オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/network.c

Diff of /trunk/1.8.x/ccs-patch/security/ccsecurity/network.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 111 by kumaneko, Wed Feb 28 11:45:08 2007 UTC revision 265 by kumaneko, Tue Jun 5 11:19:48 2007 UTC
# Line 5  Line 5 
5   *   *
6   * Copyright (C) 2005-2007  NTT DATA CORPORATION   * Copyright (C) 2005-2007  NTT DATA CORPORATION
7   *   *
8   * Version: 1.3.2   2007/02/14   * Version: 1.4.1   2007/06/05
9   *   *
10   * This file is applicable to both 2.4.30 and 2.6.11 and later.   * This file is applicable to both 2.4.30 and 2.6.11 and later.
11   * See README.ccs for ChangeLog.   * See README.ccs for ChangeLog.
# Line 47  static inline void AuditNetworkLog(const Line 47  static inline void AuditNetworkLog(const
47    
48  /*************************  ADDRESS GROUP HANDLER  *************************/  /*************************  ADDRESS GROUP HANDLER  *************************/
49    
50  static ADDRESS_GROUP_ENTRY *group_list = NULL;  static struct address_group_entry *group_list = NULL;
51    
52  static int AddAddressGroupEntry(const char *group_name, const u8 is_ipv6, const u16 *min_address, const u16 *max_address, const int is_delete)  static int AddAddressGroupEntry(const char *group_name, const u8 is_ipv6, const u16 *min_address, const u16 *max_address, const int is_delete)
53  {  {
54          static DECLARE_MUTEX(lock);          static DECLARE_MUTEX(lock);
55          ADDRESS_GROUP_ENTRY *new_group, *group;          struct address_group_entry *new_group, *group;
56          ADDRESS_GROUP_MEMBER *new_member, *member;          struct address_group_member *new_member, *member;
57          const struct path_info *saved_group_name;          const struct path_info *saved_group_name;
58          int error = -ENOMEM;          int error = -ENOMEM;
59          if (!IsCorrectPath(group_name, 0, 0, 0, __FUNCTION__) || !group_name[0]) return -EINVAL;          if (!IsCorrectPath(group_name, 0, 0, 0, __FUNCTION__) || !group_name[0]) return -EINVAL;
# Line 79  static int AddAddressGroupEntry(const ch Line 79  static int AddAddressGroupEntry(const ch
79                  goto out;                  goto out;
80          }          }
81          if (!group) {          if (!group) {
82                  if ((new_group = (ADDRESS_GROUP_ENTRY *) alloc_element(sizeof(ADDRESS_GROUP_ENTRY))) == NULL) goto out;                  if ((new_group = alloc_element(sizeof(*new_group))) == NULL) goto out;
83                  new_group->group_name = saved_group_name;                  new_group->group_name = saved_group_name;
84                  mb(); /* Instead of using spinlock. */                  mb(); /* Instead of using spinlock. */
85                  if ((group = group_list) != NULL) {                  if ((group = group_list) != NULL) {
# Line 89  static int AddAddressGroupEntry(const ch Line 89  static int AddAddressGroupEntry(const ch
89                  }                  }
90                  group = new_group;                  group = new_group;
91          }          }
92          if ((new_member = (ADDRESS_GROUP_MEMBER *) alloc_element(sizeof(ADDRESS_GROUP_MEMBER))) == NULL) goto out;          if ((new_member = alloc_element(sizeof(*new_member))) == NULL) goto out;
93          new_member->is_ipv6 = is_ipv6;          new_member->is_ipv6 = is_ipv6;
94          if (is_ipv6) {          if (is_ipv6) {
95                  memmove(new_member->min.ipv6, min_address, 16);                  memmove(new_member->min.ipv6, min_address, 16);
# Line 143  int AddAddressGroupPolicy(char *data, co Line 143  int AddAddressGroupPolicy(char *data, co
143          return AddAddressGroupEntry(data, is_ipv6, min_address, max_address, is_delete);          return AddAddressGroupEntry(data, is_ipv6, min_address, max_address, is_delete);
144  }  }
145    
146  static ADDRESS_GROUP_ENTRY *FindOrAssignNewAddressGroup(const char *group_name)  static struct address_group_entry *FindOrAssignNewAddressGroup(const char *group_name)
147  {  {
148          int i;          int i;
149          ADDRESS_GROUP_ENTRY *group;          struct address_group_entry *group;
150          for (i = 0; i <= 1; i++) {          for (i = 0; i <= 1; i++) {
151                  for (group = group_list; group; group = group->next) {                  for (group = group_list; group; group = group->next) {
152                          if (strcmp(group_name, group->group_name->name) == 0) return group;                          if (strcmp(group_name, group->group_name->name) == 0) return group;
# Line 160  static ADDRESS_GROUP_ENTRY *FindOrAssign Line 160  static ADDRESS_GROUP_ENTRY *FindOrAssign
160          return NULL;          return NULL;
161  }  }
162    
163  static int AddressMatchesToGroup(const u8 is_ipv6, const u32 *address, const ADDRESS_GROUP_ENTRY *group)  static int AddressMatchesToGroup(const u8 is_ipv6, const u32 *address, const struct address_group_entry *group)
164  {  {
165          ADDRESS_GROUP_MEMBER *member;          struct address_group_member *member;
166          const u32 ip = ntohl(*address);          const u32 ip = ntohl(*address);
167          for (member = group->first_member; member; member = member->next) {          for (member = group->first_member; member; member = member->next) {
168                  if (member->is_deleted) continue;                  if (member->is_deleted) continue;
169                  if (member->is_ipv6) {                  if (member->is_ipv6) {
170                          if (memcmp(member->min.ipv6, address, 16) <= 0 && memcmp(address, member->max.ipv6, 16) <= 0) return 1;                          if (is_ipv6 && memcmp(member->min.ipv6, address, 16) <= 0 && memcmp(address, member->max.ipv6, 16) <= 0) return 1;
171                  } else {                  } else {
172                          if (member->min.ipv4 <= ip && ip <= member->max.ipv4) return 1;                          if (!is_ipv6 && member->min.ipv4 <= ip && ip <= member->max.ipv4) return 1;
173                  }                  }
174          }          }
175          return 0;          return 0;
176  }  }
177    
178  int ReadAddressGroupPolicy(IO_BUFFER *head)  int ReadAddressGroupPolicy(struct io_buffer *head)
179  {  {
180          ADDRESS_GROUP_ENTRY *group = (ADDRESS_GROUP_ENTRY *) head->read_var1;          struct address_group_entry *group = head->read_var1;
181          ADDRESS_GROUP_MEMBER *member = (ADDRESS_GROUP_MEMBER *) head->read_var2;          struct address_group_member *member = head->read_var2;
182          if (!group) group = group_list;          if (!group) group = group_list;
183          while (group) {          while (group) {
184                  head->read_var1 = (struct domain_info *) group;                  head->read_var1 = group;
185                  if (!member) member = group->first_member;                  if (!member) member = group->first_member;
186                  while (member) {                  while (member) {
187                          head->read_var2 = (void *) member;                          head->read_var2 = member;
188                          if (!member->is_deleted) {                          if (!member->is_deleted) {
189                                  char buf[128];                                  char buf[128];
190                                  if (member->is_ipv6) {                                  if (member->is_ipv6) {
# Line 256  const char *network2keyword(const unsign Line 256  const char *network2keyword(const unsign
256          return keyword;          return keyword;
257  }  }
258    
259  static int AddNetworkEntry(const u8 operation, const u8 record_type, const struct address_group_entry *group, const u32 *min_address, const u32 *max_address, const u16 min_port, const u16 max_port, struct domain_info *domain, const u8 is_delete, const struct condition_list *condition)  static int AddNetworkEntry(const u8 operation, const u8 record_type, const struct address_group_entry *group, const u32 *min_address, const u32 *max_address, const u16 min_port, const u16 max_port, struct domain_info *domain, const u8 is_add, const struct condition_list *condition)
260  {  {
261          struct acl_info *ptr;          struct acl_info *ptr;
262          int error = -ENOMEM;          int error = -ENOMEM;
         const u8 type = TYPE_IP_NETWORK_ACL;  
         const u8 hash = operation;  
263          const u32 min_ip = ntohl(*min_address), max_ip = ntohl(*max_address); /* using host byte order to allow u32 comparison than memcmp().*/          const u32 min_ip = ntohl(*min_address), max_ip = ntohl(*max_address); /* using host byte order to allow u32 comparison than memcmp().*/
264          if (!domain) return -EINVAL;          if (!domain) return -EINVAL;
265          down(&domain_acl_lock);          down(&domain_acl_lock);
266          if (!is_delete) {          if (is_add) {
267                  if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry;                  if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry;
268                  while (1) {                  while (1) {
269                          IP_NETWORK_ACL_RECORD *new_ptr;                          struct ip_network_acl_record *new_ptr;
270                          if (ptr->type == type && ptr->u.b[0] == hash && ptr->cond == condition && ((IP_NETWORK_ACL_RECORD *) ptr)->min_port == min_port && max_port == ((IP_NETWORK_ACL_RECORD *) ptr)->max_port) {                          if (ptr->type == TYPE_IP_NETWORK_ACL && ptr->u.b[0] == operation && ptr->u.b[1] == record_type && ptr->cond == condition && ((struct ip_network_acl_record *) ptr)->min_port == min_port && max_port == ((struct ip_network_acl_record *) ptr)->max_port) {
271                                  if (record_type == IP_RECORD_TYPE_ADDRESS_GROUP) {                                  if (record_type == IP_RECORD_TYPE_ADDRESS_GROUP) {
272                                          if (((IP_NETWORK_ACL_RECORD *) ptr)->u.group == group) {                                          if (((struct ip_network_acl_record *) ptr)->u.group == group) {
273                                                  ptr->is_deleted = 0;                                                  ptr->is_deleted = 0;
274                                                  /* Found. Nothing to do. */                                                  /* Found. Nothing to do. */
275                                                  error = 0;                                                  error = 0;
276                                                  break;                                                  break;
277                                          }                                          }
278                                  } else if (record_type == IP_RECORD_TYPE_IPv4) {                                  } else if (record_type == IP_RECORD_TYPE_IPv4) {
279                                          if (((IP_NETWORK_ACL_RECORD *) ptr)->u.ipv4.min == min_ip && max_ip == ((IP_NETWORK_ACL_RECORD *) ptr)->u.ipv4.max) {                                          if (((struct ip_network_acl_record *) ptr)->u.ipv4.min == min_ip && max_ip == ((struct ip_network_acl_record *) ptr)->u.ipv4.max) {
280                                                  ptr->is_deleted = 0;                                                  ptr->is_deleted = 0;
281                                                  /* Found. Nothing to do. */                                                  /* Found. Nothing to do. */
282                                                  error = 0;                                                  error = 0;
283                                                  break;                                                  break;
284                                          }                                          }
285                                  } else if (record_type == IP_RECORD_TYPE_IPv6) {                                  } else if (record_type == IP_RECORD_TYPE_IPv6) {
286                                          if (memcmp(((IP_NETWORK_ACL_RECORD *) ptr)->u.ipv6.min, min_address, 16) == 0 && memcmp(max_address, ((IP_NETWORK_ACL_RECORD *) ptr)->u.ipv6.max, 16) == 0) {                                          if (memcmp(((struct ip_network_acl_record *) ptr)->u.ipv6.min, min_address, 16) == 0 && memcmp(max_address, ((struct ip_network_acl_record *) ptr)->u.ipv6.max, 16) == 0) {
287                                                  ptr->is_deleted = 0;                                                  ptr->is_deleted = 0;
288                                                  /* Found. Nothing to do. */                                                  /* Found. Nothing to do. */
289                                                  error = 0;                                                  error = 0;
# Line 298  static int AddNetworkEntry(const u8 oper Line 296  static int AddNetworkEntry(const u8 oper
296                                  continue;                                  continue;
297                          }                          }
298                  first_entry: ;                  first_entry: ;
299                            if (is_add == 1 && TooManyDomainACL(domain)) break;
300                          /* Not found. Append it to the tail. */                          /* Not found. Append it to the tail. */
301                          if ((new_ptr = (IP_NETWORK_ACL_RECORD *) alloc_element(sizeof(IP_NETWORK_ACL_RECORD))) == NULL) break;                          if ((new_ptr = alloc_element(sizeof(*new_ptr))) == NULL) break;
302                          new_ptr->head.type = type;                          new_ptr->head.type = TYPE_IP_NETWORK_ACL;
303                          new_ptr->head.u.b[0] = hash;                          new_ptr->head.u.b[0] = operation;
304                          new_ptr->head.u.b[1] = record_type;                          new_ptr->head.u.b[1] = record_type;
305                          new_ptr->head.cond = condition;                          new_ptr->head.cond = condition;
306                          if (record_type == IP_RECORD_TYPE_ADDRESS_GROUP) {                          if (record_type == IP_RECORD_TYPE_ADDRESS_GROUP) {
# Line 309  static int AddNetworkEntry(const u8 oper Line 308  static int AddNetworkEntry(const u8 oper
308                          } else if (record_type == IP_RECORD_TYPE_IPv4) {                          } else if (record_type == IP_RECORD_TYPE_IPv4) {
309                                  new_ptr->u.ipv4.min = min_ip;                                  new_ptr->u.ipv4.min = min_ip;
310                                  new_ptr->u.ipv4.max = max_ip;                                  new_ptr->u.ipv4.max = max_ip;
311                          } else if (record_type == IP_RECORD_TYPE_IPv6) {                          } else {
312                                  memmove(new_ptr->u.ipv6.min, min_address, 16);                                  memmove(new_ptr->u.ipv6.min, min_address, 16);
313                                  memmove(new_ptr->u.ipv6.max, max_address, 16);                                  memmove(new_ptr->u.ipv6.max, max_address, 16);
314                          }                          }
# Line 321  static int AddNetworkEntry(const u8 oper Line 320  static int AddNetworkEntry(const u8 oper
320          } else {          } else {
321                  error = -ENOENT;                  error = -ENOENT;
322                  for (ptr = domain->first_acl_ptr; ptr; ptr = ptr->next) {                  for (ptr = domain->first_acl_ptr; ptr; ptr = ptr->next) {
323                          if (ptr->type != type || ptr->is_deleted || ptr->u.b[0] != hash || ptr->u.b[1] != record_type || ptr->cond != condition || ((IP_NETWORK_ACL_RECORD *) ptr)->min_port != min_port || ((IP_NETWORK_ACL_RECORD *) ptr)->max_port != max_port) continue;                          if (ptr->type != TYPE_IP_NETWORK_ACL || ptr->is_deleted || ptr->u.b[0] != operation || ptr->u.b[1] != record_type || ptr->cond != condition || ((struct ip_network_acl_record *) ptr)->min_port != min_port || ((struct ip_network_acl_record *) ptr)->max_port != max_port) continue;
324                          if (record_type == IP_RECORD_TYPE_ADDRESS_GROUP) {                          if (record_type == IP_RECORD_TYPE_ADDRESS_GROUP) {
325                                  if (((IP_NETWORK_ACL_RECORD *) ptr)->u.group != group) continue;                                  if (((struct ip_network_acl_record *) ptr)->u.group != group) continue;
326                          } else if (record_type == IP_RECORD_TYPE_IPv4) {                          } else if (record_type == IP_RECORD_TYPE_IPv4) {
327                                  if (((IP_NETWORK_ACL_RECORD *) ptr)->u.ipv4.min != min_ip || max_ip != ((IP_NETWORK_ACL_RECORD *) ptr)->u.ipv4.max) continue;                                  if (((struct ip_network_acl_record *) ptr)->u.ipv4.min != min_ip || max_ip != ((struct ip_network_acl_record *) ptr)->u.ipv4.max) continue;
328                          } else if (record_type == IP_RECORD_TYPE_IPv6) {                          } else if (record_type == IP_RECORD_TYPE_IPv6) {
329                                  if (memcmp(((IP_NETWORK_ACL_RECORD *) ptr)->u.ipv6.min, min_address, 16) || memcmp(max_address, ((IP_NETWORK_ACL_RECORD *) ptr)->u.ipv6.max, 16)) continue;                                  if (memcmp(((struct ip_network_acl_record *) ptr)->u.ipv6.min, min_address, 16) || memcmp(max_address, ((struct ip_network_acl_record *) ptr)->u.ipv6.max, 16)) continue;
330                          }                          }
331                          error = DelDomainACL(ptr);                          error = DelDomainACL(ptr);
332                          break;                          break;
# Line 342  static int CheckNetworkEntry(const int i Line 341  static int CheckNetworkEntry(const int i
341          struct domain_info * const domain = current->domain_info;          struct domain_info * const domain = current->domain_info;
342          struct acl_info *ptr;          struct acl_info *ptr;
343          const char *keyword = network2keyword(operation);          const char *keyword = network2keyword(operation);
         const u8 type = TYPE_IP_NETWORK_ACL;  
         const u8 hash = operation;  
344          const int is_enforce = CheckCCSEnforce(CCS_TOMOYO_MAC_FOR_NETWORK);          const int is_enforce = CheckCCSEnforce(CCS_TOMOYO_MAC_FOR_NETWORK);
345          const u32 ip = ntohl(*address); /* using host byte order to allow u32 comparison than memcmp().*/          const u32 ip = ntohl(*address); /* using host byte order to allow u32 comparison than memcmp().*/
346          if (!CheckCCSFlags(CCS_TOMOYO_MAC_FOR_NETWORK)) return 0;          if (!CheckCCSFlags(CCS_TOMOYO_MAC_FOR_NETWORK)) return 0;
347          for (ptr = domain->first_acl_ptr; ptr; ptr = ptr->next) {          for (ptr = domain->first_acl_ptr; ptr; ptr = ptr->next) {
348                  if (ptr->type != type || ptr->is_deleted || ptr->u.b[0] != hash || port < ((IP_NETWORK_ACL_RECORD *) ptr)->min_port || ((IP_NETWORK_ACL_RECORD *) ptr)->max_port < port || CheckCondition(ptr->cond, NULL)) continue;                  if (ptr->type != TYPE_IP_NETWORK_ACL || ptr->is_deleted || ptr->u.b[0] != operation || port < ((struct ip_network_acl_record *) ptr)->min_port || ((struct ip_network_acl_record *) ptr)->max_port < port || CheckCondition(ptr->cond, NULL)) continue;
349                  if (ptr->u.b[1] == IP_RECORD_TYPE_ADDRESS_GROUP) {                  if (ptr->u.b[1] == IP_RECORD_TYPE_ADDRESS_GROUP) {
350                          if (AddressMatchesToGroup(is_ipv6, address, ((IP_NETWORK_ACL_RECORD *) ptr)->u.group)) break;                          if (AddressMatchesToGroup(is_ipv6, address, ((struct ip_network_acl_record *) ptr)->u.group)) break;
351                  } else if (ptr->u.b[1] == IP_RECORD_TYPE_IPv4) {                  } else if (ptr->u.b[1] == IP_RECORD_TYPE_IPv4) {
352                          if (!is_ipv6 && ((IP_NETWORK_ACL_RECORD *) ptr)->u.ipv4.min <= ip && ip <= ((IP_NETWORK_ACL_RECORD *) ptr)->u.ipv4.max) break;                          if (!is_ipv6 && ((struct ip_network_acl_record *) ptr)->u.ipv4.min <= ip && ip <= ((struct ip_network_acl_record *) ptr)->u.ipv4.max) break;
353                  } else {                  } else {
354                          if (is_ipv6 && memcmp(((IP_NETWORK_ACL_RECORD *) ptr)->u.ipv6.min, address, 16) <= 0 && memcmp(address, ((IP_NETWORK_ACL_RECORD *) ptr)->u.ipv6.max, 16) <= 0) break;                          if (is_ipv6 && memcmp(((struct ip_network_acl_record *) ptr)->u.ipv6.min, address, 16) <= 0 && memcmp(address, ((struct ip_network_acl_record *) ptr)->u.ipv6.max, 16) <= 0) break;
355                  }                  }
356          }          }
357          if (ptr) {          if (ptr) {
# Line 379  static int CheckNetworkEntry(const int i Line 376  static int CheckNetworkEntry(const int i
376                  }                  }
377                  return CheckSupervisor("%s\n" KEYWORD_ALLOW_NETWORK "%s %u.%u.%u.%u %u\n", domain->domainname->name, keyword, HIPQUAD(ip), port);                  return CheckSupervisor("%s\n" KEYWORD_ALLOW_NETWORK "%s %u.%u.%u.%u %u\n", domain->domainname->name, keyword, HIPQUAD(ip), port);
378          }          }
379          if (CheckCCSAccept(CCS_TOMOYO_MAC_FOR_NETWORK)) AddNetworkEntry(operation, is_ipv6 ? IP_RECORD_TYPE_IPv6: IP_RECORD_TYPE_IPv4, NULL, address, address, port, port, domain, 0, NULL);          if (CheckCCSAccept(CCS_TOMOYO_MAC_FOR_NETWORK)) AddNetworkEntry(operation, is_ipv6 ? IP_RECORD_TYPE_IPv6: IP_RECORD_TYPE_IPv4, NULL, address, address, port, port, domain, 1, NULL);
380          return 0;          return 0;
381  }  }
382    
# Line 441  int AddNetworkPolicy(char *data, struct Line 438  int AddNetworkPolicy(char *data, struct
438          if (strchr(cp1, ' ')) goto out;          if (strchr(cp1, ' ')) goto out;
439          if ((count = sscanf(cp1, "%hu-%hu", &min_port, &max_port)) == 1 || count == 2) {          if ((count = sscanf(cp1, "%hu-%hu", &min_port, &max_port)) == 1 || count == 2) {
440                  if (count == 1) max_port = min_port;                  if (count == 1) max_port = min_port;
441                  return AddNetworkEntry(operation, record_type, group, (u32 *) min_address, (u32 *) max_address, min_port, max_port, domain, is_delete, condition);                  return AddNetworkEntry(operation, record_type, group, (u32 *) min_address, (u32 *) max_address, min_port, max_port, domain, is_delete ? 0 : -1, condition);
442          }          }
443   out: ;   out: ;
444          return -EINVAL;          return -EINVAL;
# Line 451  int CheckNetworkListenACL(const int is_i Line 448  int CheckNetworkListenACL(const int is_i
448  {  {
449          return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_LISTEN, (const u32 *) address, ntohs(port));          return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_LISTEN, (const u32 *) address, ntohs(port));
450  }  }
451    EXPORT_SYMBOL(CheckNetworkListenACL);
452    
453  int CheckNetworkConnectACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port)  int CheckNetworkConnectACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port)
454  {  {
455          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_CONNECT : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT), (const u32 *) address, ntohs(port));          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_CONNECT : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT), (const u32 *) address, ntohs(port));
456  }  }
457    EXPORT_SYMBOL(CheckNetworkConnectACL);
458    
459  int CheckNetworkBindACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port)  int CheckNetworkBindACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port)
460  {  {
461          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_BIND : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_BIND : NETWORK_ACL_RAW_BIND), (const u32 *) address, ntohs(port));          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_BIND : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_BIND : NETWORK_ACL_RAW_BIND), (const u32 *) address, ntohs(port));
462  }  }
463    EXPORT_SYMBOL(CheckNetworkBindACL);
464    
465  int CheckNetworkAcceptACL(const int is_ipv6, const u8 *address, const u16 port)  int CheckNetworkAcceptACL(const int is_ipv6, const u8 *address, const u16 port)
466  {  {
467          return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_ACCEPT, (const u32 *) address, ntohs(port));          return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_ACCEPT, (const u32 *) address, ntohs(port));
468  }  }
469    EXPORT_SYMBOL(CheckNetworkAcceptACL);
470    
471  int CheckNetworkSendMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port)  int CheckNetworkSendMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port)
472  {  {
473          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port));          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port));
474  }  }
475    EXPORT_SYMBOL(CheckNetworkSendMsgACL);
476    
477  int CheckNetworkRecvMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port)  int CheckNetworkRecvMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port)
478  {  {
479          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port));          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port));
480  }  }
   
 EXPORT_SYMBOL(CheckNetworkListenACL);  
 EXPORT_SYMBOL(CheckNetworkConnectACL);  
 EXPORT_SYMBOL(CheckNetworkBindACL);  
 EXPORT_SYMBOL(CheckNetworkAcceptACL);  
 EXPORT_SYMBOL(CheckNetworkSendMsgACL);  
481  EXPORT_SYMBOL(CheckNetworkRecvMsgACL);  EXPORT_SYMBOL(CheckNetworkRecvMsgACL);
482    
483  /***** TOMOYO Linux end. *****/  /***** TOMOYO Linux end. *****/
Legend:
Removed from v.111  
changed lines
  Added in v.265
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ