From owner-cvs-src@FreeBSD.ORG Sun Oct 28 17:12:48 2007 Return-Path: Delivered-To: cvs-src@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D316316A417; Sun, 28 Oct 2007 17:12:48 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id C060D13C48E; Sun, 28 Oct 2007 17:12:48 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id l9SHCmAW015818; Sun, 28 Oct 2007 17:12:48 GMT (envelope-from rwatson@repoman.freebsd.org) Received: (from rwatson@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id l9SHCmK5015817; Sun, 28 Oct 2007 17:12:48 GMT (envelope-from rwatson) Message-Id: <200710281712.l9SHCmK5015817@repoman.freebsd.org> From: Robert Watson Date: Sun, 28 Oct 2007 17:12:48 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: src/sys/contrib/pf/net pf.c src/sys/netinet ip_fw2.c ip_icmp.c src/sys/security/mac mac_framework.h mac_inet.c mac_net.c mac_policy.h src/sys/security/mac_biba mac_biba.c src/sys/security/mac_lomac mac_lomac.c src/sys/security/mac_mls ... X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Oct 2007 17:12:48 -0000 rwatson 2007-10-28 17:12:48 UTC FreeBSD src repository Modified files: sys/contrib/pf/net pf.c sys/netinet ip_fw2.c ip_icmp.c sys/security/mac mac_framework.h mac_inet.c mac_net.c mac_policy.h sys/security/mac_biba mac_biba.c sys/security/mac_lomac mac_lomac.c sys/security/mac_mls mac_mls.c sys/security/mac_stub mac_stub.c sys/security/mac_test mac_test.c Log: Continue to move from generic network entry points in the TrustedBSD MAC Framework by moving from mac_mbuf_create_netlayer() to more specific entry points for specific network services: - mac_netinet_firewall_reply() to be used when replying to in-bound TCP segments in pf and ipfw (etc). - Rename mac_netinet_icmp_reply() to mac_netinet_icmp_replyinplace() and add mac_netinet_icmp_reply(), reflecting that in some cases we overwrite a label in place, but in others we apply the label to a new mbuf. Obtained from: TrustedBSD Project Revision Changes Path 1.50 +1 -1 src/sys/contrib/pf/net/pf.c 1.178 +1 -1 src/sys/netinet/ip_fw2.c 1.120 +2 -2 src/sys/netinet/ip_icmp.c 1.94 +3 -2 src/sys/security/mac/mac_framework.h 1.16 +29 -2 src/sys/security/mac/mac_inet.c 1.130 +0 -11 src/sys/security/mac/mac_net.c 1.104 +9 -5 src/sys/security/mac/mac_policy.h 1.115 +26 -13 src/sys/security/mac_biba/mac_biba.c 1.60 +26 -13 src/sys/security/mac_lomac/mac_lomac.c 1.96 +26 -13 src/sys/security/mac_mls/mac_mls.c 1.77 +22 -12 src/sys/security/mac_stub/mac_stub.c 1.87 +14 -15 src/sys/security/mac_test/mac_test.c