From owner-cvs-all Wed Jul 31 11:31: 5 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC2C337B410; Wed, 31 Jul 2002 11:30:56 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A53B443E97; Wed, 31 Jul 2002 11:30:35 -0700 (PDT) (envelope-from rwatson@FreeBSD.org) Received: from freefall.freebsd.org (rwatson@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6VIUZJU021321; Wed, 31 Jul 2002 11:30:35 -0700 (PDT) (envelope-from rwatson@freefall.freebsd.org) Received: (from rwatson@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6VIUYbl021313; Wed, 31 Jul 2002 11:30:34 -0700 (PDT) Message-Id: <200207311830.g6VIUYbl021313@freefall.freebsd.org> From: Robert Watson Date: Wed, 31 Jul 2002 11:30:34 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet raw_ip.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG rwatson 2002/07/31 11:30:34 PDT Modified files: sys/netinet raw_ip.c Log: Introduce support for Mandatory Access Control and extensible kernel access control. Instrument the raw IP socket code for packet generation and delivery: label outgoing mbufs with the label of the socket, and check the socket and mbuf labels before permitting delivery to a socket, permitting MAC policies to selectively allow delivery of raw IP mbufs to various raw IP sockets that may be open. Restructure the policy checking code to compose IPsec and MAC results in a more readable manner. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs Revision Changes Path 1.98 +40 -16 src/sys/netinet/raw_ip.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message