cvs commit: src/sys/kern kern_mac.c src/sys/sys mac.h mac_policy.h

Robert Watson rwatson at
Thu Aug 21 11:38:54 PDT 2003

FYI, this commit was slightly mis-ordered: I meant to commit it shortly
before a couple of the recent module commits, and realized afterwards that
I'd skipped it.  As a result, there may have been a short window where MAC
modules depended on changes in mac_policy.h and mac.h that weren't yet
present.  Hope this didn't cause too much inconvenience!

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at      Network Associates Laboratories

On Thu, 21 Aug 2003, Robert Watson wrote:

> rwatson     2003/08/21 11:21:22 PDT
>   FreeBSD src repository
>   Modified files:
>     sys/kern             kern_mac.c 
>     sys/sys              mac.h mac_policy.h 
>   Log:
>   Introduce two new MAC Framework and MAC policy entry points:
>     mac_reflect_mbuf_icmp()
>     mac_reflect_mbuf_tcp()
>   These entry points permit MAC policies to do "update in place"
>   changes to the labels on ICMP and TCP mbuf headers when an ICMP or
>   TCP response is generated to a packet outside of the context of
>   an existing socket.  For example, in respond to a ping or a RST
>   packet to a SYN on a closed port.
>   Obtained from:  TrustedBSD Project
>   Sponsored by:   DARPA, Network Associates Laboratories
>   Revision  Changes    Path
>   1.97      +19 -0     src/sys/kern/kern_mac.c
>   1.42      +2 -0      src/sys/sys/mac.h
>   1.43      +3 -0      src/sys/sys/mac_policy.h

More information about the cvs-src mailing list