Trusted Extensions loads three network configuration databases into the kernel. These databases are used in accreditation checks as data is transmitted from host to host.
tnzonecfg – This local database stores zone attributes that are security-related. The tncfg command is the interface to access and modify this database.
The attributes for each zone specify the zone label and the zone's access to single-level and multilevel ports. Another attribute handles responses to control messages, such as ping. The labels for zones are defined in the label_encodings file. For more information, see the label_encodings(4) man page. For a discussion of multilevel ports, see Zones and Multilevel Ports.
tnrhtp – This database stores templates that describe the security attributes of hosts and gateways. The tncfg command is the interface to access and modify this database.
Hosts and gateways use the attributes of the destination host and next-hop gateway to enforce MAC when sending traffic. When receiving traffic, hosts and gateways use the attributes of the sender. However, when an adaptive host is the sender, the receiving network interface assigns its default label to the incoming packets. For details of the security attributes, see Network Security Attributes in Trusted Extensions.
tnrhdb – This database holds the IP addresses and ranges of IP addresses that correspond to all hosts that are allowed to communicate with this system. The tncfg command is the interface to access and modify this database.
Each host or range of IP addresses is assigned a security template from the tnrhtp database. The attributes in the template define the attributes of the assigned host.