aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2006-11-17 17:38:47 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2006-12-03 00:24:08 -0500
commit05e00cbf5036929355020dab4837b637203a0742 (patch)
tree642cd1852808fbd89a2c666e39f23b7f48f2c4c0 /net
parent701a90bad99b8081a824cca52c178c8fc8f46bb2 (diff)
NetLabel: check for a CIPSOv4 option before we do call into the CIPSOv4 layer
Right now the NetLabel code always jumps into the CIPSOv4 layer to determine if a CIPSO IP option is present. However, we can do this check directly in the NetLabel code by making use of the CIPSO_V4_OPTEXIST() macro which should save us a function call in the common case of not having a CIPSOv4 option present. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/cipso_ipv4.c2
-rw-r--r--net/netlabel/netlabel_kapi.c6
2 files changed, 2 insertions, 6 deletions
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index f0a0785047f..fb5d913f581 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -1435,8 +1435,6 @@ int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
1435 u32 doi; 1435 u32 doi;
1436 struct cipso_v4_doi *doi_def; 1436 struct cipso_v4_doi *doi_def;
1437 1437
1438 if (!CIPSO_V4_OPTEXIST(skb))
1439 return -ENOMSG;
1440 cipso_ptr = CIPSO_V4_OPTPTR(skb); 1438 cipso_ptr = CIPSO_V4_OPTPTR(skb);
1441 if (cipso_v4_cache_check(cipso_ptr, cipso_ptr[1], secattr) == 0) 1439 if (cipso_v4_cache_check(cipso_ptr, cipso_ptr[1], secattr) == 0)
1442 return 0; 1440 return 0;
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index da2f1975a04..b35ebf94918 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -149,10 +149,8 @@ int netlbl_socket_getattr(const struct socket *sock,
149int netlbl_skbuff_getattr(const struct sk_buff *skb, 149int netlbl_skbuff_getattr(const struct sk_buff *skb,
150 struct netlbl_lsm_secattr *secattr) 150 struct netlbl_lsm_secattr *secattr)
151{ 151{
152 int ret_val; 152 if (CIPSO_V4_OPTEXIST(skb) &&
153 153 cipso_v4_skbuff_getattr(skb, secattr) == 0)
154 ret_val = cipso_v4_skbuff_getattr(skb, secattr);
155 if (ret_val == 0)
156 return 0; 154 return 0;
157 155
158 return netlbl_unlabel_getattr(secattr); 156 return netlbl_unlabel_getattr(secattr);