HardenedBSD/sys/netipsec
Robert Watson a557af222b Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
..
ah_var.h
ah.h
esp_var.h
esp.h
ipcomp_var.h
ipcomp.h
ipip_var.h
ipsec6.h
ipsec_input.c MFp4: portability work, general cleanup, locking fixes 2003-09-29 22:57:43 +00:00
ipsec_mbuf.c MFp4: portability work, general cleanup, locking fixes 2003-09-29 22:57:43 +00:00
ipsec_osdep.h os dependency glue file for improving portability 2003-09-29 22:47:45 +00:00
ipsec_output.c MFp4: portability work, general cleanup, locking fixes 2003-09-29 22:57:43 +00:00
ipsec.c MFp4: portability work, general cleanup, locking fixes 2003-09-29 22:57:43 +00:00
ipsec.h MFp4: portability work, general cleanup, locking fixes 2003-09-29 22:57:43 +00:00
key_debug.c MFp4: portability work, general cleanup, locking fixes 2003-09-29 22:57:43 +00:00
key_debug.h
key_var.h
key.c MFp4: portability work, general cleanup, locking fixes 2003-09-29 22:57:43 +00:00
key.h
keydb.h MFp4: portability work, general cleanup, locking fixes 2003-09-29 22:57:43 +00:00
keysock.c Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
keysock.h
xform_ah.c MFp4: portability work, general cleanup, locking fixes 2003-09-29 22:57:43 +00:00
xform_esp.c MFp4: portability work, general cleanup, locking fixes 2003-09-29 22:57:43 +00:00
xform_ipcomp.c MFp4: portability work, general cleanup, locking fixes 2003-09-29 22:57:43 +00:00
xform_ipip.c MFp4: portability work, general cleanup, locking fixes 2003-09-29 22:57:43 +00:00
xform.h