mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-03 09:00:21 +00:00
Continue to move from generic network entry points in the TrustedBSD MAC
Framework by moving from mac_mbuf_create_netlayer() to more specific entry points for specific network services: - mac_netinet_firewall_reply() to be used when replying to in-bound TCP segments in pf and ipfw (etc). - Rename mac_netinet_icmp_reply() to mac_netinet_icmp_replyinplace() and add mac_netinet_icmp_reply(), reflecting that in some cases we overwrite a label in place, but in others we apply the label to a new mbuf. Obtained from: TrustedBSD Project
This commit is contained in:
Robert Watson
parent
c36b9f6253
commit
a13e21f7bc
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=173102
@ -1818,7 +1818,7 @@ pf_send_tcp(const struct pf_rule *r, sa_family_t af,
|
||||
#ifdef __FreeBSD__
|
||||
#ifdef MAC
|
||||
if (replyto)
|
||||
mac_mbuf_create_netlayer(replyto, m);
|
||||
mac_netinet_firewall_reply(replyto, m);
|
||||
else
|
||||
mac_netinet_firewall_send(m);
|
||||
#else
|
||||
|
||||
@ -1619,7 +1619,7 @@ send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq,
|
||||
|
||||
#ifdef MAC
|
||||
if (replyto != NULL)
|
||||
mac_mbuf_create_netlayer(replyto, m);
|
||||
mac_netinet_firewall_reply(replyto, m);
|
||||
else
|
||||
mac_netinet_firewall_send(m);
|
||||
#else
|
||||
|
||||
@ -221,7 +221,7 @@ stdreply: icmpelen = max(8, min(icmp_quotelen, oip->ip_len - oiphlen));
|
||||
if (m == NULL)
|
||||
goto freeit;
|
||||
#ifdef MAC
|
||||
mac_mbuf_create_netlayer(n, m);
|
||||
mac_netinet_icmp_reply(n, m);
|
||||
#endif
|
||||
icmplen = min(icmplen, M_TRAILINGSPACE(m) - sizeof(struct ip) - ICMP_MINLEN);
|
||||
m_align(m, ICMP_MINLEN + icmplen);
|
||||
@ -699,7 +699,7 @@ icmp_reflect(struct mbuf *m)
|
||||
}
|
||||
match:
|
||||
#ifdef MAC
|
||||
mac_netinet_icmp_reply(m);
|
||||
mac_netinet_icmp_replyinplace(m);
|
||||
#endif
|
||||
t = IA_SIN(ia)->sin_addr;
|
||||
ip->ip_src = t;
|
||||
|
||||
@ -154,7 +154,6 @@ int mac_kld_check_stat(struct ucred *cred);
|
||||
void mac_mbuf_copy(struct mbuf *, struct mbuf *);
|
||||
void mac_mbuf_create_multicast_encap(struct mbuf *m, struct ifnet *ifp,
|
||||
struct mbuf *mnew);
|
||||
void mac_mbuf_create_netlayer(struct mbuf *m, struct mbuf *mnew);
|
||||
int mac_mbuf_init(struct mbuf *, int);
|
||||
|
||||
void mac_mbuf_tag_copy(struct m_tag *, struct m_tag *);
|
||||
@ -169,9 +168,11 @@ void mac_mount_init(struct mount *);
|
||||
void mac_netatalk_aarp_send(struct ifnet *ifp, struct mbuf *m);
|
||||
|
||||
void mac_netinet_arp_send(struct ifnet *ifp, struct mbuf *m);
|
||||
void mac_netinet_firewall_reply(struct mbuf *mrecv, struct mbuf *msend);
|
||||
void mac_netinet_firewall_send(struct mbuf *m);
|
||||
void mac_netinet_fragment(struct mbuf *m, struct mbuf *frag);
|
||||
void mac_netinet_icmp_reply(struct mbuf *m);
|
||||
void mac_netinet_icmp_reply(struct mbuf *mrecv, struct mbuf *msend);
|
||||
void mac_netinet_icmp_replyinplace(struct mbuf *m);
|
||||
void mac_netinet_igmp_send(struct ifnet *ifp, struct mbuf *m);
|
||||
void mac_netinet_tcp_reply(struct mbuf *m);
|
||||
|
||||
|
||||
@ -234,13 +234,25 @@ mac_netinet_arp_send(struct ifnet *ifp, struct mbuf *m)
|
||||
}
|
||||
|
||||
void
|
||||
mac_netinet_icmp_reply(struct mbuf *m)
|
||||
mac_netinet_icmp_reply(struct mbuf *mrecv, struct mbuf *msend)
|
||||
{
|
||||
struct label *mrecvlabel, *msendlabel;
|
||||
|
||||
mrecvlabel = mac_mbuf_to_label(mrecv);
|
||||
msendlabel = mac_mbuf_to_label(msend);
|
||||
|
||||
MAC_PERFORM(netinet_icmp_reply, mrecv, mrecvlabel, msend,
|
||||
msendlabel);
|
||||
}
|
||||
|
||||
void
|
||||
mac_netinet_icmp_replyinplace(struct mbuf *m)
|
||||
{
|
||||
struct label *label;
|
||||
|
||||
label = mac_mbuf_to_label(m);
|
||||
|
||||
MAC_PERFORM(netinet_icmp_reply, m, label);
|
||||
MAC_PERFORM(netinet_icmp_replyinplace, m, label);
|
||||
}
|
||||
|
||||
void
|
||||
@ -299,6 +311,21 @@ mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp)
|
||||
MAC_PERFORM(inpcb_sosetlabel, so, so->so_label, inp, inp->inp_label);
|
||||
}
|
||||
|
||||
void
|
||||
mac_netinet_firewall_reply(struct mbuf *mrecv, struct mbuf *msend)
|
||||
{
|
||||
struct label *mrecvlabel, *msendlabel;
|
||||
|
||||
M_ASSERTPKTHDR(mrecv);
|
||||
M_ASSERTPKTHDR(msend);
|
||||
|
||||
mrecvlabel = mac_mbuf_to_label(mrecv);
|
||||
msendlabel = mac_mbuf_to_label(msend);
|
||||
|
||||
MAC_PERFORM(netinet_firewall_reply, mrecv, mrecvlabel, msend,
|
||||
msendlabel);
|
||||
}
|
||||
|
||||
void
|
||||
mac_netinet_firewall_send(struct mbuf *m)
|
||||
{
|
||||
|
||||
@ -334,17 +334,6 @@ mac_mbuf_create_multicast_encap(struct mbuf *m, struct ifnet *ifp,
|
||||
MAC_IFNET_UNLOCK(ifp);
|
||||
}
|
||||
|
||||
void
|
||||
mac_mbuf_create_netlayer(struct mbuf *m, struct mbuf *mnew)
|
||||
{
|
||||
struct label *mlabel, *mnewlabel;
|
||||
|
||||
mlabel = mac_mbuf_to_label(m);
|
||||
mnewlabel = mac_mbuf_to_label(mnew);
|
||||
|
||||
MAC_PERFORM(mbuf_create_netlayer, m, mlabel, mnew, mnewlabel);
|
||||
}
|
||||
|
||||
int
|
||||
mac_bpfdesc_check_receive(struct bpf_d *d, struct ifnet *ifp)
|
||||
{
|
||||
|
||||
@ -225,9 +225,6 @@ typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m,
|
||||
struct label *mlabel, struct ifnet *ifp,
|
||||
struct label *ifplabel, struct mbuf *mnew,
|
||||
struct label *mnewlabel);
|
||||
typedef void (*mpo_mbuf_create_netlayer_t)(struct mbuf *m,
|
||||
struct label *mlabel, struct mbuf *mnew,
|
||||
struct label *mnewlabel);
|
||||
typedef void (*mpo_mbuf_destroy_label_t)(struct label *label);
|
||||
typedef int (*mpo_mbuf_init_label_t)(struct label *label, int flag);
|
||||
|
||||
@ -245,12 +242,18 @@ typedef void (*mpo_netatalk_aarp_send_t)(struct ifnet *ifp,
|
||||
typedef void (*mpo_netinet_arp_send_t)(struct ifnet *ifp,
|
||||
struct label *ifplabel, struct mbuf *m,
|
||||
struct label *mlabel);
|
||||
typedef void (*mpo_netinet_firewall_reply_t)(struct mbuf *mrecv,
|
||||
struct label *mrecvlabel, struct mbuf *msend,
|
||||
struct label *msendlabel);
|
||||
typedef void (*mpo_netinet_firewall_send_t)(struct mbuf *m,
|
||||
struct label *mlabel);
|
||||
typedef void (*mpo_netinet_fragment_t)(struct mbuf *m,
|
||||
struct label *mlabel, struct mbuf *frag,
|
||||
struct label *fraglabel);
|
||||
typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *m,
|
||||
typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *mrecv,
|
||||
struct label *mrecvlabel, struct mbuf *msend,
|
||||
struct label *msendlabel);
|
||||
typedef void (*mpo_netinet_icmp_replyinplace_t)(struct mbuf *m,
|
||||
struct label *mlabel);
|
||||
typedef void (*mpo_netinet_igmp_send_t)(struct ifnet *ifp,
|
||||
struct label *ifplabel, struct mbuf *m,
|
||||
@ -690,7 +693,6 @@ struct mac_policy_ops {
|
||||
|
||||
mpo_mbuf_copy_label_t mpo_mbuf_copy_label;
|
||||
mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap;
|
||||
mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer;
|
||||
mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label;
|
||||
mpo_mbuf_init_label_t mpo_mbuf_init_label;
|
||||
|
||||
@ -702,9 +704,11 @@ struct mac_policy_ops {
|
||||
mpo_netatalk_aarp_send_t mpo_netatalk_aarp_send;
|
||||
|
||||
mpo_netinet_arp_send_t mpo_netinet_arp_send;
|
||||
mpo_netinet_firewall_reply_t mpo_netinet_firewall_reply;
|
||||
mpo_netinet_firewall_send_t mpo_netinet_firewall_send;
|
||||
mpo_netinet_fragment_t mpo_netinet_fragment;
|
||||
mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply;
|
||||
mpo_netinet_icmp_replyinplace_t mpo_netinet_icmp_replyinplace;
|
||||
mpo_netinet_igmp_send_t mpo_netinet_igmp_send;
|
||||
mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply;
|
||||
|
||||
|
||||
@ -1304,18 +1304,6 @@ biba_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel,
|
||||
biba_copy_effective(source, dest);
|
||||
}
|
||||
|
||||
static void
|
||||
biba_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel,
|
||||
struct mbuf *newm, struct label *mnewlabel)
|
||||
{
|
||||
struct mac_biba *source, *dest;
|
||||
|
||||
source = SLOT(mlabel);
|
||||
dest = SLOT(mnewlabel);
|
||||
|
||||
biba_copy_effective(source, dest);
|
||||
}
|
||||
|
||||
static int
|
||||
biba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
|
||||
struct label *ipqlabel)
|
||||
@ -1382,6 +1370,18 @@ biba_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel,
|
||||
biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
|
||||
}
|
||||
|
||||
static void
|
||||
biba_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel,
|
||||
struct mbuf *msend, struct label *msendlabel)
|
||||
{
|
||||
struct mac_biba *source, *dest;
|
||||
|
||||
source = SLOT(mrecvlabel);
|
||||
dest = SLOT(msendlabel);
|
||||
|
||||
biba_copy_effective(source, dest);
|
||||
}
|
||||
|
||||
static void
|
||||
biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
@ -1393,6 +1393,18 @@ biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
|
||||
biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
|
||||
}
|
||||
|
||||
static void
|
||||
biba_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
|
||||
struct mbuf *msend, struct label *msendlabel)
|
||||
{
|
||||
struct mac_biba *source, *dest;
|
||||
|
||||
source = SLOT(mrecvlabel);
|
||||
dest = SLOT(msendlabel);
|
||||
|
||||
biba_copy_effective(source, dest);
|
||||
}
|
||||
|
||||
static void
|
||||
biba_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
@ -3356,7 +3368,6 @@ static struct mac_policy_ops mac_biba_ops =
|
||||
.mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf,
|
||||
.mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf,
|
||||
.mpo_mbuf_create_multicast_encap = biba_mbuf_create_multicast_encap,
|
||||
.mpo_mbuf_create_netlayer = biba_mbuf_create_netlayer,
|
||||
.mpo_ipq_match = biba_ipq_match,
|
||||
.mpo_ifnet_relabel = biba_ifnet_relabel,
|
||||
.mpo_ipq_update = biba_ipq_update,
|
||||
@ -3446,7 +3457,9 @@ static struct mac_policy_ops mac_biba_ops =
|
||||
.mpo_vnode_check_write = biba_vnode_check_write,
|
||||
.mpo_netatalk_aarp_send = biba_netatalk_aarp_send,
|
||||
.mpo_netinet_arp_send = biba_netinet_arp_send,
|
||||
.mpo_netinet_firewall_reply = biba_netinet_firewall_reply,
|
||||
.mpo_netinet_firewall_send = biba_netinet_firewall_send,
|
||||
.mpo_netinet_icmp_reply = biba_netinet_icmp_reply,
|
||||
.mpo_netinet_igmp_send = biba_netinet_igmp_send,
|
||||
.mpo_netinet6_nd6_send = biba_netinet6_nd6_send,
|
||||
.mpo_priv_check = biba_priv_check,
|
||||
|
||||
@ -1368,18 +1368,6 @@ lomac_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel,
|
||||
lomac_copy_single(source, dest);
|
||||
}
|
||||
|
||||
static void
|
||||
lomac_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel,
|
||||
struct mbuf *mnew, struct label *mnewlabel)
|
||||
{
|
||||
struct mac_lomac *source, *dest;
|
||||
|
||||
source = SLOT(mlabel);
|
||||
dest = SLOT(mnewlabel);
|
||||
|
||||
lomac_copy_single(source, dest);
|
||||
}
|
||||
|
||||
static int
|
||||
lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
|
||||
struct label *ipqlabel)
|
||||
@ -1467,6 +1455,18 @@ lomac_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel,
|
||||
lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
|
||||
}
|
||||
|
||||
static void
|
||||
lomac_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel,
|
||||
struct mbuf *msend, struct label *msendlabel)
|
||||
{
|
||||
struct mac_lomac *source, *dest;
|
||||
|
||||
source = SLOT(mrecvlabel);
|
||||
dest = SLOT(msendlabel);
|
||||
|
||||
lomac_copy_single(source, dest);
|
||||
}
|
||||
|
||||
static void
|
||||
lomac_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
@ -1478,6 +1478,18 @@ lomac_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
|
||||
lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
|
||||
}
|
||||
|
||||
static void
|
||||
lomac_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
|
||||
struct mbuf *msend, struct label *msendlabel)
|
||||
{
|
||||
struct mac_lomac *source, *dest;
|
||||
|
||||
source = SLOT(mrecvlabel);
|
||||
dest = SLOT(msendlabel);
|
||||
|
||||
lomac_copy_single(source, dest);
|
||||
}
|
||||
|
||||
static void
|
||||
lomac_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
@ -2914,7 +2926,6 @@ static struct mac_policy_ops lomac_ops =
|
||||
.mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf,
|
||||
.mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf,
|
||||
.mpo_mbuf_create_multicast_encap = lomac_mbuf_create_multicast_encap,
|
||||
.mpo_mbuf_create_netlayer = lomac_mbuf_create_netlayer,
|
||||
.mpo_ipq_match = lomac_ipq_match,
|
||||
.mpo_ifnet_relabel = lomac_ifnet_relabel,
|
||||
.mpo_ipq_update = lomac_ipq_update,
|
||||
@ -2970,7 +2981,9 @@ static struct mac_policy_ops lomac_ops =
|
||||
.mpo_thread_userret = lomac_thread_userret,
|
||||
.mpo_netatalk_aarp_send = lomac_netatalk_aarp_send,
|
||||
.mpo_netinet_arp_send = lomac_netinet_arp_send,
|
||||
.mpo_netinet_firewall_reply = lomac_netinet_firewall_reply,
|
||||
.mpo_netinet_firewall_send = lomac_netinet_firewall_send,
|
||||
.mpo_netinet_icmp_reply = lomac_netinet_icmp_reply,
|
||||
.mpo_netinet_igmp_send = lomac_netinet_igmp_send,
|
||||
.mpo_netinet6_nd6_send = lomac_netinet6_nd6_send,
|
||||
.mpo_priv_check = lomac_priv_check,
|
||||
|
||||
@ -1226,18 +1226,6 @@ mls_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel,
|
||||
mls_copy_effective(source, dest);
|
||||
}
|
||||
|
||||
static void
|
||||
mls_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel,
|
||||
struct mbuf *mnew, struct label *mnewlabel)
|
||||
{
|
||||
struct mac_mls *source, *dest;
|
||||
|
||||
source = SLOT(mlabel);
|
||||
dest = SLOT(mnewlabel);
|
||||
|
||||
mls_copy_effective(source, dest);
|
||||
}
|
||||
|
||||
static int
|
||||
mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
|
||||
struct label *ipqlabel)
|
||||
@ -1304,6 +1292,18 @@ mls_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel,
|
||||
mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
|
||||
}
|
||||
|
||||
static void
|
||||
mls_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel,
|
||||
struct mbuf *msend, struct label *msendlabel)
|
||||
{
|
||||
struct mac_mls *source, *dest;
|
||||
|
||||
source = SLOT(mrecvlabel);
|
||||
dest = SLOT(msendlabel);
|
||||
|
||||
mls_copy_effective(source, dest);
|
||||
}
|
||||
|
||||
static void
|
||||
mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
@ -1315,6 +1315,18 @@ mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
|
||||
mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL);
|
||||
}
|
||||
|
||||
static void
|
||||
mls_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
|
||||
struct mbuf *msend, struct label *msendlabel)
|
||||
{
|
||||
struct mac_mls *source, *dest;
|
||||
|
||||
source = SLOT(mrecvlabel);
|
||||
dest = SLOT(msendlabel);
|
||||
|
||||
mls_copy_effective(source, dest);
|
||||
}
|
||||
|
||||
static void
|
||||
mls_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
@ -2983,7 +2995,6 @@ static struct mac_policy_ops mls_ops =
|
||||
.mpo_bpfdesc_create_mbuf = mls_bpfdesc_create_mbuf,
|
||||
.mpo_ifnet_create_mbuf = mls_ifnet_create_mbuf,
|
||||
.mpo_mbuf_create_multicast_encap = mls_mbuf_create_multicast_encap,
|
||||
.mpo_mbuf_create_netlayer = mls_mbuf_create_netlayer,
|
||||
.mpo_ipq_match = mls_ipq_match,
|
||||
.mpo_ifnet_relabel = mls_ifnet_relabel,
|
||||
.mpo_ipq_update = mls_ipq_update,
|
||||
@ -3069,7 +3080,9 @@ static struct mac_policy_ops mls_ops =
|
||||
.mpo_vnode_check_write = mls_vnode_check_write,
|
||||
.mpo_netatalk_aarp_send = mls_netatalk_aarp_send,
|
||||
.mpo_netinet_arp_send = mls_netinet_arp_send,
|
||||
.mpo_netinet_firewall_reply = mls_netinet_firewall_reply,
|
||||
.mpo_netinet_firewall_send = mls_netinet_firewall_send,
|
||||
.mpo_netinet_icmp_reply = mls_netinet_icmp_reply,
|
||||
.mpo_netinet_igmp_send = mls_netinet_igmp_send,
|
||||
.mpo_netinet6_nd6_send = mls_netinet6_nd6_send,
|
||||
};
|
||||
|
||||
@ -426,13 +426,6 @@ stub_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel,
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel,
|
||||
struct mbuf *mnew, struct label *mnewlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_netatalk_aarp_send(struct ifnet *ifp, struct label *iflpabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
@ -447,12 +440,32 @@ stub_netinet_arp_send(struct ifnet *ifp, struct label *iflpabel,
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel,
|
||||
struct mbuf *msend, struct label *msendlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_netinet_firewall_send(struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
|
||||
struct mbuf *msend, struct label *msendlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_netinet_igmp_send(struct ifnet *ifp, struct label *iflpabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
@ -475,12 +488,6 @@ stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
|
||||
return (1);
|
||||
}
|
||||
|
||||
static void
|
||||
stub_netinet_icmp_reply(struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_netinet_tcp_reply(struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
@ -1545,14 +1552,17 @@ static struct mac_policy_ops stub_ops =
|
||||
.mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf,
|
||||
.mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf,
|
||||
.mpo_mbuf_create_multicast_encap = stub_mbuf_create_multicast_encap,
|
||||
.mpo_mbuf_create_netlayer = stub_mbuf_create_netlayer,
|
||||
.mpo_netatalk_aarp_send = stub_netatalk_aarp_send,
|
||||
.mpo_netinet_arp_send = stub_netinet_arp_send,
|
||||
.mpo_netinet_firewall_reply = stub_netinet_firewall_reply,
|
||||
.mpo_netinet_firewall_send = stub_netinet_firewall_send,
|
||||
.mpo_netinet_icmp_reply = stub_netinet_icmp_reply,
|
||||
.mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace,
|
||||
.mpo_netinet_igmp_send = stub_netinet_igmp_send,
|
||||
.mpo_netinet6_nd6_send = stub_netinet6_nd6_send,
|
||||
.mpo_ipq_match = stub_ipq_match,
|
||||
.mpo_netinet_icmp_reply = stub_netinet_icmp_reply,
|
||||
.mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace,
|
||||
.mpo_netinet_tcp_reply = stub_netinet_tcp_reply,
|
||||
.mpo_ifnet_relabel = stub_ifnet_relabel,
|
||||
.mpo_ipq_update = stub_ipq_update,
|
||||
|
||||
@ -1050,18 +1050,6 @@ test_mbuf_create_multicast_encap(struct mbuf *oldmbuf,
|
||||
COUNTER_INC(mbuf_create_multicast_encap);
|
||||
}
|
||||
|
||||
COUNTER_DECL(mbuf_create_netlayer);
|
||||
static void
|
||||
test_mbuf_create_netlayer(struct mbuf *oldmbuf,
|
||||
struct label *oldmbuflabel, struct mbuf *newmbuf,
|
||||
struct label *newmbuflabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(oldmbuflabel, MAGIC_MBUF);
|
||||
LABEL_CHECK(newmbuflabel, MAGIC_MBUF);
|
||||
COUNTER_INC(mbuf_create_netlayer);
|
||||
}
|
||||
|
||||
COUNTER_DECL(ipq_match);
|
||||
static int
|
||||
test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel,
|
||||
@ -1099,11 +1087,22 @@ test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel,
|
||||
|
||||
COUNTER_DECL(netinet_icmp_reply);
|
||||
static void
|
||||
test_netinet_icmp_reply(struct mbuf *m, struct label *mlabel)
|
||||
test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
|
||||
struct mbuf *msend, struct label *msendlabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(mrecvlabel, MAGIC_MBUF);
|
||||
LABEL_CHECK(msendlabel, MAGIC_MBUF);
|
||||
COUNTER_INC(netinet_icmp_reply);
|
||||
}
|
||||
|
||||
COUNTER_DECL(netinet_icmp_replyinplace);
|
||||
static void
|
||||
test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(mlabel, MAGIC_MBUF);
|
||||
COUNTER_INC(netinet_icmp_reply);
|
||||
COUNTER_INC(netinet_icmp_replyinplace);
|
||||
}
|
||||
|
||||
COUNTER_DECL(netinet_igmp_send);
|
||||
@ -2722,11 +2721,11 @@ static struct mac_policy_ops test_ops =
|
||||
.mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
|
||||
.mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
|
||||
.mpo_mbuf_create_multicast_encap = test_mbuf_create_multicast_encap,
|
||||
.mpo_mbuf_create_netlayer = test_mbuf_create_netlayer,
|
||||
.mpo_ipq_match = test_ipq_match,
|
||||
.mpo_netatalk_aarp_send = test_netatalk_aarp_send,
|
||||
.mpo_netinet_arp_send = test_netinet_arp_send,
|
||||
.mpo_netinet_icmp_reply = test_netinet_icmp_reply,
|
||||
.mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace,
|
||||
.mpo_netinet_igmp_send = test_netinet_igmp_send,
|
||||
.mpo_netinet_tcp_reply = test_netinet_tcp_reply,
|
||||
.mpo_netinet6_nd6_send = test_netinet6_nd6_send,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user