Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 17 Dec 2003 06:55:12 -0800 (PST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/sys/netinet tcp_subr.c src/sys/security/mac mac_net.c src/sys/security/mac_biba mac_biba.c src/sys/security/mac_lomac mac_lomac.c src/sys/security/mac_mls mac_mls.c src/sys/security/mac_stub mac_stub.c ...
Message-ID:  <200312171455.hBHEtC20020014@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
rwatson     2003/12/17 06:55:12 PST

  FreeBSD src repository

  Modified files:
    sys/netinet          tcp_subr.c 
    sys/security/mac     mac_net.c 
    sys/security/mac_biba mac_biba.c 
    sys/security/mac_lomac mac_lomac.c 
    sys/security/mac_mls mac_mls.c 
    sys/security/mac_stub mac_stub.c 
    sys/security/mac_test mac_test.c 
    sys/sys              mac.h mac_policy.h 
  Log:
  Switch TCP over to using the inpcb label when responding in timed
  wait, rather than the socket label.  This avoids reaching up to
  the socket layer during connection close, which requires locking
  changes.  To do this, introduce MAC Framework entry point
  mac_create_mbuf_from_inpcb(), which is called from tcp_twrespond()
  instead of calling mac_create_mbuf_from_socket() or
  mac_create_mbuf_netlayer().  Introduce MAC Policy entry point
  mpo_create_mbuf_from_inpcb(), and implementations for various
  policies, which generally just copy label data from the inpcb to
  the mbuf.  Assert the inpcb lock in the entry point since we
  require consistency for the inpcb label reference.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, Network Associates Laboratories
  
  Revision  Changes    Path
  1.170     +1 -4      src/sys/netinet/tcp_subr.c
  1.111     +11 -0     src/sys/security/mac/mac_net.c
  1.73      +13 -0     src/sys/security/mac_biba/mac_biba.c
  1.26      +13 -0     src/sys/security/mac_lomac/mac_lomac.c
  1.60      +13 -0     src/sys/security/mac_mls/mac_mls.c
  1.37      +8 -0      src/sys/security/mac_stub/mac_stub.c
  1.40      +10 -0     src/sys/security/mac_test/mac_test.c
  1.53      +1 -0      src/sys/sys/mac.h
  1.47      +3 -0      src/sys/sys/mac_policy.h

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312171455.hBHEtC20020014>