net: reduce structures when XFRM=n

ifdef out * struct sk_buff::sp (pointer) * struct dst_entry::xfrm (pointer) * struct sock::sk_policy (2 pointers) Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Alexey Dobriyan <adobriyan@gmail.com> 2008-10-28 16:24:06 -0400
committer: David S. Miller <davem@davemloft.net> 2008-10-28 16:24:06 -0400
commit: def8b4faff5ca349beafbbfeb2c51f3602a6ef3a (patch)
tree: a90fbb0b6ae2a49c507465801f31df77bc5ebf9d /security
parent: b057efd4d226fcc3a92b0dc6d8ea8e8185ecb260 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3e3fde7c1d2b..aedf02b1345a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4626,7 +4626,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
         * as fast and as clean as possible. */
        if (selinux_compat_net || !selinux_policycap_netpeer)
                return selinux_ip_postroute_compat(skb, ifindex, family);
+#ifdef CONFIG_XFRM
        /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec
         * packet transformation so allow the packet to pass without any checks
         * since we'll have another chance to perform access control checks
@@ -4635,7 +4635,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
         *       is NULL, in this case go ahead and apply access control. */
        if (skb->dst != NULL && skb->dst->xfrm != NULL)
                return NF_ACCEPT;
+#endif
        secmark_active = selinux_secmark_enabled();
        peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
        if (!secmark_active && !peerlbl_active)
author	Alexey Dobriyan <adobriyan@gmail.com>	2008-10-28 16:24:06 -0400
committer	David S. Miller <davem@davemloft.net>	2008-10-28 16:24:06 -0400
commit	def8b4faff5ca349beafbbfeb2c51f3602a6ef3a (patch)
tree	a90fbb0b6ae2a49c507465801f31df77bc5ebf9d /security
parent	b057efd4d226fcc3a92b0dc6d8ea8e8185ecb260 (diff)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3e3fde7c1d2b..aedf02b1345a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -4626,7 +4626,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4626	* as fast and as clean as possible. */	4626	* as fast and as clean as possible. */
4627	if (selinux_compat_net \|\| !selinux_policycap_netpeer)	4627	if (selinux_compat_net \|\| !selinux_policycap_netpeer)
4628	return selinux_ip_postroute_compat(skb, ifindex, family);	4628	return selinux_ip_postroute_compat(skb, ifindex, family);
4629		4629	#ifdef CONFIG_XFRM
4630	/* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec	4630	/* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec
4631	* packet transformation so allow the packet to pass without any checks	4631	* packet transformation so allow the packet to pass without any checks
4632	* since we'll have another chance to perform access control checks	4632	* since we'll have another chance to perform access control checks
@@ -4635,7 +4635,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4635	* is NULL, in this case go ahead and apply access control. */	4635	* is NULL, in this case go ahead and apply access control. */
4636	if (skb->dst != NULL && skb->dst->xfrm != NULL)	4636	if (skb->dst != NULL && skb->dst->xfrm != NULL)
4637	return NF_ACCEPT;	4637	return NF_ACCEPT;
4638		4638	#endif
4639	secmark_active = selinux_secmark_enabled();	4639	secmark_active = selinux_secmark_enabled();
4640	peerlbl_active = netlbl_enabled() \|\| selinux_xfrm_enabled();	4640	peerlbl_active = netlbl_enabled() \|\| selinux_xfrm_enabled();
4641	if (!secmark_active && !peerlbl_active)	4641	if (!secmark_active && !peerlbl_active)