Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 31 Jul 2002 12:06:49 -0700 (PDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/sys/netinet tcp_input.c tcp_output.c tcp_subr.c tcp_syncache.c
Message-ID:  <200207311906.g6VJ6nC5030551@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
rwatson     2002/07/31 12:06:49 PDT

  Modified files:
    sys/netinet          tcp_input.c tcp_output.c tcp_subr.c 
                         tcp_syncache.c 
  Log:
  Introduce support for Mandatory Access Control and extensible
  kernel access control.
  
  Instrument the TCP socket code for packet generation and delivery:
  label outgoing mbufs with the label of the socket, and check socket and
  mbuf labels before permitting delivery to a socket.  Assign labels
  to newly accepted connections when the syncache/cookie code has done
  its business.  Also set peer labels as convenient.  Currently,
  MAC policies cannot influence the PCB matching algorithm, so cannot
  implement polyinstantiation.  Note that there is at least one case
  where a PCB is not available due to the TCP packet not being associated
  with any socket, so we don't label in that case, but need to handle
  it in a special manner.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, NAI Labs
  
  Revision  Changes    Path
  1.167     +13 -0     src/sys/netinet/tcp_input.c
  1.66      +5 -0      src/sys/netinet/tcp_output.c
  1.139     +17 -0     src/sys/netinet/tcp_subr.c
  1.24      +8 -0      src/sys/netinet/tcp_syncache.c

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207311906.g6VJ6nC5030551>