cvs commit: src/sys/kern kern_mac.c src/sys/sys mac.h
mac_policy.h
Robert Watson
rwatson at FreeBSD.org
Thu Aug 21 11:38:54 PDT 2003
FYI, this commit was slightly mis-ordered: I meant to commit it shortly
before a couple of the recent module commits, and realized afterwards that
I'd skipped it. As a result, there may have been a short window where MAC
modules depended on changes in mac_policy.h and mac.h that weren't yet
present. Hope this didn't cause too much inconvenience!
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
On Thu, 21 Aug 2003, Robert Watson wrote:
> rwatson 2003/08/21 11:21:22 PDT
>
> FreeBSD src repository
>
> Modified files:
> sys/kern kern_mac.c
> sys/sys mac.h mac_policy.h
> Log:
> Introduce two new MAC Framework and MAC policy entry points:
>
> mac_reflect_mbuf_icmp()
> mac_reflect_mbuf_tcp()
>
> These entry points permit MAC policies to do "update in place"
> changes to the labels on ICMP and TCP mbuf headers when an ICMP or
> TCP response is generated to a packet outside of the context of
> an existing socket. For example, in respond to a ping or a RST
> packet to a SYN on a closed port.
>
> Obtained from: TrustedBSD Project
> Sponsored by: DARPA, Network Associates Laboratories
>
> Revision Changes Path
> 1.97 +19 -0 src/sys/kern/kern_mac.c
> 1.42 +2 -0 src/sys/sys/mac.h
> 1.43 +3 -0 src/sys/sys/mac_policy.h
>
More information about the cvs-src
mailing list