PERFORCE change 29085 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=29085

Change 29085 by rwatson at rwatson_tislabs on 2003/04/16 13:18:10

	Since the introduction of TCP wait state reduction,
	tcp_twrespond() has pulled an mbuf from its hat without
	labeling it before sending, resulting in invariants
	violations in the MAC code.  Add a commented out
	recommendation on how to address this, with some
	possible implementation (also commented out).

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/netinet/tcp_subr.c#28 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_subr.c#28 (text+ko) ====

@@ -1683,6 +1683,18 @@
 	return (NULL);
 }
 
+/*
+ * XXXMAC: Really, we need to pass in the mbuf we are responding to
+ * so that we have a label to assign to the outgoing packet here.
+ * Question: will one always be available?  Should we pass in the
+ * socket in the twstart case?  Perhaps:
+ *
+ * tcp_twrespond(struct tcptw *tw, struct socket *so, struct mbuf *m,
+ *     int flags)
+ *
+ * Where one of the socket or mbuf must be non-NULL so as to provide
+ * a label.
+ */
 int
 tcp_twrespond(struct tcptw *tw, int flags)
 {
@@ -1703,6 +1715,15 @@
 		return (ENOBUFS);
 	m->m_data += max_linkhdr;
 
+#ifdef 0
+#ifdef MAC
+	if (so != NULL)
+		mac_create_mbuf_from_socket(so, m);
+	else
+		mac_create_mbuf_netlayer(msrc, m);
+#endif
+#endif
+
 #ifdef INET6
 	if (isipv6) {
 		hdrlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message