freebsd-skq/sys/netinet
rwatson a034d0cd3c Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument the TCP socket code for packet generation and delivery:
label outgoing mbufs with the label of the socket, and check socket and
mbuf labels before permitting delivery to a socket.  Assign labels
to newly accepted connections when the syncache/cookie code has done
its business.  Also set peer labels as convenient.  Currently,
MAC policies cannot influence the PCB matching algorithm, so cannot
implement polyinstantiation.  Note that there is at least one case
where a PCB is not available due to the TCP packet not being associated
with any socket, so we don't label in that case, but need to handle
it in a special manner.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 19:06:49 +00:00
..
libalias Don't forget to recalculate the IP checksum of the original 2002-07-23 00:16:19 +00:00
accf_data.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
accf_http.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
icmp6.h Revised MLD-related definitions 2002-05-06 16:28:25 +00:00
icmp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
if_atm.c - Change the newly turned INVARIANTS #ifdef blocks (they were changed from 2002-05-21 18:52:24 +00:00
if_atm.h Remove __P. 2002-03-19 21:25:46 +00:00
if_ether.c Introduce support for Mandatory Access Control and extensible 2002-07-31 16:45:16 +00:00
if_ether.h Fixed some style bugs in the removal of __P(()). Continuation lines 2002-03-24 10:19:10 +00:00
igmp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
igmp.c Introduce support for Mandatory Access Control and extensible 2002-07-31 16:46:56 +00:00
igmp.h
in_cksum.c
in_gif.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
in_gif.h Remove __P. 2002-03-19 21:25:46 +00:00
in_pcb.c cleanup usage of ip6_mapped_addr_on and ip6_v6only. now, 2002-07-25 17:40:45 +00:00
in_pcb.h do not refer to IN6P_BINDV6ONLY anymore. 2002-07-22 15:51:02 +00:00
in_proto.c Remove __P. 2002-03-19 21:25:46 +00:00
in_rmx.c Remove __P. 2002-03-19 21:25:46 +00:00
in_systm.h Remove __P. 2002-03-19 21:25:46 +00:00
in_var.h Fixed some style bugs in the removal of __P(()). Continuation lines 2002-03-24 10:19:10 +00:00
in.c Lock up inpcb. 2002-06-10 20:05:46 +00:00
in.h Remove some duplicate types that should have been removed as part of 2002-05-11 23:28:51 +00:00
ip6.h Sync with recent KAME. 2001-06-11 12:39:29 +00:00
ip_divert.c Introduce support for Mandatory Access Control and extensible 2002-07-31 16:42:47 +00:00
ip_dummynet.c Fix a panic when doing "ipfw add pipe 1 log ..." 2002-07-17 07:21:42 +00:00
ip_dummynet.h fix indentation of a comment 2002-06-23 09:14:24 +00:00
ip_ecn.c initialize local variable explicitly 2002-04-11 02:14:21 +00:00
ip_ecn.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_encap.c just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. 2002-04-19 04:46:24 +00:00
ip_encap.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_flow.c s/FREE/free/ 2001-11-04 17:35:31 +00:00
ip_flow.h
ip_fw2.c Only log things net.inet.ip.fw.verbose is set 2002-07-24 02:41:19 +00:00
ip_fw.c Remove (almost all) global variables that were used to hold 2002-06-22 11:51:02 +00:00
ip_fw.h Fix a panic when doing "ipfw add pipe 1 log ..." 2002-07-17 07:21:42 +00:00
ip_icmp.c Prevent icmp_reflect() from calling ip_output() with a NULL route 2002-03-22 16:45:54 +00:00
ip_icmp.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_id.c Remove __P. 2002-03-19 21:25:46 +00:00
ip_input.c Introduce support for Mandatory Access Control and extensible 2002-07-31 17:17:51 +00:00
ip_mroute.c Just a comment on some additional consistency checks that could 2002-06-26 21:00:53 +00:00
ip_mroute.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_output.c Introduce support for Mandatory Access Control and extensible 2002-07-31 17:21:01 +00:00
ip_var.h Introduce support for Mandatory Access Control and extensible 2002-07-30 23:09:20 +00:00
ip.h o Add IPOPT_ESO for the 'Extended Security' IP option (RFC1108) 2001-12-14 19:37:32 +00:00
ipprotosw.h KSE Milestone 2 2001-09-12 08:38:13 +00:00
raw_ip.c Introduce support for Mandatory Access Control and extensible 2002-07-31 18:30:34 +00:00
tcp_debug.c Remove a change that snuck in from my private tree. 2001-12-21 05:07:39 +00:00
tcp_debug.h
tcp_fsm.h WARNS=n and lint(1) silencer. Declare an array of (const) strings 2002-02-03 11:57:32 +00:00
tcp_input.c Introduce support for Mandatory Access Control and extensible 2002-07-31 19:06:49 +00:00
tcp_output.c Introduce support for Mandatory Access Control and extensible 2002-07-31 19:06:49 +00:00
tcp_reass.c Introduce support for Mandatory Access Control and extensible 2002-07-31 19:06:49 +00:00
tcp_seq.h Move initialization of snd_recover into tcp_sendseqinit(). 2001-11-21 18:45:51 +00:00
tcp_subr.c Introduce support for Mandatory Access Control and extensible 2002-07-31 19:06:49 +00:00
tcp_syncache.c Introduce support for Mandatory Access Control and extensible 2002-07-31 19:06:49 +00:00
tcp_timer.c Fix overflows in intermediate calculations in sysctl_msec_to_ticks(). 2002-07-20 23:48:59 +00:00
tcp_timer.h Introduce two new sysctl's: 2002-07-18 19:06:12 +00:00
tcp_timewait.c Introduce support for Mandatory Access Control and extensible 2002-07-31 19:06:49 +00:00
tcp_usrreq.c Use a common way to release locks before exit. 2002-07-29 09:01:39 +00:00
tcp_var.h Add the tcps_sndrexmitbad statistic, keep track of late acks that caused 2002-07-19 18:29:38 +00:00
tcp.h
tcpip.h
udp_usrreq.c Wire the sysctl output buffer before grabbing any locks to prevent 2002-07-28 19:59:31 +00:00
udp_var.h Notify functions can destroy the pcb, so they have to return an 2002-06-14 08:35:21 +00:00
udp.h