--- a/usr/src/uts/common/inet/ipclassifier.h Thu Feb 12 16:09:24 2009 +0000
+++ b/usr/src/uts/common/inet/ipclassifier.h Thu Feb 12 08:42:06 2009 -0800
@@ -135,7 +135,6 @@
#define IPCL_IS_RTS(connp) \
((connp)->conn_flags & IPCL_RTSCONN)
-/* FIXME: Isn't it sufficient to check IPCL_IPTUN? */
#define IPCL_IS_IPTUN(connp) \
(((connp)->conn_ulp == IPPROTO_ENCAP || \
(connp)->conn_ulp == IPPROTO_IPV6) && \
@@ -316,7 +315,7 @@
in6_addr_t conn_nexthop_v6; /* nexthop IP address */
uchar_t conn_broadcast_ttl; /* IP_BROADCAST_TTL */
#define conn_nexthop_v4 V4_PART_OF_V6(conn_nexthop_v6)
- cred_t *conn_peercred; /* Peer credentials, if any */
+ cred_t *conn_peercred; /* Peer TX label, if any */
int conn_rtaware; /* RT_AWARE sockopt value */
kcondvar_t conn_sq_cv; /* For non-STREAMS socket IO */
kthread_t *conn_sq_caller; /* Caller of squeue sync ops */
@@ -341,10 +340,17 @@
#endif
};
+/*
+ * These two macros are used by TX. First priority is SCM_UCRED having
+ * set the label in the mblk. Second priority is the peers label (aka
+ * conn_peercred). Last priority is the open credentials.
+ * BEST_CRED takes all three into account in the above order.
+ * CONN_CRED is for connection-oriented cases when we don't need to look
+ * at the mblk.
+ */
#define CONN_CRED(connp) ((connp)->conn_peercred == NULL ? \
(connp)->conn_cred : (connp)->conn_peercred)
-#define BEST_CRED(mp, connp) ((DB_CRED(mp) != NULL && \
- crgetlabel(DB_CRED(mp)) != NULL) ? DB_CRED(mp) : CONN_CRED(connp))
+#define BEST_CRED(mp, connp) ip_best_cred(mp, connp)
/*
* connf_t - connection fanout data.