1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-24 11:29:10 +00:00
freebsd/sys/netinet
Robert Watson c488362e1a Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument the TCP socket code for packet generation and delivery:
label outgoing mbufs with the label of the socket, and check socket and
mbuf labels before permitting delivery to a socket.  Assign labels
to newly accepted connections when the syncache/cookie code has done
its business.  Also set peer labels as convenient.  Currently,
MAC policies cannot influence the PCB matching algorithm, so cannot
implement polyinstantiation.  Note that there is at least one case
where a PCB is not available due to the TCP packet not being associated
with any socket, so we don't label in that case, but need to handle
it in a special manner.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 19:06:49 +00:00
..
libalias Don't forget to recalculate the IP checksum of the original 2002-07-23 00:16:19 +00:00
accf_data.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
accf_http.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
icmp6.h
icmp_var.h
if_atm.c - Change the newly turned INVARIANTS #ifdef blocks (they were changed from 2002-05-21 18:52:24 +00:00
if_atm.h
if_ether.c Introduce support for Mandatory Access Control and extensible 2002-07-31 16:45:16 +00:00
if_ether.h
igmp_var.h
igmp.c Introduce support for Mandatory Access Control and extensible 2002-07-31 16:46:56 +00:00
igmp.h
in_cksum.c
in_gif.c
in_gif.h
in_pcb.c cleanup usage of ip6_mapped_addr_on and ip6_v6only. now, 2002-07-25 17:40:45 +00:00
in_pcb.h do not refer to IN6P_BINDV6ONLY anymore. 2002-07-22 15:51:02 +00:00
in_proto.c
in_rmx.c
in_systm.h
in_var.h
in.c Lock up inpcb. 2002-06-10 20:05:46 +00:00
in.h
ip6.h
ip_divert.c Introduce support for Mandatory Access Control and extensible 2002-07-31 16:42:47 +00:00
ip_dummynet.c Fix a panic when doing "ipfw add pipe 1 log ..." 2002-07-17 07:21:42 +00:00
ip_dummynet.h fix indentation of a comment 2002-06-23 09:14:24 +00:00
ip_ecn.c
ip_ecn.h
ip_encap.c
ip_encap.h
ip_flow.c
ip_flow.h
ip_fw2.c Only log things net.inet.ip.fw.verbose is set 2002-07-24 02:41:19 +00:00
ip_fw.c Remove (almost all) global variables that were used to hold 2002-06-22 11:51:02 +00:00
ip_fw.h Fix a panic when doing "ipfw add pipe 1 log ..." 2002-07-17 07:21:42 +00:00
ip_icmp.c
ip_icmp.h
ip_id.c
ip_input.c Introduce support for Mandatory Access Control and extensible 2002-07-31 17:17:51 +00:00
ip_mroute.c Just a comment on some additional consistency checks that could 2002-06-26 21:00:53 +00:00
ip_mroute.h
ip_output.c Introduce support for Mandatory Access Control and extensible 2002-07-31 17:21:01 +00:00
ip_var.h Introduce support for Mandatory Access Control and extensible 2002-07-30 23:09:20 +00:00
ip.h
ipprotosw.h
raw_ip.c Introduce support for Mandatory Access Control and extensible 2002-07-31 18:30:34 +00:00
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_input.c Introduce support for Mandatory Access Control and extensible 2002-07-31 19:06:49 +00:00
tcp_output.c Introduce support for Mandatory Access Control and extensible 2002-07-31 19:06:49 +00:00
tcp_reass.c Introduce support for Mandatory Access Control and extensible 2002-07-31 19:06:49 +00:00
tcp_seq.h
tcp_subr.c Introduce support for Mandatory Access Control and extensible 2002-07-31 19:06:49 +00:00
tcp_syncache.c Introduce support for Mandatory Access Control and extensible 2002-07-31 19:06:49 +00:00
tcp_timer.c Fix overflows in intermediate calculations in sysctl_msec_to_ticks(). 2002-07-20 23:48:59 +00:00
tcp_timer.h Introduce two new sysctl's: 2002-07-18 19:06:12 +00:00
tcp_timewait.c Introduce support for Mandatory Access Control and extensible 2002-07-31 19:06:49 +00:00
tcp_usrreq.c Use a common way to release locks before exit. 2002-07-29 09:01:39 +00:00
tcp_var.h Add the tcps_sndrexmitbad statistic, keep track of late acks that caused 2002-07-19 18:29:38 +00:00
tcp.h
tcpip.h
udp_usrreq.c Wire the sysctl output buffer before grabbing any locks to prevent 2002-07-28 19:59:31 +00:00
udp_var.h Notify functions can destroy the pcb, so they have to return an 2002-06-14 08:35:21 +00:00
udp.h