freebsd-skq/sys/netatm
Robert Watson a557af222b Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
..
ipatm Include <sys/malloc.h> for the declaration of malloc(), etc. instead 2003-11-14 21:02:10 +00:00
sigpvc Make the ioctl() interface cleaner with regard to types: use size_t 2003-07-29 13:32:10 +00:00
spans Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
uni Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
atm_aal5.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
atm_cm.c Silence a gcc-warning. Do this by inlining the macro-call. This is 2003-07-26 14:20:37 +00:00
atm_cm.h - Change the ATM stack functions to use intptr_t instead of int for opaque 2002-11-08 18:27:30 +00:00
atm_device.c Hand the packet to bpf not only in the LLC/SNAP case, but for all 2003-07-25 06:43:41 +00:00
atm_if.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
atm_if.h Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
atm_ioctl.h Make the ioctl() interface cleaner with regard to types: use size_t 2003-07-29 13:32:10 +00:00
atm_pcb.h
atm_proto.c Create a subtree 'harp' of the net sysctl tree. This uses a fixed 2003-07-24 10:33:01 +00:00
atm_sap.h
atm_sigmgr.h
atm_signal.c Use __FBSDID(). 2003-06-11 07:00:30 +00:00
atm_socket.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
atm_stack.h - Change the ATM stack functions to use intptr_t instead of int for opaque 2002-11-08 18:27:30 +00:00
atm_subr.c o add a flags parameter to netisr_register that is used to specify 2003-11-08 22:28:40 +00:00
atm_sys.h - Chainsaw the storage pool code. This was being used by a bunch of code 2002-06-14 19:31:07 +00:00
atm_usrreq.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
atm_var.h Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
atm_vc.h Make the ioctl() interface cleaner with regard to types: use size_t 2003-07-29 13:32:10 +00:00
atm.h
port.h There is no reason to be cute with ntohl(). Just call it directly rather 2003-02-23 22:26:39 +00:00
queue.h