PERFORCE change 29098 for review

Wed Apr 16 22:25:04 GMT 2003

http://perforce.freebsd.org/chv.cgi?CH=29098

Change 29098 by rwatson at rwatson_tislabs on 2003/04/16 15:24:52

	Add socket and mbuf arguments to tcp_twrespond(): this guarantees us
	a source of a label for use when generating a TCP packet.  This
	prevent panics due to a lack of a useful label in the resulting
	mbuf.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/netinet/tcp_input.c#37 edit
.. //depot/projects/trustedbsd/mac/sys/netinet/tcp_subr.c#30 edit
.. //depot/projects/trustedbsd/mac/sys/netinet/tcp_var.h#11 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_input.c#37 (text+ko) ====

@@ -2931,7 +2931,7 @@
 	 */
 	if (thflags != TH_ACK || tlen != 0 || 
 	    th->th_seq != tw->rcv_nxt || th->th_ack != tw->snd_nxt)
-		tcp_twrespond(tw, TH_ACK);
+		tcp_twrespond(tw, NULL, m, TH_ACK);
 	goto drop;
 
 reset:

==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_subr.c#30 (text+ko) ====

@@ -1648,16 +1648,16 @@
 	}
 	tcp_discardcb(tp);
 	so = inp->inp_socket;
-	so->so_pcb = NULL;
 	tw->tw_cred = crhold(so->so_cred);
 	tw->tw_so_options = so->so_options;
+	if (acknow)
+		tcp_twrespond(tw, so, NULL, TH_ACK);
+	so->so_pcb = NULL;
 	sotryfree(so);
 	inp->inp_socket = NULL;
 	inp->inp_ppcb = (caddr_t)tw;
 	inp->inp_vflag |= INP_TIMEWAIT;
 	tcp_timer_2msl_reset(tw, tw_time);
-	if (acknow)
-		tcp_twrespond(tw, TH_ACK);
 	INP_UNLOCK(inp);
 }
 
@@ -1684,19 +1684,12 @@
 }
 
 /*
- * XXXMAC: Really, we need to pass in the mbuf we are responding to
- * so that we have a label to assign to the outgoing packet here.
- * Question: will one always be available?  Should we pass in the
- * socket in the twstart case?  Perhaps:
- *
- * tcp_twrespond(struct tcptw *tw, struct socket *so, struct mbuf *m,
- *     int flags)
- *
- * Where one of the socket or mbuf must be non-NULL so as to provide
- * a label.
+ * One of so and msrc must be non-NULL for use by the MAC Framework to
+ * construct a label for ay resulting packet.
  */
 int
-tcp_twrespond(struct tcptw *tw, int flags)
+tcp_twrespond(struct tcptw *tw, struct socket *so, struct mbuf *msrc,
+    int flags)
 {
 	struct inpcb *inp = tw->tw_inpcb;
 	struct tcphdr *th;
@@ -1710,19 +1703,20 @@
 	int isipv6 = inp->inp_inc.inc_isipv6;
 #endif
 
+	KASSERT(so != NULL || msrc != NULL,
+	    ("tcp_twrespond: so and msrc NULL"));
+
 	m = m_gethdr(M_DONTWAIT, MT_HEADER);
 	if (m == NULL)
 		return (ENOBUFS);
 	m->m_data += max_linkhdr;
 
-#if 0
 #ifdef MAC
 	if (so != NULL)
 		mac_create_mbuf_from_socket(so, m);
 	else
 		mac_create_mbuf_netlayer(msrc, m);
 #endif
-#endif
 
 #ifdef INET6
 	if (isipv6) {

==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_var.h#11 (text+ko) ====

@@ -490,7 +490,7 @@
 	 tcp_quench(struct inpcb *, int);
 void	 tcp_respond(struct tcpcb *, void *,
 	    struct tcphdr *, struct mbuf *, tcp_seq, tcp_seq, int);
-int	 tcp_twrespond(struct tcptw *, int);
+int	 tcp_twrespond(struct tcptw *, struct socket *, struct mbuf *, int);
 struct rtentry *
 	 tcp_rtlookup(struct in_conninfo *);
 void	 tcp_setpersist(struct tcpcb *);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

