upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Introduce support for Mandatory Access Control and extensible

Browse source 
kernel access control.

Invoke a MAC framework entry point to authorize reception of an
incoming mbuf by the BPF descriptor, permitting MAC policies to
limit the visibility of packets delivered to particular BPF
descriptors.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
This commit is contained in:
Robert Watson 2002-07-31 16:11:32 +00:00
parent 82f4445d4c
commit ec272d8708
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
sys/net/bpf.c
View file

@ -1074,8 +1074,12 @@ bpf_tap(ifp, pkt, pktlen)
BPFD_LOCK(d);
++d->bd_rcount;
slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen);
if (slen != 0)
catchpacket(d, pkt, pktlen, slen, bcopy);
if (slen != 0) {
#ifdef MAC
if (mac_check_bpfdesc_receive(d, ifp) == 0)
#endif
catchpacket(d, pkt, pktlen, slen, bcopy);
}
BPFD_UNLOCK(d);
}
BPFIF_UNLOCK(bp);