PERFORCE change 113356 for review

Todd Miller millert at FreeBSD.org
Mon Jan 22 16:13:28 UTC 2007 

http://perforce.freebsd.org/chv.cgi?CH=113356

Change 113356 by millert at millert_macbook on 2007/01/22 16:12:58

	Implement mac_mbuf_label_associate_multicast_encap (could
	use a better name).

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_mroute.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/ip6_mroute.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#37 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#12 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#45 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#72 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_mroute.c#5 (text+ko) ====

@@ -1601,10 +1601,8 @@
     MGETHDR(mb_copy, M_DONTWAIT, MT_HEADER);
     if (mb_copy == NULL)
 	return;
-#ifdef __darwin8_notyet
 #ifdef MAC
-    mac_mbuf_create_multicast_encap(m, vifp->v_ifp, mb_copy);
-#endif
+    mac_mbuf_label_associate_multicast_encap(m, vifp->v_ifp, mb_copy);
 #endif
     mb_copy->m_data += max_linkhdr;
     mb_copy->m_len = sizeof(multicast_encap_iphdr);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/ip6_mroute.c#4 (text+ko) ====

@@ -1569,10 +1569,8 @@
 	MGETHDR(mm, M_DONTWAIT, MT_HEADER);
 	if (mm == NULL)
 		return ENOBUFS;
-#ifdef __darwin8_notyet
 #ifdef MAC
-	mac_mbuf_create_multicast_encap(m, mif->m6_ifp, mm);
-#endif
+	mac_mbuf_label_associate_multicast_encap(m, mif->m6_ifp, mm);
 #endif
 	mm->m_pkthdr.rcvif = NULL;
 	mm->m_data += max_linkhdr;

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#37 (text+ko) ====

@@ -185,6 +185,8 @@
 void	mac_mbuf_label_associate_inpcb(struct inpcb *inp, struct mbuf *m);
 void	mac_mbuf_label_associate_ipq(struct ipq *ipq, struct mbuf *mbuf);
 void	mac_mbuf_label_associate_linklayer(struct ifnet *ifp, struct mbuf *m);
+void	mac_mbuf_label_associate_multicast_encap(struct mbuf *oldmbuf,
+	    struct ifnet *ifp, struct mbuf *newmbuf);
 void	mac_mbuf_label_associate_netlayer(struct mbuf *oldmbuf,
 	    struct mbuf *newmbuf);
 void	mac_mbuf_label_associate_socket(struct socket *so, struct mbuf *m);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#12 (text+ko) ====

@@ -335,6 +335,21 @@
 }
 
 void
+mac_mbuf_label_associate_multicast_encap(struct mbuf *oldmbuf,
+    struct ifnet *ifp, struct mbuf *newmbuf)
+{
+	struct label *oldmbuflabel, *newmbuflabel;
+
+	oldmbuflabel = mac_mbuf_to_label(oldmbuf);
+	newmbuflabel = mac_mbuf_to_label(newmbuf);
+
+	/* ifp must be locked */
+
+	MAC_PERFORM(mbuf_label_associate_multicast_encap, oldmbuf, oldmbuflabel,
+	    ifp, ifp->if_label, newmbuf, newmbuflabel);
+}
+
+void
 mac_mbuf_label_associate_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf)
 {
 	struct label *oldmbuflabel, *newmbuflabel;

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#45 (text+ko) ====

@@ -1443,6 +1443,28 @@
 );
 /**
  @brief Assign a label to a new mbuf
+ @param oldmbuf mbuf headerder for existing datagram for existing datagram
+ @param oldmbuflabel Policy label for oldmbuf
+ @param ifp Network interface
+ @param ifplabel Policy label for ifp
+ @param newmbuf mbuf header to be labeled for new datagram
+ @param newmbuflabel Policy label for newmbuf
+
+ Set the label on the mbuf header of a newly created datagram
+ generated from the existing passed datagram when it is processed
+ by the passed multicast encapsulation interface. This call is made
+ when an mbuf is to be delivered using the virtual interface.
+*/
+typedef void mpo_mbuf_label_associate_multicast_encap_t(
+	struct mbuf *oldmbuf,
+	struct label *oldmbuflabel,
+	struct ifnet *ifp,
+	struct label *ifplabel,
+	struct mbuf *newmbuf,
+	struct label *newmbuflabel
+);
+/**
+ @brief Assign a label to a new mbuf
  @param oldmbuf Received datagram
  @param oldmbuflabel Policy label for oldmbuf
  @param newmbuf Newly created datagram
@@ -5566,6 +5588,7 @@
 	mpo_mbuf_label_associate_inpcb_t	*mpo_mbuf_label_associate_inpcb;
 	mpo_mbuf_label_associate_ipq_t		*mpo_mbuf_label_associate_ipq;
 	mpo_mbuf_label_associate_linklayer_t	*mpo_mbuf_label_associate_linklayer;
+	mpo_mbuf_label_associate_multicast_encap_t *mpo_mbuf_label_associate_multicast_encap;
 	mpo_mbuf_label_associate_netlayer_t	*mpo_mbuf_label_associate_netlayer;
 	mpo_mbuf_label_associate_socket_t	*mpo_mbuf_label_associate_socket;
 	mpo_mbuf_label_copy_t			*mpo_mbuf_label_copy;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#72 (text+ko) ====

@@ -953,6 +953,15 @@
 }
 
 static void
+sebsd_mbuf_label_associate_multicast_encap(struct mbuf *oldmbuf,
+    struct label *oldmbuflabel, struct mbuf *newmbuf,
+    struct label *newmbuflabel)
+{
+
+	sebsd_label_copy(oldmbuflabel, newmbuflabel);
+}
+
+static void
 sebsd_mbuf_label_associate_inpcb(struct inpcb *inp, struct label *ilabel,
     struct mbuf *m, struct label *mlabel)
 {
@@ -3592,6 +3601,7 @@
 	.mpo_mbuf_label_associate_inpcb = sebsd_mbuf_label_associate_inpcb,
 	.mpo_mbuf_label_associate_ipq = sebsd_mbuf_label_associate_ipq,
 	.mpo_mbuf_label_associate_linklayer = sebsd_mbuf_label_associate_linklayer,
+	.mpo_mbuf_label_associate_multicast_encap = sebsd_mbuf_label_associate_multicast_encap,
 	.mpo_mbuf_label_associate_netlayer = sebsd_mbuf_label_associate_netlayer,
 	.mpo_mbuf_label_associate_socket = sebsd_mbuf_label_associate_socket,
 	.mpo_mbuf_label_copy = sebsd_label_copy,

More information about the trustedbsd-cvs mailing list