freebsd-skq/sys/netinet
Robert Watson a557af222b Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
..
libalias Grrr...add the Skinny alias code forgotten in the last commit. 2003-09-23 07:42:33 +00:00
accf_data.c
accf_http.c
icmp6.h revert following unwanted changes: 2003-10-25 10:57:08 +00:00
icmp_var.h
if_atm.c replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF 2003-11-08 23:36:32 +00:00
if_atm.h
if_ether.c replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF 2003-11-08 23:36:32 +00:00
if_ether.h Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
igmp_var.h
igmp.c Remove redundant initialization of rti; SLIST_FOREACH does that for 2003-08-28 22:15:05 +00:00
igmp.h
in_cksum.c
in_gif.c add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
in_gif.h - fix typo in comment. 2003-10-07 17:46:18 +00:00
in_pcb.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
in_pcb.h Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
in_proto.c divert socket fixups: 2003-11-08 23:09:42 +00:00
in_rmx.c Remove the global one-level rtcache variable and associated 2003-11-14 21:48:57 +00:00
in_systm.h
in_var.h Introduce ip_fastforward and remove ip_flow. 2003-11-14 21:02:22 +00:00
in.c Correct rev 1.56 which (incorrectly) reversed the test used to 2003-11-03 03:22:39 +00:00
in.h correct namespace pollution. 2003-10-25 09:37:10 +00:00
ip6.h revert following unwanted changes: 2003-10-25 10:57:08 +00:00
ip_divert.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
ip_dummynet.c replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF 2003-11-08 23:36:32 +00:00
ip_dummynet.h place some kernel-specific data structures under #ifdef _KERNEL 2003-10-03 20:58:56 +00:00
ip_ecn.c add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip_ecn.h add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip_encap.c Remove unused variables. 2003-06-01 09:20:38 +00:00
ip_encap.h
ip_fastfwd.c Make two casts correct for all types of 64bit platforms. 2003-11-16 12:50:33 +00:00
ip_fw2.c Remove the global one-level rtcache variable and associated 2003-11-14 21:48:57 +00:00
ip_fw.h Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ip_gre.c Finish driving a stake through the heart of netns and the associated 2003-03-05 19:24:24 +00:00
ip_gre.h de-__P(). 2002-10-16 22:27:27 +00:00
ip_icmp.c Remove the global one-level rtcache variable and associated 2003-11-14 21:48:57 +00:00
ip_icmp.h Add comments regarding the ICMP timestamp fields. 2003-03-21 15:28:10 +00:00
ip_id.c MFp4: reminder that random id code is not reentrant 2003-11-07 23:31:29 +00:00
ip_input.c Fix a few cases where MT_TAG-type "fake mbufs" are created on the stack, but 2003-11-17 03:17:49 +00:00
ip_mroute.c the sbappendaddr call in socket_send must be protected by Giant 2003-11-08 22:51:18 +00:00
ip_mroute.h 1. Basic PIM kernel support 2003-08-07 18:16:59 +00:00
ip_output.c Remove the global one-level rtcache variable and associated 2003-11-14 21:48:57 +00:00
ip_var.h Make ipstealth global as we need it in ip_fastforward too. 2003-11-15 01:45:56 +00:00
ip.h add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ipprotosw.h
pim_var.h New PIM header files. 2003-08-07 18:17:43 +00:00
pim.h New PIM header files. 2003-08-07 18:17:43 +00:00
raw_ip.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
tcp_debug.c It's now sufficient to rely on a nested include of _label.h to make sure 2002-08-15 14:34:45 +00:00
tcp_debug.h make the strings for tcptimers, tanames and prurequests const to silence 2002-08-16 09:07:59 +00:00
tcp_fsm.h
tcp_input.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
tcp_output.c replace mtx_assert by INP_LOCK_ASSERT 2003-11-08 22:55:52 +00:00
tcp_reass.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
tcp_seq.h Unify the "send high" and "recover" variables as specified in the 2003-07-15 21:49:53 +00:00
tcp_subr.c o correct locking problem: the inpcb must be held across tcp_respond 2003-11-08 22:59:22 +00:00
tcp_syncache.c correct typos 2003-11-11 18:16:54 +00:00
tcp_timer.c use local values instead of chasing pointers 2003-11-08 22:57:13 +00:00
tcp_timer.h Remove a panic(); if the zone allocator can't provide more timewait 2003-03-08 22:06:20 +00:00
tcp_timewait.c o correct locking problem: the inpcb must be held across tcp_respond 2003-11-08 22:59:22 +00:00
tcp_usrreq.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
tcp_var.h Add an additional check to the tcp_twrecycleable function; I had 2003-11-02 07:47:03 +00:00
tcp.h Include <sys/cdefs.h> so the visibility conditionals are available. 2002-10-02 04:22:34 +00:00
tcpip.h
udp_usrreq.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
udp_var.h
udp.h