UDP packet labels handling

[Ilmar S. Habibulin]

Sorry, i have not -current packet labeling patch right now, cause i was
busy with my pilot project based on 2-stable. I've rewrote my 2.2 MAC code
to support so called "equal" label and tryed to implement UDP exchange
based on label comparing. "Equal" label is used by trusted process
(server), that have to deal with different clients with different labels
(like portmap/rpcbind do). My "equal" label is a special level, just like
system high and low are, so if receiving socket have equal label - it may
receive packets with any label, and if some socket receives packet with
"equal" label - it receives it. This is a DIRTY HACK, and i don't like it.
But it was one of the less painless ways to implement UDP exchange, IMHO.
Robert's MAC labels have additional type field, which indicates is this
label EQUAL, SYSLOW, SYSHIGH or have defined level/compartment values. So
my dirty hack wouldn't work. The solution i like very much is something
common to "last received label". I've browsed a little bit through
recvmsg() code and think that extendign of pru_soreceive()/pru_sosend()
and struct msghdr is the best way to inform trusted application about the
label of received UDP data. I mean to include label in struct msghdr and
set/get it while receiving messages from sockets receive queue and (maybe)
set specified by process labels on outgoing messages.
What do people thing about my idea?

PS. The only point of my doubts are changing of interfaces. That can break
binary compatibility, imho.



To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message