diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2002-08-01 03:53:04 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2002-08-01 03:53:04 +0000 |
| commit | 0070e096d7d340aa9a934cf59b59865f5eecf8c8 (patch) | |
| tree | b089d1818e88c684cbe1ff62946b482eb80fec17 /sys/netinet | |
| parent | b3e13e1c3fbb39bbda0409f7ebab9ba6ecfb57d5 (diff) | |
| download | src-0070e096d7d340aa9a934cf59b59865f5eecf8c8.tar.gz src-0070e096d7d340aa9a934cf59b59865f5eecf8c8.zip | |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Add support for labeling most out-going ICMP messages using an
appropriate MAC entry point. Currently, we do not explicitly
label packet reflect (timestamp, echo request) ICMP events,
implicitly using the originating packet label since the mbuf is
reused. This will be made explicit at some point.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Notes
Notes:
svn path=/head/; revision=101136
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_icmp.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 7042dd87c4b9..af008495fe73 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -35,9 +35,11 @@ */ #include "opt_ipsec.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> +#include <sys/mac.h> #include <sys/mbuf.h> #include <sys/protosw.h> #include <sys/socket.h> @@ -159,6 +161,9 @@ icmp_error(n, type, code, dest, destifp) m = m_gethdr(M_DONTWAIT, MT_HEADER); if (m == NULL) goto freeit; +#ifdef MAC + mac_create_mbuf_netlayer(n, m); +#endif icmplen = min(oiplen + 8, oip->ip_len); if (icmplen < sizeof(struct ip)) panic("icmp_error: bad length"); |