From owner-cvs-src@FreeBSD.ORG  Wed Dec 17 09:58:54 2003
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5407616A4CE; Wed, 17 Dec 2003 09:58:54 -0800 (PST)
Received: from yoda.dccnet.com (yoda.dccnet.com [24.207.1.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id BC26F43D64; Wed, 17 Dec 2003 09:57:51 -0800 (PST)
	(envelope-from owner-cvs-all@freebsd.org)
Received: from yoda.dccnet.com (unverified [127.0.0.1]) by yoda.dccnet.com
 (Rockliffe SMTPRA 5.3.6) with ESMTP id <B0386905898@yoda.dccnet.com>;
 Wed, 17 Dec 2003 09:57:50 -0800
Received: from mx2.freebsd.org (unverified [216.136.204.119]) by dccnet.com
	for <kevine@dccnet.com>; Wed, 17 Dec 2003 06:56:25 -0800
Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18])
	by mx2.freebsd.org (Postfix) with ESMTP
	id 834F656A68; Wed, 17 Dec 2003 06:56:05 -0800 (PST)
	(envelope-from owner-cvs-all@freebsd.org)
Received: from hub.freebsd.org (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id AC1C116A4D2; Wed, 17 Dec 2003 06:56:04 -0800 (PST)
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9450016A4CE; Wed, 17 Dec 2003 06:55:39 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 7A9EE43D62; Wed, 17 Dec 2003 06:55:12 -0800 (PST)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id hBHEtC0B020015;
	Wed, 17 Dec 2003 06:55:12 -0800 (PST)
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from rwatson@localhost)
	by repoman.freebsd.org (8.12.10/8.12.10/Submit) id hBHEtC20020014;
	Wed, 17 Dec 2003 06:55:12 -0800 (PST)
	(envelope-from rwatson)
Message-Id: <200312171455.hBHEtC20020014@repoman.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Wed, 17 Dec 2003 06:55:12 -0800 (PST)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Sender: owner-cvs-all@freebsd.org
Errors-To: owner-cvs-all@freebsd.org
Subject: cvs commit: src/sys/netinet tcp_subr.c src/sys/security/mac
 mac_net.c src/sys/security/mac_biba mac_biba.c
 src/sys/security/mac_lomac mac_lomac.c src/sys/security/mac_mls
 mac_mls.c src/sys/security/mac_stub mac_stub.c ...
X-BeenThere: cvs-src@freebsd.org
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Dec 2003 17:58:54 -0000

rwatson     2003/12/17 06:55:12 PST

  FreeBSD src repository

  Modified files:
    sys/netinet          tcp_subr.c 
    sys/security/mac     mac_net.c 
    sys/security/mac_biba mac_biba.c 
    sys/security/mac_lomac mac_lomac.c 
    sys/security/mac_mls mac_mls.c 
    sys/security/mac_stub mac_stub.c 
    sys/security/mac_test mac_test.c 
    sys/sys              mac.h mac_policy.h 
  Log:
  Switch TCP over to using the inpcb label when responding in timed
  wait, rather than the socket label.  This avoids reaching up to
  the socket layer during connection close, which requires locking
  changes.  To do this, introduce MAC Framework entry point
  mac_create_mbuf_from_inpcb(), which is called from tcp_twrespond()
  instead of calling mac_create_mbuf_from_socket() or
  mac_create_mbuf_netlayer().  Introduce MAC Policy entry point
  mpo_create_mbuf_from_inpcb(), and implementations for various
  policies, which generally just copy label data from the inpcb to
  the mbuf.  Assert the inpcb lock in the entry point since we
  require consistency for the inpcb label reference.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, Network Associates Laboratories
  
  Revision  Changes    Path
  1.170     +1 -4      src/sys/netinet/tcp_subr.c
  1.111     +11 -0     src/sys/security/mac/mac_net.c
  1.73      +13 -0     src/sys/security/mac_biba/mac_biba.c
  1.26      +13 -0     src/sys/security/mac_lomac/mac_lomac.c
  1.60      +13 -0     src/sys/security/mac_mls/mac_mls.c
  1.37      +8 -0      src/sys/security/mac_stub/mac_stub.c
  1.40      +10 -0     src/sys/security/mac_test/mac_test.c
  1.53      +1 -0      src/sys/sys/mac.h
  1.47      +3 -0      src/sys/sys/mac_policy.h
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"