| mac_inet.c (179359) | mac_inet.c (179781) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2004 Networks Associates Technology, Inc. 5 * Copyright (c) 2006 SPARTA, Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson and Ilmar Habibulin for the --- 25 unchanged lines hidden (view full) --- 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 */ 40 41#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2004 Networks Associates Technology, Inc. 5 * Copyright (c) 2006 SPARTA, Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson and Ilmar Habibulin for the --- 25 unchanged lines hidden (view full) --- 34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 * SUCH DAMAGE. 39 */ 40 41#include <sys/cdefs.h> |
| 42__FBSDID("$FreeBSD: head/sys/security/mac/mac_inet.c 179359 2008-05-27 14:18:02Z csjp $"); | 42__FBSDID("$FreeBSD: head/sys/security/mac/mac_inet.c 179781 2008-06-13 22:14:15Z rwatson $"); |
| 43 44#include "opt_mac.h" 45 46#include <sys/param.h> 47#include <sys/kernel.h> 48#include <sys/lock.h> 49#include <sys/malloc.h> 50#include <sys/mutex.h> --- 61 unchanged lines hidden (view full) --- 112 MAC_PERFORM(ipq_destroy_label, label); 113 mac_labelzone_free(label); 114 return (NULL); 115 } 116 return (label); 117} 118 119int | 43 44#include "opt_mac.h" 45 46#include <sys/param.h> 47#include <sys/kernel.h> 48#include <sys/lock.h> 49#include <sys/malloc.h> 50#include <sys/mutex.h> --- 61 unchanged lines hidden (view full) --- 112 MAC_PERFORM(ipq_destroy_label, label); 113 mac_labelzone_free(label); 114 return (NULL); 115 } 116 return (label); 117} 118 119int |
| 120mac_ipq_init(struct ipq *ipq, int flag) | 120mac_ipq_init(struct ipq *q, int flag) |
| 121{ 122 | 121{ 122 |
| 123 ipq->ipq_label = mac_ipq_label_alloc(flag); 124 if (ipq->ipq_label == NULL) | 123 q->ipq_label = mac_ipq_label_alloc(flag); 124 if (q->ipq_label == NULL) |
| 125 return (ENOMEM); 126 return (0); 127} 128 129static void 130mac_inpcb_label_free(struct label *label) 131{ 132 --- 13 unchanged lines hidden (view full) --- 146mac_ipq_label_free(struct label *label) 147{ 148 149 MAC_PERFORM(ipq_destroy_label, label); 150 mac_labelzone_free(label); 151} 152 153void | 125 return (ENOMEM); 126 return (0); 127} 128 129static void 130mac_inpcb_label_free(struct label *label) 131{ 132 --- 13 unchanged lines hidden (view full) --- 146mac_ipq_label_free(struct label *label) 147{ 148 149 MAC_PERFORM(ipq_destroy_label, label); 150 mac_labelzone_free(label); 151} 152 153void |
| 154mac_ipq_destroy(struct ipq *ipq) | 154mac_ipq_destroy(struct ipq *q) |
| 155{ 156 | 155{ 156 |
| 157 mac_ipq_label_free(ipq->ipq_label); 158 ipq->ipq_label = NULL; | 157 mac_ipq_label_free(q->ipq_label); 158 q->ipq_label = NULL; |
| 159} 160 161void 162mac_inpcb_create(struct socket *so, struct inpcb *inp) 163{ 164 165 MAC_PERFORM(inpcb_create, so, so->so_label, inp, inp->inp_label); 166} 167 168void | 159} 160 161void 162mac_inpcb_create(struct socket *so, struct inpcb *inp) 163{ 164 165 MAC_PERFORM(inpcb_create, so, so->so_label, inp, inp->inp_label); 166} 167 168void |
| 169mac_ipq_reassemble(struct ipq *ipq, struct mbuf *m) | 169mac_ipq_reassemble(struct ipq *q, struct mbuf *m) |
| 170{ 171 struct label *label; 172 173 label = mac_mbuf_to_label(m); 174 | 170{ 171 struct label *label; 172 173 label = mac_mbuf_to_label(m); 174 |
| 175 MAC_PERFORM(ipq_reassemble, ipq, ipq->ipq_label, m, label); | 175 MAC_PERFORM(ipq_reassemble, q, q->ipq_label, m, label); |
| 176} 177 178void 179mac_netinet_fragment(struct mbuf *m, struct mbuf *frag) 180{ 181 struct label *mlabel, *fraglabel; 182 183 mlabel = mac_mbuf_to_label(m); 184 fraglabel = mac_mbuf_to_label(frag); 185 186 MAC_PERFORM(netinet_fragment, m, mlabel, frag, fraglabel); 187} 188 189void | 176} 177 178void 179mac_netinet_fragment(struct mbuf *m, struct mbuf *frag) 180{ 181 struct label *mlabel, *fraglabel; 182 183 mlabel = mac_mbuf_to_label(m); 184 fraglabel = mac_mbuf_to_label(frag); 185 186 MAC_PERFORM(netinet_fragment, m, mlabel, frag, fraglabel); 187} 188 189void |
| 190mac_ipq_create(struct mbuf *m, struct ipq *ipq) | 190mac_ipq_create(struct mbuf *m, struct ipq *q) |
| 191{ 192 struct label *label; 193 194 label = mac_mbuf_to_label(m); 195 | 191{ 192 struct label *label; 193 194 label = mac_mbuf_to_label(m); 195 |
| 196 MAC_PERFORM(ipq_create, m, label, ipq, ipq->ipq_label); | 196 MAC_PERFORM(ipq_create, m, label, q, q->ipq_label); |
| 197} 198 199void 200mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m) 201{ 202 struct label *mlabel; 203 204 INP_LOCK_ASSERT(inp); 205 mlabel = mac_mbuf_to_label(m); 206 207 MAC_PERFORM(inpcb_create_mbuf, inp, inp->inp_label, m, mlabel); 208} 209 210int | 197} 198 199void 200mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m) 201{ 202 struct label *mlabel; 203 204 INP_LOCK_ASSERT(inp); 205 mlabel = mac_mbuf_to_label(m); 206 207 MAC_PERFORM(inpcb_create_mbuf, inp, inp->inp_label, m, mlabel); 208} 209 210int |
| 211mac_ipq_match(struct mbuf *m, struct ipq *ipq) | 211mac_ipq_match(struct mbuf *m, struct ipq *q) |
| 212{ 213 struct label *label; 214 int result; 215 216 label = mac_mbuf_to_label(m); 217 218 result = 1; | 212{ 213 struct label *label; 214 int result; 215 216 label = mac_mbuf_to_label(m); 217 218 result = 1; |
| 219 MAC_BOOLEAN(ipq_match, &&, m, label, ipq, ipq->ipq_label); | 219 MAC_BOOLEAN(ipq_match, &&, m, label, q, q->ipq_label); |
| 220 221 return (result); 222} 223 224void 225mac_netinet_arp_send(struct ifnet *ifp, struct mbuf *m) 226{ 227 struct label *mlabel; --- 45 unchanged lines hidden (view full) --- 273 struct label *label; 274 275 label = mac_mbuf_to_label(m); 276 277 MAC_PERFORM(netinet_tcp_reply, m, label); 278} 279 280void | 220 221 return (result); 222} 223 224void 225mac_netinet_arp_send(struct ifnet *ifp, struct mbuf *m) 226{ 227 struct label *mlabel; --- 45 unchanged lines hidden (view full) --- 273 struct label *label; 274 275 label = mac_mbuf_to_label(m); 276 277 MAC_PERFORM(netinet_tcp_reply, m, label); 278} 279 280void |
| 281mac_ipq_update(struct mbuf *m, struct ipq *ipq) | 281mac_ipq_update(struct mbuf *m, struct ipq *q) |
| 282{ 283 struct label *label; 284 285 label = mac_mbuf_to_label(m); 286 | 282{ 283 struct label *label; 284 285 label = mac_mbuf_to_label(m); 286 |
| 287 MAC_PERFORM(ipq_update, m, label, ipq, ipq->ipq_label); | 287 MAC_PERFORM(ipq_update, m, label, q, q->ipq_label); |
| 288} 289 290int 291mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m) 292{ 293 struct label *label; 294 int error; 295 --- 100 unchanged lines hidden --- | 288} 289 290int 291mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m) 292{ 293 struct label *label; 294 int error; 295 --- 100 unchanged lines hidden --- |