labelsys.c revision 45916cd2fec6e79bca5dee0421bd39e3c2910d1e
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * CDDL HEADER START
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * The contents of this file are subject to the terms of the
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Common Development and Distribution License (the "License").
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * You may not use this file except in compliance with the License.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * See the License for the specific language governing permissions
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * and limitations under the License.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * When distributing Covered Code, include this CDDL HEADER in each
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * If applicable, add the following below this CDDL HEADER, with the
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * fields enclosed by brackets "[]" replaced with your own identifying
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * information: Portions Copyright [yyyy] [name of copyright owner]
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * CDDL HEADER END
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Use is subject to license terms.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#pragma ident "%Z%%M% %I% %E% SMI"
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkstatic mod_hash_t *tpc_name_hash; /* hash of cache entries by name */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * tnrhc_table and tnrhc_table_v6 are similar to the IP forwarding tables
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * in organization and search. The tnrhc_table[_v6] is an array of 33/129
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * pointers to the 33/129 tnrhc tables indexed by the prefix length.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * A largest prefix match search is done by find_rhc_v[46] and it walks the
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * tables from the most specific to the least specific table. Table 0
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * corresponds to the single entry for 0.0.0.0/0 or ::0/0.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkstatic void tsol_create_i_tmpls(void);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/* List of MLPs on valid on shared addresses */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Convert length for a mask to the mask.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk return (masklen == 0 ? 0 : htonl(IP_HOST_MASK << (IP_ABITS - masklen)));
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Convert a prefix length to the mask for that prefix.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Returns the argument bitmask.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkstatic void
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktnrhc_init_table(tnrhc_hash_t *table[], short prefix_len, int kmflag)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk kmem_zalloc(TNRHC_SIZE * sizeof (tnrhc_hash_t), kmflag);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk for (i = 0; i < TNRHC_SIZE; i++) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Note: unable to use mod_hash_create_strhash here, since it's
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * assymetric. It assumes that the user has allocated exactly
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * strlen(key) + 1 bytes for the key when inserted, and attempts to
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * kmem_free that memory on a delete.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tpc_name_hash = mod_hash_create_extended("tnrhtpc_by_name", 256,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk mod_hash_null_keydtor, mod_hash_null_valdtor, mod_hash_bystr,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* label_init always called before tcache_init */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* Initialize the zeroth table prior to loading the 0.0.0.0 entry */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * create an internal host template called "_unlab"
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * create a host entry, 0.0.0.0 = _unlab
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * create a host entry, ::0 = _unlab
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk rw_init(&shared_mlps.mlpl_rwlock, NULL, RW_DEFAULT, NULL);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/* Called only by the TNRHC_RELE macro when the refcount goes to zero. */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * We assert rhc_invalid here to make sure that no new thread could
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * possibly end up finding this entry. If it could, then the
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * mutex_destroy would panic.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk DTRACE_PROBE1(tx__tndb__l3__tnrhcfree, tsol_tnrhc_t *, tnrhc);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/* Called only by the TPC_RELE macro when the refcount goes to zero. */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk DTRACE_PROBE1(tx__tndb__l3__tpcfree, tsol_tpc_t *, tpc);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Find and hold a reference to a template entry by name. Ignores entries that
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * are being deleted.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (mod_hash_find(hash, (mod_hash_key_t)name, &hv) == 0) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (rhent->rh_prefix < 0 || rhent->rh_prefix > IP_ABITS)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (rhent->rh_prefix < 0 || rhent->rh_prefix > IPV6_ABITS)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* search for existing entry */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Flush all remote host entries from the database.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Note that the htable arrays themselves do not have reference counters, so,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * unlike the remote host entries, they cannot be freed.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkstatic void
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk while (--nbits >= 0) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * List walkers hold this lock during the walk. It
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * protects tnrh_list and rhc_next.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * There may still be users of the rhcs at this point,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * but not of the list or its next pointer. Thus, the
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * only thing that would need to be done under a lock
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * is setting the invalid bit, but that's atomic
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * anyway, so no locks needed here.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Load a remote host entry into kernel cache. Create a new one if a matching
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * entry isn't found, otherwise replace the contents of the previous one by
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * deleting it and recreating it. (Delete and recreate is used to avoid
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * allowing other threads to see an unstable data structure.)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * A "matching" entry is the one whose address matches that of the one
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * being loaded.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Return 0 for success, error code for failure.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* Find the existing entry, if any, leaving the hash locked */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (rhent->rh_prefix < 0 || rhent->rh_prefix > IP_ABITS)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (rhent->rh_prefix < 0 || rhent->rh_prefix > IPV6_ABITS)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if ((new = kmem_zalloc(sizeof (*new), KM_NOSLEEP)) == NULL) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* Find and bump the reference count on the named template */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if ((tpc = tnrhtp_find(rhent->rh_template, tpc_name_hash)) == NULL) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* Clobber the old remote host entry. */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* Initialize the new entry. */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* The rhc now owns this tpc reference, so no TPC_RELE past here */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk return (0);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tpc = find_tpc(&rhent->rh_address.ta_addr_v4, IPV4_VERSION,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tpc = find_tpc(&rhent->rh_address.ta_addr_v6, IPV6_VERSION,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk DTRACE_PROBE2(tx__tndb__l4__tnrhget__foundtpc, tsol_rhent_t *,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk return (0);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* Make sure user has sufficient privilege */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Get arguments
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk switch (cmd) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Copy out result
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk flush_rh_table(tnrhc_table_v6, TSOL_MASK_TABLE_SIZE_V6);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * We intentionally allocate a new entry before taking the lock on the
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * entire database.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if ((tpc = kmem_zalloc(sizeof (*tpc), kmflags)) == NULL)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (mod_hash_find(tpc_name_hash, (mod_hash_key_t)tpent->name,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* tsol_tpent_t is the same on LP64 and ILP32 */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk (void) mod_hash_insert(tpc_name_hash, (mod_hash_key_t)tpc->tpc_tp.name,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (mod_hash_find(tpc_name_hash, (mod_hash_key_t)tname, &hv) == 0) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/* ARGSUSED */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktpc_delete(mod_hash_key_t key, mod_hash_val_t *val, void *arg)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkstatic void
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* Make sure user has sufficient privilege */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Get argument. Note that tsol_tpent_t is the same on LP64 and ILP32,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * so no special handling is required.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Don't let the user give us a bogus (unterminated) template
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk switch (cmd) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* Copy out result */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (copyout(&tpc->tpc_tp, buf, sizeof (tpc->tpc_tp)) != 0) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * MLP entry ordering logic
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * There are two loops in this routine. The first loop finds the entry that
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * either logically follows the new entry to be inserted, or is the entry that
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * precedes and overlaps the new entry, or is NULL to mean end-of-list. This
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * is 'tme.' The second loop scans ahead from that point to find any overlap
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * on the front or back of this new entry.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * For the first loop, we can have the following cases in the list (note that
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * the port-portmax range is inclusive):
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * port portmax
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * +--------+
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * 1: +------+ ................... precedes; skip to next
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * 2: +------+ ............. overlaps; stop here if same protocol
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * 3: +------+ ......... overlaps; stop if same or higher protocol
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * 4: +-------+ .... overlaps or succeeds; stop here
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * For the second loop, we can have the following cases (note that we need not
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * care about other protocol entries at this point, because we're only looking
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * for overlap, not an insertion point):
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * port portmax
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * +--------+
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * 5: +------+ ............. overlaps; stop if same protocol
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * 6: +------+ ......... overlaps; stop if same protocol
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * 7: +-------+ .... overlaps; stop if same protocol
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * 8: +---+ . follows; search is done
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * In other words, this second search needs to consider only whether the entry
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * has a starting port number that's greater than the end point of the new
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * entry. All others are overlaps.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkmlp_add_del(tsol_mlp_list_t *mlpl, zoneid_t zoneid, uint8_t proto,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if ((newent = kmem_zalloc(sizeof (*newent), KM_NOSLEEP)) ==
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * First loop: find logical insertion point or overlap. Table is kept
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * in order of port number first, and then, within that, by protocol
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk for (tme = mlpl->mlpl_first; tme != NULL; tme = tme->mlpe_next) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* logically next (case 4) */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* if this is logically next or overlap, then stop (case 3) */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* earlier or same port sequence; check for overlap (case 2) */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* otherwise, loop again (case 1) */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* Second loop: scan ahead for overlap */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk for (tme2 = tme; tme2 != NULL; tme2 = tme2->mlpe_next) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* check if entry follows; no overlap (case 8) */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* only exact protocol matches at this point (cases 5-7) */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Add or remove an MLP entry from the database so that the classifier can find
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Note: port number is in host byte order.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktsol_mlp_anon(zone_t *zone, mlp_type_t mlptype, uchar_t proto, uint16_t port,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk retv = mlp_add_del(&zone->zone_mlps, zone->zone_id, proto,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk retv = mlp_add_del(&shared_mlps, zone->zone_id, proto, port,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkstatic void
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk for (tme = mlpl->mlpl_first; tme != NULL; tme = tmnext) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (zoneid == ALL_ZONES || tme->mlpe_zoneid == zoneid) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Note: user supplies port numbers in host byte order.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* Make sure user has sufficient privilege */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Get argument. Note that tsol_mlpent_t is the same on LP64 and
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * ILP32, so no special handling is required.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* MLPs on shared IP addresses */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk switch (cmd) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (tsme.tsme_mlp.mlp_ipp == 0 || tsme.tsme_mlp.mlp_port == 0 ||
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tsme.tsme_mlp.mlp_port > tsme.tsme_mlp.mlp_port_upper) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Search for the requested element or, failing that, the one
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * that's logically next in the sequence.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* Copy out result */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Returns a tnrhc matching the addr address.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * The returned rhc's refcnt is incremented.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Returns a tnrhc matching the addr address.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * The returned rhc's refcnt is incremented.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkfind_tpc(const void *addr, uchar_t version, boolean_t staleok)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * This should not happen unless the user deletes
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * templates without recreating them. Try to find the
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * new version of template. If there is none, then
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * just give up.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * create an internal template called "_unlab":
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * _unlab;\
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * host_type = unlabeled;\
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * def_label = ADMIN_LOW[ADMIN_LOW];\
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * min_sl = ADMIN_LOW;\
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * max_sl = ADMIN_HIGH;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkstatic void
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* create _unlab */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk rhtpent.tp_mask_unl = TSOL_MSK_DEF_LABEL | TSOL_MSK_DEF_CL |
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk rhtpent.tp_gw_sl_range.lower_bound = *label2bslabel(l_admin_low);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk rhtpent.tp_def_label = rhtpent.tp_gw_sl_range.lower_bound;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk rhtpent.tp_gw_sl_range.upper_bound = *label2bslabel(l_admin_high);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * set up internal host template, called from kernel only.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkstatic void
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* Allocate a new entry before taking the lock */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tnrhc_hash = (sa->ta_family == AF_INET) ? &tnrhc_table[0][0] :
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* We're keeping the new entry. */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Link the entry to internal_unlab
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Returns 0 if the port is known to be SLP. Returns next possible port number
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * (wrapping through 1) if port is MLP on shared or global. Administrator
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * should not make all ports MLP. If that's done, then we'll just pretend
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * everything is SLP to avoid looping forever.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Note: port is in host byte order.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktsol_next_port(zone_t *zone, in_port_t port, int proto, boolean_t upward)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk for (;;) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (zone != NULL && zone->zone_mlps.mlpl_first != NULL) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk return (0);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * tsol_mlp_port_type will check if the given (zone, proto, port) is a
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * multilevel port. If it is, return the type (shared, private, or both), or
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * indicate that it's single-level.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Note: port is given in host byte order, not network byte order.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktsol_mlp_port_type(zone_t *zone, uchar_t proto, uint16_t port,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * tsol_mlp_findzone will check if the given (proto, port) is a multilevel port
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * on a shared address. If it is, return the owning zone.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Note: lport is in network byte order, unlike the other MLP functions,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * because the callers of this function are all dealing with packets off the
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk for (tme = shared_mlps.mlpl_first; tme != NULL; tme = tme->mlpe_next) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/* Debug routine */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk const _blevel_impl_t *bli = (const _blevel_impl_t *)blev;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* We really support only sensitivity labels */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk cmn_err(CE_NOTE, "%s %x:%x:%08x%08x%08x%08x%08x%08x%08x%08x",
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ntohl(bli->_comps.c2), ntohl(bli->_comps.c3), ntohl(bli->_comps.c4),
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ntohl(bli->_comps.c5), ntohl(bli->_comps.c6), ntohl(bli->_comps.c7),
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Name: labelsys()
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Normal: Routes TSOL syscalls.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Output: As defined for each TSOL syscall.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Returns ENOSYS for unrecognized calls.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/* ARGSUSED */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpklabelsys(int op, void *a1, void *a2, void *a3, void *a4, void *a5)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk switch (op) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk return (fgetlabel((int)(uintptr_t)a1, (bslabel_t *)a2));
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* NOTREACHED */