aboutsummaryrefslogtreecommitdiff
path: root/sys/net/if_ethersubr.c
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2002-07-31 16:22:02 +0000
committerRobert Watson <rwatson@FreeBSD.org>2002-07-31 16:22:02 +0000
commit43b29369636c186a5c4a944ccc4a7fb36f9edee0 (patch)
treeb722af00a96c20c7536fbed58a0e8b9f9f9e3e4c /sys/net/if_ethersubr.c
parente70cd263665d5f635f8926dca025d448392edb67 (diff)
downloadsrc-43b29369636c186a5c4a944ccc4a7fb36f9edee0.tar.gz
src-43b29369636c186a5c4a944ccc4a7fb36f9edee0.zip
Introduce support for Mandatory Access Control and extensible
kernel access control. Label mbufs received via ethernet-based interfaces by invoking appropriate MAC framework entry points. Perform access control checks on out-going mbufs delivered via ethernet-based interfaces by invoking appropriate MAC entry points. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Notes
Notes: svn path=/head/; revision=101081
Diffstat (limited to 'sys/net/if_ethersubr.c')
-rw-r--r--sys/net/if_ethersubr.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c
index 6a1a85d359ef..693f184e1bab 100644
--- a/sys/net/if_ethersubr.c
+++ b/sys/net/if_ethersubr.c
@@ -39,11 +39,13 @@
#include "opt_inet6.h"
#include "opt_ipx.h"
#include "opt_bdg.h"
+#include "opt_mac.h"
#include "opt_netgraph.h"
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/random.h>
@@ -154,6 +156,12 @@ ether_output(ifp, m, dst, rt0)
int hlen; /* link layer header lenght */
struct arpcom *ac = IFP2AC(ifp);
+#ifdef MAC
+ error = mac_check_ifnet_transmit(ifp, m);
+ if (error)
+ senderr(error);
+#endif
+
if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING))
senderr(ENETDOWN);
rt = rt0;
@@ -551,6 +559,10 @@ ether_input(ifp, eh, m)
{
struct ether_header save_eh;
+#ifdef MAC
+ mac_create_mbuf_from_ifnet(ifp, m);
+#endif
+
/* Check for a BPF tap */
if (ifp->if_bpf != NULL) {
struct m_hdr mh;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-01 14:11:44 +0000