diff options
-rw-r--r-- | net/ipv4/syncookies.c | 9 | ||||
-rw-r--r-- | net/ipv4/tcp_ipv4.c | 7 |
2 files changed, 9 insertions, 7 deletions
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index d346c22aa6ae..b35a950d2e06 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c | |||
@@ -288,10 +288,6 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
288 | if (!req) | 288 | if (!req) |
289 | goto out; | 289 | goto out; |
290 | 290 | ||
291 | if (security_inet_conn_request(sk, skb, req)) { | ||
292 | reqsk_free(req); | ||
293 | goto out; | ||
294 | } | ||
295 | ireq = inet_rsk(req); | 291 | ireq = inet_rsk(req); |
296 | treq = tcp_rsk(req); | 292 | treq = tcp_rsk(req); |
297 | treq->rcv_isn = ntohl(th->seq) - 1; | 293 | treq->rcv_isn = ntohl(th->seq) - 1; |
@@ -322,6 +318,11 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
322 | } | 318 | } |
323 | } | 319 | } |
324 | 320 | ||
321 | if (security_inet_conn_request(sk, skb, req)) { | ||
322 | reqsk_free(req); | ||
323 | goto out; | ||
324 | } | ||
325 | |||
325 | req->expires = 0UL; | 326 | req->expires = 0UL; |
326 | req->retrans = 0; | 327 | req->retrans = 0; |
327 | 328 | ||
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index d0a314879d81..5d427f86b414 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
@@ -1230,14 +1230,15 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
1230 | 1230 | ||
1231 | tcp_openreq_init(req, &tmp_opt, skb); | 1231 | tcp_openreq_init(req, &tmp_opt, skb); |
1232 | 1232 | ||
1233 | if (security_inet_conn_request(sk, skb, req)) | ||
1234 | goto drop_and_free; | ||
1235 | |||
1236 | ireq = inet_rsk(req); | 1233 | ireq = inet_rsk(req); |
1237 | ireq->loc_addr = daddr; | 1234 | ireq->loc_addr = daddr; |
1238 | ireq->rmt_addr = saddr; | 1235 | ireq->rmt_addr = saddr; |
1239 | ireq->no_srccheck = inet_sk(sk)->transparent; | 1236 | ireq->no_srccheck = inet_sk(sk)->transparent; |
1240 | ireq->opt = tcp_v4_save_options(sk, skb); | 1237 | ireq->opt = tcp_v4_save_options(sk, skb); |
1238 | |||
1239 | if (security_inet_conn_request(sk, skb, req)) | ||
1240 | goto drop_and_free; | ||
1241 | |||
1241 | if (!want_cookie) | 1242 | if (!want_cookie) |
1242 | TCP_ECN_create_request(req, tcp_hdr(skb)); | 1243 | TCP_ECN_create_request(req, tcp_hdr(skb)); |
1243 | 1244 | ||