* to MLD_*.
2003-10-31 16:07:15 +00:00
nd6_nbr.c
- cleanup SP refcnt issue.
2003-11-04 16:02:05 +00:00
nd6_rtr.c
replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF
2003-11-08 23:36:32 +00:00
nd6.c
replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF
2003-11-08 23:36:32 +00:00
nd6.h
use arc4random.
2003-10-31 16:06:05 +00:00
pim6_var.h
pim6.h
raw_ip6.c
Introduce a MAC label reference in 'struct inpcb', which caches
2003-11-18 00:39:07 +00:00
raw_ip6.h
README
route6.c
hide m_tag, again.
2003-10-29 12:49:12 +00:00
scope6_var.h
- add dom_if{attach,detach} framework.
2003-10-17 15:46:31 +00:00
scope6.c
protect sid_default and sid.
2003-10-22 15:13:36 +00:00
tcp6_var.h
udp6_output.c
- cleanup SP refcnt issue.
2003-11-04 16:02:05 +00:00
udp6_usrreq.c
Introduce a MAC label reference in 'struct inpcb', which caches
2003-11-18 00:39:07 +00:00
udp6_var.h

README 

a note to committers about KAME tree
$FreeBSD$
KAME project


FreeBSD IPv6/IPsec tree is from KAMEproject (http://www.kame.net/).
To synchronize KAME tree and FreeBSD better today and in the future,
please understand the following:

- DO NOT MAKE COSTMETIC CHANGES.
  "Cosmetic changes" here includes tabify, untabify, removal of space at EOL,
  minor KNF items, and whatever adds more output lines on "diff freebsd kame".
  To make future synchronization easier. it is critical to preserve certain
  statements in the code.  Also, as KAME tree supports all 4 BSDs (Free, Open,
  Net, BSD/OS) in single shared tree, it is not always possible to backport
  FreeBSD changes into KAME tree.  So again, please do not make cosmetic
  changes.  Even if you think it a right thing, that will bite KAME guys badly
  during upgrade attempts, and prevent us from synchronizing two trees.
  (you don't usually make cosmetic changes against third-party code, do you?)

- REPORT CHANGES/BUGS TO KAME GUYS.
  It is not always possible for KAME guys to watch all the freebsd mailing
  list traffic, as the traffic is HUGE.  So if possible, please, inform
  kame guys of changes you made in IPv6/IPsec related portion.  Contact
  path would be snap-users@kame.net or KAME PR database on www.kame.net.
  (or to core@kame.net if it is necessary to make it confidential)

Thank you for your cooperation and have a happy IPv6 life!


Note: KAME-origin code is in the following locations.
The above notice applies to corresponding manpages too.
The list may not be complete.  If you see $KAME$ in the code, it is from
KAME distribution.  If you see some file that is IPv6/IPsec related, it is
highly possible that the file is from KAME distribution.

include/ifaddrs.h
lib/libc/net
lib/libc/net/getaddrinfo.c
lib/libc/net/getifaddrs.c
lib/libc/net/getnameinfo.c
lib/libc/net/ifname.c
lib/libc/net/ip6opt.c
lib/libc/net/map_v4v6.c
lib/libc/net/name6.c
lib/libftpio
lib/libipsec
sbin/ip6fw
sbin/ping6
sbin/rtsol
share/doc/IPv6
share/man/man4/ip6.4
share/man/man4/inet6.4
sys/crypto (except sys/crypto/rc4)
sys/kern/uipc_mbuf2.c
sys/net/if_faith.[ch]
sys/net/if_gif.[ch]
sys/net/if_stf.[ch]
sys/net/pfkeyv2.h
sys/netinet/icmp6.h
sys/netinet/in_gif.[ch]
sys/netinet/ip6.h
sys/netinet/ip_encap.[ch]
sys/netinet6
sys/netkey
usr.sbin/faithd
usr.sbin/gifconfig
usr.sbin/ifmcstat
usr.sbin/mld6query
usr.sbin/ndp
usr.sbin/pim6dd
usr.sbin/pim6sd
usr.sbin/prefix
usr.sbin/rip6query
usr.sbin/route6d
usr.sbin/rrenumd
usr.sbin/rtadvd
usr.sbin/rtsold
usr.sbin/scope6config
usr.sbin/setkey
usr.sbin/traceroute6