mirror of
https://github.com/opnsense/src.git
synced 2026-06-10 09:11:07 -04:00
While the MAC API has supported the ability to handle M_NOWAIT passed
to mbuf label initialization, that functionality was never merged to the main tree. Go ahead and merge that functionality now. Note that this requires policy modules to accept the case where the label element may be destroyed even if init has not succeeded on it (in the event that policy failed the init). This will shortly also apply to sockets. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
This commit is contained in:
Robert Watson
parent
87807196f8
commit
56c1541237
9 changed files with 99 additions and 27 deletions
|
|
@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
|
|||
int
|
||||
mac_init_mbuf(struct mbuf *m, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
|
||||
|
||||
mac_init_label(&m->m_pkthdr.label);
|
||||
|
||||
MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
|
||||
mac_destroy_label(&m->m_pkthdr.label);
|
||||
}
|
||||
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
#endif
|
||||
return (0);
|
||||
return (error);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
|||
|
|
@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
|
|||
int
|
||||
mac_init_mbuf(struct mbuf *m, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
|
||||
|
||||
mac_init_label(&m->m_pkthdr.label);
|
||||
|
||||
MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
|
||||
mac_destroy_label(&m->m_pkthdr.label);
|
||||
}
|
||||
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
#endif
|
||||
return (0);
|
||||
return (error);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
|||
|
|
@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
|
|||
int
|
||||
mac_init_mbuf(struct mbuf *m, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
|
||||
|
||||
mac_init_label(&m->m_pkthdr.label);
|
||||
|
||||
MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
|
||||
mac_destroy_label(&m->m_pkthdr.label);
|
||||
}
|
||||
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
#endif
|
||||
return (0);
|
||||
return (error);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
|||
|
|
@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
|
|||
int
|
||||
mac_init_mbuf(struct mbuf *m, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
|
||||
|
||||
mac_init_label(&m->m_pkthdr.label);
|
||||
|
||||
MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
|
||||
mac_destroy_label(&m->m_pkthdr.label);
|
||||
}
|
||||
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
#endif
|
||||
return (0);
|
||||
return (error);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
|||
|
|
@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
|
|||
int
|
||||
mac_init_mbuf(struct mbuf *m, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
|
||||
|
||||
mac_init_label(&m->m_pkthdr.label);
|
||||
|
||||
MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
|
||||
mac_destroy_label(&m->m_pkthdr.label);
|
||||
}
|
||||
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
#endif
|
||||
return (0);
|
||||
return (error);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
|||
|
|
@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
|
|||
int
|
||||
mac_init_mbuf(struct mbuf *m, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
|
||||
|
||||
mac_init_label(&m->m_pkthdr.label);
|
||||
|
||||
MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
|
||||
mac_destroy_label(&m->m_pkthdr.label);
|
||||
}
|
||||
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
#endif
|
||||
return (0);
|
||||
return (error);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
|||
|
|
@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
|
|||
int
|
||||
mac_init_mbuf(struct mbuf *m, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
|
||||
|
||||
mac_init_label(&m->m_pkthdr.label);
|
||||
|
||||
MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
|
||||
mac_destroy_label(&m->m_pkthdr.label);
|
||||
}
|
||||
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
#endif
|
||||
return (0);
|
||||
return (error);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
|||
|
|
@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
|
|||
int
|
||||
mac_init_mbuf(struct mbuf *m, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
|
||||
|
||||
mac_init_label(&m->m_pkthdr.label);
|
||||
|
||||
MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
|
||||
mac_destroy_label(&m->m_pkthdr.label);
|
||||
}
|
||||
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
#endif
|
||||
return (0);
|
||||
return (error);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
|||
|
|
@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
|
|||
int
|
||||
mac_init_mbuf(struct mbuf *m, int flag)
|
||||
{
|
||||
int error;
|
||||
|
||||
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
|
||||
|
||||
mac_init_label(&m->m_pkthdr.label);
|
||||
|
||||
MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
|
||||
if (error) {
|
||||
MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
|
||||
mac_destroy_label(&m->m_pkthdr.label);
|
||||
}
|
||||
|
||||
#ifdef MAC_DEBUG
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
if (error == 0)
|
||||
atomic_add_int(&nmacmbufs, 1);
|
||||
#endif
|
||||
return (0);
|
||||
return (error);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
|||
Loading…
Reference in a new issue