From owner-p4-projects@FreeBSD.ORG  Mon Jan 22 15:32:57 2007
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 6B80016A406; Mon, 22 Jan 2007 15:32:57 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2AF4116A403
	for <perforce@freebsd.org>; Mon, 22 Jan 2007 15:32:57 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41])
	by mx1.freebsd.org (Postfix) with ESMTP id 19D6913C4C9
	for <perforce@freebsd.org>; Mon, 22 Jan 2007 15:32:57 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l0MFWujd014007
	for <perforce@freebsd.org>; Mon, 22 Jan 2007 15:32:56 GMT
	(envelope-from millert@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l0MFWubj013994
	for perforce@freebsd.org; Mon, 22 Jan 2007 15:32:56 GMT
	(envelope-from millert@freebsd.org)
Date: Mon, 22 Jan 2007 15:32:56 GMT
Message-Id: <200701221532.l0MFWubj013994@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	millert@freebsd.org using -f
From: Todd Miller <millert@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 113329 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jan 2007 15:32:57 -0000

http://perforce.freebsd.org/chv.cgi?CH=113329

Change 113329 by millert@millert_macbook on 2007/01/22 15:32:45

	Add mac_mbuf_label_associate_linklayer

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/ether_inet_pr_module.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/igmp.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/mld6.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/nd6.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#30 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#9 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#38 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#62 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/ether_inet_pr_module.c#4 (text+ko) ====

@@ -410,6 +410,10 @@
 	mbuf_prepend(&m, sizeof(*eh), MBUF_WAITOK);
 	eh = mbuf_data(m);
 	eh->ether_type = htons(ETHERTYPE_ARP);
+
+#ifdef MAC
+	mac_mbuf_label_associate_linklayer(ifp, m);
+#endif
 	
 	/* Fill out the arp header */
 	ea->arp_pro = htons(ETHERTYPE_IP);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/igmp.c#6 (text+ko) ====

@@ -492,11 +492,9 @@
                 return;
 
 	m->m_pkthdr.rcvif = loif;
-#ifdef __darwin8_notyet
 #ifdef MAC
 	mac_mbuf_label_associate_linklayer(inm->inm_ifp, m);
 #endif
-#endif
 	m->m_pkthdr.len = sizeof(struct ip) + IGMP_MINLEN;
 	MH_ALIGN(m, IGMP_MINLEN + sizeof(struct ip));
 	m->m_data += sizeof(struct ip);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/mld6.c#5 (text+ko) ====

@@ -427,10 +427,8 @@
 	mh->m_next = md;
 
 	mh->m_pkthdr.rcvif = NULL;
-#ifdef __darwin8_notyet
 #ifdef MAC
-	mac_mbuf_label_associate_linklayer(in6m->in6m_ifp, m);
-#endif
+	mac_mbuf_label_associate_linklayer(in6m->in6m_ifp, mh);
 #endif
 	mh->m_pkthdr.len = sizeof(struct ip6_hdr) + sizeof(struct mld6_hdr);
 	mh->m_len = sizeof(struct ip6_hdr);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/nd6.c#2 (text+ko) ====

@@ -2108,6 +2108,9 @@
 	m->m_pkthdr.csum_data = 0;
 	m->m_pkthdr.csum_flags = 0;
 
+#ifdef MAC
+	mac_mbuf_label_associate_linklayer(ifp, m);
+#endif
 	if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
 		m->m_pkthdr.rcvif = origifp; /* forwarding rules require the original scope_id */
 		if (locked)

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#30 (text+ko) ====

@@ -170,6 +170,7 @@
 void	mac_lctx_notify_leave(struct proc *proc, struct lctx *l);
 void	mac_mbuf_label_associate_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
 void	mac_mbuf_label_associate_ifnet(struct ifnet *ifp, struct mbuf *m);
+void	mac_mbuf_label_associate_linklayer(struct ifnet *ifp, struct mbuf *m);
 void	mac_mbuf_label_associate_socket(struct socket *so, struct mbuf *m);
 void	mac_mbuf_label_copy(struct mbuf *m_from, struct mbuf *m_to);
 void	mac_mbuf_label_destroy(struct mbuf *m);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#9 (text+ko) ====

@@ -330,6 +330,20 @@
 }
 
 void
+mac_mbuf_label_associate_linklayer(struct ifnet *ifp, struct mbuf *mbuf)
+{
+	struct label *m_label;
+
+	/* ifp must be locked */
+
+	m_label = mac_mbuf_to_label(mbuf);
+
+	/* Policy must deal with NULL label (unlabeled mbufs) */
+	MAC_PERFORM(mbuf_label_associate_linklayer, ifp, ifp->if_label, mbuf,
+	    m_label);
+}
+
+void
 mac_mbuf_label_associate_socket(struct socket *socket, struct mbuf *mbuf)
 {
 	struct label *label;

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#38 (text+ko) ====

@@ -1216,6 +1216,24 @@
 	struct label *m_label
 );
 /**
+ @brief Assign a label to a new mbuf
+ @param ifp Subject; network interface
+ @param i_label Existing label of ifp
+ @param m Object; mbuf
+ @param m_label Policy label to fill in for m
+
+ Set the label on the mbuf header of a newly created datagram
+ generated for the purposes of a link layer response for the passed
+ interface. This call may be made in a number of situations, including
+ for ARP or ND6 responses in the IPv4 and IPv6 stacks.
+*/
+typedef void mpo_mbuf_label_associate_linklayer_t(
+	struct ifnet *ifp,
+	struct label *i_label,
+	struct mbuf *m,
+	struct label *m_label
+);
+/**
   @brief Assign a label to a new mbuf
   @param xso Socket to label
   @param so_label Policy label for socket
@@ -5265,6 +5283,7 @@
 	mpo_lctx_notify_leave_t			*mpo_lctx_notify_leave;
 	mpo_mbuf_label_associate_bpfdesc_t	*mpo_mbuf_label_associate_bpfdesc;
 	mpo_mbuf_label_associate_ifnet_t	*mpo_mbuf_label_associate_ifnet;
+	mpo_mbuf_label_associate_linklayer_t	*mpo_mbuf_label_associate_linklayer;
 	mpo_mbuf_label_associate_socket_t	*mpo_mbuf_label_associate_socket;
 	mpo_mbuf_label_copy_t			*mpo_mbuf_label_copy;
 	mpo_mbuf_label_destroy_t		*mpo_mbuf_label_destroy;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#62 (text+ko) ====

@@ -3477,6 +3477,7 @@
 	.mpo_ifnet_label_update = sebsd_ifnet_label_update,
 	.mpo_mbuf_label_associate_bpfdesc = sebsd_mbuf_label_associate_bpfdesc,
 	.mpo_mbuf_label_associate_ifnet = sebsd_mbuf_label_associate_ifnet,
+	.mpo_mbuf_label_associate_linklayer = sebsd_mbuf_label_associate_ifnet,
 	.mpo_mbuf_label_associate_socket = sebsd_mbuf_label_associate_socket,
 	.mpo_mbuf_label_copy = sebsd_label_copy,
 	.mpo_mbuf_label_destroy = sebsd_label_destroy,