diff options
| author | Paul Moore <pmoore@redhat.com> | 2013-12-03 11:39:13 -0500 |
|---|---|---|
| committer | Paul Moore <pmoore@redhat.com> | 2013-12-04 16:08:27 -0500 |
| commit | 0b1f24e6db9a60c1f68117ad158ea29faa7c3a7f (patch) | |
| tree | 3720295706f668b9a8f6e5d754ec0a7bcbe9e14e | |
| parent | 050d032b25e617cd738db8d6fd5aed24d87cbbcb (diff) | |
selinux: pull address family directly from the request_sock struct
We don't need to inspect the packet to determine if the packet is an
IPv4 packet arriving on an IPv6 socket when we can query the
request_sock directly.
Signed-off-by: Paul Moore <pmoore@redhat.com>
| -rw-r--r-- | security/selinux/hooks.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index cc076a9b0344..17d7689660ea 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -4476,14 +4476,10 @@ static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb, | |||
| 4476 | { | 4476 | { |
| 4477 | struct sk_security_struct *sksec = sk->sk_security; | 4477 | struct sk_security_struct *sksec = sk->sk_security; |
| 4478 | int err; | 4478 | int err; |
| 4479 | u16 family = sk->sk_family; | 4479 | u16 family = req->rsk_ops->family; |
| 4480 | u32 connsid; | 4480 | u32 connsid; |
| 4481 | u32 peersid; | 4481 | u32 peersid; |
| 4482 | 4482 | ||
| 4483 | /* handle mapped IPv4 packets arriving via IPv6 sockets */ | ||
| 4484 | if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) | ||
| 4485 | family = PF_INET; | ||
| 4486 | |||
| 4487 | err = selinux_skb_peerlbl_sid(skb, family, &peersid); | 4483 | err = selinux_skb_peerlbl_sid(skb, family, &peersid); |
| 4488 | if (err) | 4484 | if (err) |
| 4489 | return err; | 4485 | return err; |