PERFORCE change 33526 for review

Sun Jun 22 15:41:39 GMT 2003

http://perforce.freebsd.org/chv.cgi?CH=33526

Change 33526 by rwatson at rwatson_powerbook on 2003/06/22 08:40:46

	Rewrite MAC mbuf code to hold the mbuf label in the mbuf header, as
	that's easier in the short term than adding m_tags to Darwin.
	However, we might want to do that at a later date instead.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#9 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#9 (text+ko) ====

@@ -747,8 +747,11 @@
 	struct m_tag *tag;
 	struct label *label;
 
+#if 0
 	tag = m_tag_find(mbuf, PACKET_TAG_MACLABEL, NULL);
 	label = (struct label *)(tag+1);
+#endif
+	label = &mbuf->m_pkthdr.label;
 
 	return (label);
 }
@@ -851,6 +854,7 @@
 	return (error);
 }
 
+#if 0
 int
 mac_init_mbuf_tag(struct m_tag *tag, int flag)
 {
@@ -871,6 +875,7 @@
 #endif
 	return (error);
 }
+#endif
 
 int
 mac_init_mbuf(struct mbuf *m, int flag)
@@ -880,6 +885,7 @@
 
 	M_ASSERTPKTHDR(m);
 
+#if 0
 #ifndef MAC_ALWAYS_LABEL_MBUF
 	/*
 	 * Don't reserve space for labels on mbufs unless we have a policy
@@ -900,7 +906,19 @@
 #ifndef MAC_ALWAYS_LABEL_MBUF
 	}
 #endif
-	return (0);
+#else
+	mac_init_label(&m->m_pkthdr.label);
+	MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
+	if (error) {
+		MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
+		mac_destroy(&m->m_pkthdr.label);
+	}
+#ifdef MAC_DEBUG
+	if (error == 0)
+		atomic_add_int(&nmacmbufs, 1);
+#endif
+#endif
+	return (error);
 }
 
 void
@@ -1094,14 +1112,11 @@
 }
 
 void
-mac_destroy_mbuf_tag(struct m_tag *tag)
+mac_destroy_mbuf(struct mbuf *m)
 {
-	struct label *label;
 
-	label = (struct label *)(tag+1);
-
-	MAC_PERFORM(destroy_mbuf_label, label);
-	mac_destroy_label(label);
+	MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
+	mac_destroy_label(&mk->m_pkthdr.label);
 #ifdef MAC_DEBUG
 	atomic_subtract_int(&nmacmbufs, 1);
 #endif
@@ -1198,18 +1213,10 @@
 }
 
 void
-mac_copy_mbuf_tag(struct m_tag *src, struct m_tag *dest)
+mac_copy_mbuf(struct mbuf *src, struct dst *dest)
 {
-	struct label *src_label, *dest_label;
 
-	src_label = (struct label *)(src+1);
-	dest_label = (struct label *)(dest+1);
-
-	/*
-	 * mac_init_mbuf_tag() is called on the target tag in
-	 * m_tag_copy(), so we don't need to call it here.
-	 */
-	MAC_PERFORM(copy_mbuf_label, src_label, dest_label);
+	MAC_PERFORM(copy_mbuf_label, &src->m_pkthdr.label, &dst->m_pkthdr.label);
 }
 
 #if 0
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

