From owner-p4-projects@FreeBSD.ORG Thu Aug 21 11:45:19 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 30BA916A4C1; Thu, 21 Aug 2003 11:45:19 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE4B816A4BF for ; Thu, 21 Aug 2003 11:45:18 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CBEB43FAF for ; Thu, 21 Aug 2003 11:45:18 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h7LIjI0U015557 for ; Thu, 21 Aug 2003 11:45:18 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h7LIjHIf015553 for perforce@freebsd.org; Thu, 21 Aug 2003 11:45:17 -0700 (PDT) Date: Thu, 21 Aug 2003 11:45:17 -0700 (PDT) Message-Id: <200308211845.h7LIjHIf015553@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 36619 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Aug 2003 18:45:20 -0000 http://perforce.freebsd.org/chv.cgi?CH=36619 Change 36619 by rwatson@rwatson_tislabs on 2003/08/21 11:44:46 Loop-back integration of ICMP and TCP "reflect" MAC entry points from FreeBSD main tree to TrustedBSD base branch. Affected files ... .. //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#47 integrate .. //depot/projects/trustedbsd/base/sys/netinet/ip_icmp.c#15 integrate .. //depot/projects/trustedbsd/base/sys/netinet/tcp_subr.c#26 integrate .. //depot/projects/trustedbsd/base/sys/sys/mac.h#30 integrate .. //depot/projects/trustedbsd/base/sys/sys/mac_policy.h#30 integrate Differences ... ==== //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#47 (text+ko) ==== @@ -40,7 +40,7 @@ */ #include -__FBSDID("$FreeBSD: src/sys/kern/kern_mac.c,v 1.96 2003/08/21 13:52:59 rwatson Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/kern_mac.c,v 1.97 2003/08/21 18:21:22 rwatson Exp $"); #include "opt_mac.h" #include "opt_devfs.h" @@ -2398,6 +2398,25 @@ } void +mac_reflect_mbuf_icmp(struct mbuf *m) +{ + struct label *label; + + label = mbuf_to_label(m); + + MAC_PERFORM(reflect_mbuf_icmp, m, label); +} +void +mac_reflect_mbuf_tcp(struct mbuf *m) +{ + struct label *label; + + label = mbuf_to_label(m); + + MAC_PERFORM(reflect_mbuf_tcp, m, label); +} + +void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq) { struct label *label; ==== //depot/projects/trustedbsd/base/sys/netinet/ip_icmp.c#15 (text+ko) ==== @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94 - * $FreeBSD: src/sys/netinet/ip_icmp.c,v 1.78 2003/03/21 15:43:06 mdodd Exp $ + * $FreeBSD: src/sys/netinet/ip_icmp.c,v 1.79 2003/08/21 18:39:15 rwatson Exp $ */ #include "opt_ipsec.h" @@ -648,6 +648,9 @@ goto done; } match: +#ifdef MAC + mac_reflect_mbuf_icmp(m); +#endif t = IA_SIN(ia)->sin_addr; ip->ip_src = t; ip->ip_ttl = ip_defttl; ==== //depot/projects/trustedbsd/base/sys/netinet/tcp_subr.c#26 (text+ko) ==== @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 - * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.160 2003/05/07 05:26:27 rwatson Exp $ + * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.161 2003/08/21 18:39:16 rwatson Exp $ */ #include "opt_compat.h" @@ -488,10 +488,10 @@ mac_create_mbuf_from_socket(tp->t_inpcb->inp_socket, m); } else { /* - * XXXMAC: This will need to call a mac function that - * modifies the mbuf label in place for TCP datagrams - * not associated with a PCB. + * Packet is not associated with a socket, so possibly + * update the label in place. */ + mac_reflect_mbuf_tcp(m); } #endif nth->th_seq = htonl(seq); ==== //depot/projects/trustedbsd/base/sys/sys/mac.h#30 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/sys/mac.h,v 1.41 2003/08/21 13:52:59 rwatson Exp $ + * $FreeBSD: src/sys/sys/mac.h,v 1.42 2003/08/21 18:21:22 rwatson Exp $ */ /* * Userland/kernel interface for Mandatory Access Control. @@ -210,6 +210,8 @@ struct ifnet *ifnet, struct mbuf *newmbuf); void mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf); int mac_fragment_match(struct mbuf *fragment, struct ipq *ipq); +void mac_reflect_mbuf_icmp(struct mbuf *m); +void mac_reflect_mbuf_tcp(struct mbuf *m); void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq); /* ==== //depot/projects/trustedbsd/base/sys/sys/mac_policy.h#30 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/sys/mac_policy.h,v 1.42 2003/08/21 13:52:59 rwatson Exp $ + * $FreeBSD: src/sys/sys/mac_policy.h,v 1.43 2003/08/21 18:21:22 rwatson Exp $ */ /* * Kernel interface for MAC policy modules. @@ -241,6 +241,9 @@ int (*mpo_fragment_match)(struct mbuf *fragment, struct label *fragmentlabel, struct ipq *ipq, struct label *ipqlabel); + void (*mpo_reflect_mbuf_icmp)(struct mbuf *m, + struct label *mlabel); + void (*mpo_reflect_mbuf_tcp)(struct mbuf *m, struct label *mlabel); void (*mpo_relabel_ifnet)(struct ucred *cred, struct ifnet *ifnet, struct label *ifnetlabel, struct label *newlabel); void (*mpo_update_ipq)(struct mbuf *fragment,