函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\smack\smack_lsm.c Create Date:2022-07-27 20:53:15
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:smack_socket_sock_rcv_skb - Smack packet delivery access check*@sk: socket*@skb: packet* Returns 0 if the packet should be delivered, an error code otherwise

函数原型:static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)

返回类型:int

参数:

类型参数名称
struct sock *sk
struct sk_buff *skb
3844  ssp等于sk_security
3845  struct smack_known * skp = NULL
3846  rc等于0
3848  family等于sk_family
3856  如果family恒等于PF_INET6protocol恒等于htons(Internet Protocol packet )则family等于PF_INET
3861  :family恒等于PF_INET
3868  如果skbsecmark不等于0则
3870  转到:access_check
3876  lbl_secattr_init - Initialize a netlbl_lsm_secattr struct*@secattr: the struct to initialize* Description:* Initialize an already allocated netlbl_lsm_secattr struct.
3878  rc等于netlbl_skbuff_getattr(skb, family, & secattr)
3879  如果rc恒等于0则skp等于smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack*@sap: netlabel secattr*@ssp: socket security information* Returns a pointer to a Smack label entry found on the label list.
3881  否则skp等于smack_net_ambient
3884  lbl_secattr_destroy - Clears a netlbl_lsm_secattr struct*@secattr: the struct to clear* Description:* Destroys the @secattr struct, including freeing all of the internal buffers.* The struct must be reset with a call to netlbl_secattr_init() before reuse.
3887  access_check :
3890  smk_ad_init_net( & ad, __func__, LSM_AUDIT_DATA_NET, & net)
3891  family等于family
3892  netif等于skb_iif
3893  pv4_skb_to_auditdata : fill auditdata from skb*@skb : the skb*@ad : the audit data to fill*@proto : the layer 4 protocol* return 0 on success
3901  rc等于smk_access(skp, inbound label , MAY_WRITE, & ad)
3902  rc等于smk_bu_note("IPv4 delivery", skp, inbound label , MAY_WRITE, rc)
3904  如果rc不等于0则netlbl_skbuff_err(skb, family, rc, 0)
3906  退出
3908  :family恒等于PF_INET6
3909  proto等于smk_skb_to_addr_ipv6(skb, & sadd)
3910  如果proto不等于IPPROTO_UDPproto不等于IPPROTO_UDPLITEproto不等于IPPROTO_TCPproto不等于IPPROTO_DCCP退出
3914  如果skbsecmark不等于0则skp等于smack_from_secid(secmark)
3916  否则如果smk_ipv6_localhost - Check for local ipv6 host address*@sip: the address* Returns boolean true if this is the localhost address退出
3918  否则skp等于smack_ipv6host_label - check host based restrictions*@sip: the object end* looks for host based access restrictions* This version will only be appropriate for really small sets of single label* hosts
3920  如果(skp == NULL)则skp等于smack_net_ambient
3922  如果(skb == NULL)则退出
3925  smk_ad_init_net( & ad, __func__, LSM_AUDIT_DATA_NET, & net)
3926  family等于family
3927  netif等于skb_iif
3928  ipv6_skb_to_auditdata(skb, & a, NULL)
3930  rc等于smk_access(skp, inbound label , MAY_WRITE, & ad)
3931  rc等于smk_bu_note("IPv6 delivery", skp, inbound label , MAY_WRITE, rc)
3935  rc等于smk_ipv6_port_check - check Smack port access*@sk: socket*@address: address*@act: the action being taken* Create or update the port list entry
3937  如果rc不等于0则icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADM_PROHIBITED, 0)
3940  退出
3944  返回:rc