Rename 'mac_mbuf_create_from_firewall' to 'mac_netinet_firewall_send' as

we move towards netinet as a pseudo-object for the MAC Framework.

Rename 'mac_create_mbuf_linklayer' to 'mac_mbuf_create_linklayer' to
reflect general object-first ordering preference.

Sponsored by:	SPARTA (original patches against Mac OS X)
Obtained from:	TrustedBSD Project, Apple Computer

sys/contrib/pf/net/pf.c

@@ -1820,7 +1820,7 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
 	if (replyto)
 		mac_mbuf_create_netlayer(replyto, m);
 	else
-		mac_mbuf_create_from_firewall(m);
+		mac_netinet_firewall_send(m);
 #else
 	(void)replyto;
 #endif

sys/netatalk/aarp.c

@@ -177,7 +177,7 @@ aarpwhohas(struct ifnet *ifp, struct sockaddr_at *sat)
 	if (m == NULL)
 		return;
 #ifdef MAC
-	mac_create_mbuf_linklayer(ifp, m);
+	mac_mbuf_create_linklayer(ifp, m);
 #endif
 	m->m_len = sizeof(*ea);
 	m->m_pkthdr.len = sizeof(*ea);
@@ -602,7 +602,7 @@ aarpprobe(void *arg)
 	if (m == NULL)
 		return;
 #ifdef MAC
-	mac_create_mbuf_linklayer(ifp, m);
+	mac_mbuf_create_linklayer(ifp, m);
 #endif
 	m->m_len = sizeof(*ea);
 	m->m_pkthdr.len = sizeof(*ea);

sys/netinet/if_ether.c

@@ -323,7 +323,7 @@ arprequest(struct ifnet *ifp, struct in_addr *sip, struct in_addr *tip,
 	ah = mtod(m, struct arphdr *);
 	bzero((caddr_t)ah, m->m_len);
 #ifdef MAC
-	mac_create_mbuf_linklayer(ifp, m);
+	mac_mbuf_create_linklayer(ifp, m);
 #endif
 	ah->ar_pro = htons(ETHERTYPE_IP);
 	ah->ar_hln = ifp->if_addrlen;		/* hardware address length */

sys/netinet/igmp.c

@@ -471,7 +471,7 @@ igmp_sendpkt(struct in_multi *inm, int type, unsigned long addr)
 
 	m->m_pkthdr.rcvif = loif;
 #ifdef MAC
-	mac_create_mbuf_linklayer(inm->inm_ifp, m);
+	mac_mbuf_create_linklayer(inm->inm_ifp, m);
 #endif
 	m->m_pkthdr.len = sizeof(struct ip) + IGMP_MINLEN;
 	MH_ALIGN(m, IGMP_MINLEN + sizeof(struct ip));

sys/netinet/ip_fw2.c

@@ -1621,7 +1621,7 @@ send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq,
 	if (replyto != NULL)
 		mac_mbuf_create_netlayer(replyto, m);
 	else
-		mac_mbuf_create_from_firewall(m);
+		mac_netinet_firewall_send(m);
 #else
 	(void)replyto;		/* don't warn about unused arg */
 #endif

sys/netinet6/nd6.c

@@ -2114,7 +2114,7 @@ nd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m0,
 	}
 
 #ifdef MAC
-	mac_create_mbuf_linklayer(ifp, m);
+	mac_mbuf_create_linklayer(ifp, m);
 #endif
 	if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
 		return ((*ifp->if_output)(origifp, m, (struct sockaddr *)dst,

sys/security/mac/mac_framework.h

@@ -147,8 +147,7 @@ int	mac_kld_check_load(struct ucred *cred, struct vnode *vp);
 int	mac_kld_check_stat(struct ucred *cred);
 
 void	mac_mbuf_copy(struct mbuf *, struct mbuf *);
-void	mac_mbuf_create_from_firewall(struct mbuf *m);
-void	mac_create_mbuf_linklayer(struct ifnet *ifp, struct mbuf *m);
+void	mac_mbuf_create_linklayer(struct ifnet *ifp, struct mbuf *m);
 void	mac_mbuf_create_multicast_encap(struct mbuf *m, struct ifnet *ifp,
 	    struct mbuf *mnew);
 void	mac_mbuf_create_netlayer(struct mbuf *m, struct mbuf *mnew);
@@ -163,6 +162,7 @@ void	mac_mount_create(struct ucred *cred, struct mount *mp);
 void	mac_mount_destroy(struct mount *);
 void	mac_mount_init(struct mount *);
 
+void	mac_netinet_firewall_send(struct mbuf *m);
 void	mac_netinet_fragment(struct mbuf *m, struct mbuf *frag);
 void	mac_netinet_icmp_reply(struct mbuf *m);
 void	mac_netinet_tcp_reply(struct mbuf *m);

sys/security/mac/mac_inet.c

@@ -276,13 +276,13 @@ mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp)
 }
 
 void
-mac_mbuf_create_from_firewall(struct mbuf *m)
+mac_netinet_firewall_send(struct mbuf *m)
 {
 	struct label *label;
 
 	M_ASSERTPKTHDR(m);
 	label = mac_mbuf_to_label(m);
-	MAC_PERFORM(mbuf_create_from_firewall, m, label);
+	MAC_PERFORM(netinet_firewall_send, m, label);
 }
 
 /*

sys/security/mac/mac_net.c

@@ -310,14 +310,14 @@ mac_bpfdesc_create_mbuf(struct bpf_d *d, struct mbuf *m)
 }
 
 void
-mac_create_mbuf_linklayer(struct ifnet *ifp, struct mbuf *m)
+mac_mbuf_create_linklayer(struct ifnet *ifp, struct mbuf *m)
 {
 	struct label *label;
 
 	label = mac_mbuf_to_label(m);
 
 	MAC_IFNET_LOCK(ifp);
-	MAC_PERFORM(create_mbuf_linklayer, ifp, ifp->if_label, m, label);
+	MAC_PERFORM(mbuf_create_linklayer, ifp, ifp->if_label, m, label);
 	MAC_IFNET_UNLOCK(ifp);
 }
 

sys/security/mac/mac_policy.h

@@ -221,9 +221,7 @@ typedef int	(*mpo_kld_check_stat_t)(struct ucred *cred);
 
 typedef void	(*mpo_mbuf_copy_label_t)(struct label *src,
 		    struct label *dest);
-typedef	void	(*mpo_mbuf_create_from_firewall_t)(struct mbuf *m,
-		    struct label *label);
-typedef void	(*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp,
+typedef void	(*mpo_mbuf_create_linklayer_t)(struct ifnet *ifp,
 		    struct label *ifplabel, struct mbuf *m,
 		    struct label *mlabel);
 typedef void	(*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m,
@@ -243,6 +241,8 @@ typedef void	(*mpo_mount_create_t)(struct ucred *cred, struct mount *mp,
 typedef void	(*mpo_mount_destroy_label_t)(struct label *label);
 typedef void	(*mpo_mount_init_label_t)(struct label *label);
 
+typedef	void	(*mpo_netinet_firewall_send_t)(struct mbuf *m,
+		    struct label *mlabel);
 typedef void	(*mpo_netinet_fragment_t)(struct mbuf *m,
 		    struct label *mlabel, struct mbuf *frag,
 		    struct label *fraglabel);
@@ -678,8 +678,7 @@ struct mac_policy_ops {
 	mpo_kld_check_stat_t			mpo_kld_check_stat;
 
 	mpo_mbuf_copy_label_t			mpo_mbuf_copy_label;
-	mpo_mbuf_create_from_firewall_t		mpo_mbuf_create_from_firewall;
-	mpo_create_mbuf_linklayer_t		mpo_create_mbuf_linklayer;
+	mpo_mbuf_create_linklayer_t		mpo_mbuf_create_linklayer;
 	mpo_mbuf_create_multicast_encap_t	mpo_mbuf_create_multicast_encap;
 	mpo_mbuf_create_netlayer_t		mpo_mbuf_create_netlayer;
 	mpo_mbuf_destroy_label_t		mpo_mbuf_destroy_label;
@@ -690,6 +689,7 @@ struct mac_policy_ops {
 	mpo_mount_destroy_label_t		mpo_mount_destroy_label;
 	mpo_mount_init_label_t			mpo_mount_init_label;
 
+	mpo_netinet_firewall_send_t		mpo_netinet_firewall_send;
 	mpo_netinet_fragment_t			mpo_netinet_fragment;
 	mpo_netinet_icmp_reply_t		mpo_netinet_icmp_reply;
 	mpo_netinet_tcp_reply_t			mpo_netinet_tcp_reply;

sys/security/mac_biba/mac_biba.c

@@ -1268,7 +1268,7 @@ biba_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
 }
 
 static void
-biba_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
+biba_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel,
     struct mbuf *m, struct label *mlabel)
 {
 	struct mac_biba *dest;
@@ -1372,13 +1372,13 @@ biba_inpcb_sosetlabel(struct socket *so, struct label *solabel,
 }
 
 static void
-biba_mbuf_create_from_firewall(struct mbuf *m, struct label *label)
+biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
 {
 	struct mac_biba *dest;
 
-	dest = SLOT(label);
+	dest = SLOT(mlabel);
 
-	/* XXX: where is the label for the firewall really comming from? */
+	/* XXX: where is the label for the firewall really coming from? */
 	biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
 }
 
@@ -3320,7 +3320,7 @@ static struct mac_policy_ops mac_biba_ops =
 	.mpo_sysvshm_create = biba_sysvshm_create,
 	.mpo_ipq_create = biba_ipq_create,
 	.mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf,
-	.mpo_create_mbuf_linklayer = biba_create_mbuf_linklayer,
+	.mpo_mbuf_create_linklayer = biba_mbuf_create_linklayer,
 	.mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf,
 	.mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf,
 	.mpo_mbuf_create_multicast_encap = biba_mbuf_create_multicast_encap,
@@ -3412,7 +3412,7 @@ static struct mac_policy_ops mac_biba_ops =
 	.mpo_vnode_check_stat = biba_vnode_check_stat,
 	.mpo_vnode_check_unlink = biba_vnode_check_unlink,
 	.mpo_vnode_check_write = biba_vnode_check_write,
-	.mpo_mbuf_create_from_firewall = biba_mbuf_create_from_firewall,
+	.mpo_netinet_firewall_send = biba_netinet_firewall_send,
 	.mpo_priv_check = biba_priv_check,
 };
 

sys/security/mac_lomac/mac_lomac.c

@@ -1332,7 +1332,7 @@ lomac_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
 }
 
 static void
-lomac_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
+lomac_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel,
     struct mbuf *m, struct label *mlabel)
 {
 	struct mac_lomac *dest;
@@ -1457,7 +1457,7 @@ lomac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
 }
 
 static void
-lomac_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel)
+lomac_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
 {
 	struct mac_lomac *dest;
 
@@ -2878,7 +2878,7 @@ static struct mac_policy_ops lomac_ops =
 	.mpo_inpcb_create = lomac_inpcb_create,
 	.mpo_ipq_create = lomac_ipq_create,
 	.mpo_inpcb_create_mbuf = lomac_inpcb_create_mbuf,
-	.mpo_create_mbuf_linklayer = lomac_create_mbuf_linklayer,
+	.mpo_mbuf_create_linklayer = lomac_mbuf_create_linklayer,
 	.mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf,
 	.mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf,
 	.mpo_mbuf_create_multicast_encap = lomac_mbuf_create_multicast_encap,
@@ -2936,7 +2936,7 @@ static struct mac_policy_ops lomac_ops =
 	.mpo_vnode_check_unlink = lomac_vnode_check_unlink,
 	.mpo_vnode_check_write = lomac_vnode_check_write,
 	.mpo_thread_userret = lomac_thread_userret,
-	.mpo_mbuf_create_from_firewall = lomac_mbuf_create_from_firewall,
+	.mpo_netinet_firewall_send = lomac_netinet_firewall_send,
 	.mpo_priv_check = lomac_priv_check,
 };
 

sys/security/mac_mls/mac_mls.c

@@ -1190,7 +1190,7 @@ mls_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
 }
 
 static void
-mls_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
+mls_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel,
     struct mbuf *m, struct label *mlabel)
 {
 	struct mac_mls *dest;
@@ -1294,7 +1294,7 @@ mls_inpcb_sosetlabel(struct socket *so, struct label *solabel,
 }
 
 static void
-mls_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel)
+mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
 {
 	struct mac_mls *dest;
 
@@ -2947,7 +2947,7 @@ static struct mac_policy_ops mls_ops =
 	.mpo_sysvsem_create = mls_sysvsem_create,
 	.mpo_sysvshm_create = mls_sysvshm_create,
 	.mpo_inpcb_create_mbuf = mls_inpcb_create_mbuf,
-	.mpo_create_mbuf_linklayer = mls_create_mbuf_linklayer,
+	.mpo_mbuf_create_linklayer = mls_mbuf_create_linklayer,
 	.mpo_bpfdesc_create_mbuf = mls_bpfdesc_create_mbuf,
 	.mpo_ifnet_create_mbuf = mls_ifnet_create_mbuf,
 	.mpo_mbuf_create_multicast_encap = mls_mbuf_create_multicast_encap,
@@ -3035,7 +3035,7 @@ static struct mac_policy_ops mls_ops =
 	.mpo_vnode_check_stat = mls_vnode_check_stat,
 	.mpo_vnode_check_unlink = mls_vnode_check_unlink,
 	.mpo_vnode_check_write = mls_vnode_check_write,
-	.mpo_mbuf_create_from_firewall = mls_mbuf_create_from_firewall,
+	.mpo_netinet_firewall_send = mls_netinet_firewall_send,
 };
 
 MAC_POLICY_SET(&mls_ops, mac_mls, "TrustedBSD MAC/MLS",

sys/security/mac_stub/mac_stub.c

@@ -405,7 +405,7 @@ stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
 }
 
 static void
-stub_create_mbuf_linklayer(struct ifnet *ifp, struct label *iflpabel,
+stub_mbuf_create_linklayer(struct ifnet *ifp, struct label *iflpabel,
     struct mbuf *m, struct label *mlabel)
 {
 
@@ -441,7 +441,7 @@ stub_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel,
 }
 
 static void
-stub_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel)
+stub_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
 {
 
 }
@@ -1521,12 +1521,12 @@ static struct mac_policy_ops stub_ops =
 	.mpo_ipq_reassemble = stub_ipq_reassemble,
 	.mpo_netinet_fragment = stub_netinet_fragment,
 	.mpo_inpcb_create_mbuf = stub_inpcb_create_mbuf,
-	.mpo_create_mbuf_linklayer = stub_create_mbuf_linklayer,
+	.mpo_mbuf_create_linklayer = stub_mbuf_create_linklayer,
 	.mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf,
 	.mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf,
 	.mpo_mbuf_create_multicast_encap = stub_mbuf_create_multicast_encap,
 	.mpo_mbuf_create_netlayer = stub_mbuf_create_netlayer,
-	.mpo_mbuf_create_from_firewall = stub_mbuf_create_from_firewall,
+	.mpo_netinet_firewall_send = stub_netinet_firewall_send,
 	.mpo_ipq_match = stub_ipq_match,
 	.mpo_netinet_icmp_reply = stub_netinet_icmp_reply,
 	.mpo_netinet_tcp_reply = stub_netinet_tcp_reply,

sys/security/mac_test/mac_test.c

@@ -955,15 +955,15 @@ test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
 	COUNTER_INC(inpcb_create_mbuf);
 }
 
-COUNTER_DECL(create_mbuf_linklayer);
+COUNTER_DECL(mbuf_create_linklayer);
 static void
-test_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
+test_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel,
     struct mbuf *mbuf, struct label *mbuflabel)
 {
 
 	LABEL_CHECK(ifplabel, MAGIC_IFNET);
 	LABEL_CHECK(mbuflabel, MAGIC_MBUF);
-	COUNTER_INC(create_mbuf_linklayer);
+	COUNTER_INC(mbuf_create_linklayer);
 }
 
 COUNTER_DECL(bpfdesc_create_mbuf);
@@ -2561,7 +2561,7 @@ static struct mac_policy_ops test_ops =
 	.mpo_netinet_fragment = test_netinet_fragment,
 	.mpo_ipq_create = test_ipq_create,
 	.mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
-	.mpo_create_mbuf_linklayer = test_create_mbuf_linklayer,
+	.mpo_mbuf_create_linklayer = test_mbuf_create_linklayer,
 	.mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
 	.mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
 	.mpo_mbuf_create_multicast_encap = test_mbuf_create_multicast_encap,