aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/ipv4/syncookies.c9
-rw-r--r--net/ipv4/tcp_ipv4.c7
2 files changed, 9 insertions, 7 deletions
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index d346c22aa6ae..b35a950d2e06 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -288,10 +288,6 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
288 if (!req) 288 if (!req)
289 goto out; 289 goto out;
290 290
291 if (security_inet_conn_request(sk, skb, req)) {
292 reqsk_free(req);
293 goto out;
294 }
295 ireq = inet_rsk(req); 291 ireq = inet_rsk(req);
296 treq = tcp_rsk(req); 292 treq = tcp_rsk(req);
297 treq->rcv_isn = ntohl(th->seq) - 1; 293 treq->rcv_isn = ntohl(th->seq) - 1;
@@ -322,6 +318,11 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
322 } 318 }
323 } 319 }
324 320
321 if (security_inet_conn_request(sk, skb, req)) {
322 reqsk_free(req);
323 goto out;
324 }
325
325 req->expires = 0UL; 326 req->expires = 0UL;
326 req->retrans = 0; 327 req->retrans = 0;
327 328
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index d0a314879d81..5d427f86b414 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1230,14 +1230,15 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1230 1230
1231 tcp_openreq_init(req, &tmp_opt, skb); 1231 tcp_openreq_init(req, &tmp_opt, skb);
1232 1232
1233 if (security_inet_conn_request(sk, skb, req))
1234 goto drop_and_free;
1235
1236 ireq = inet_rsk(req); 1233 ireq = inet_rsk(req);
1237 ireq->loc_addr = daddr; 1234 ireq->loc_addr = daddr;
1238 ireq->rmt_addr = saddr; 1235 ireq->rmt_addr = saddr;
1239 ireq->no_srccheck = inet_sk(sk)->transparent; 1236 ireq->no_srccheck = inet_sk(sk)->transparent;
1240 ireq->opt = tcp_v4_save_options(sk, skb); 1237 ireq->opt = tcp_v4_save_options(sk, skb);
1238
1239 if (security_inet_conn_request(sk, skb, req))
1240 goto drop_and_free;
1241
1241 if (!want_cookie) 1242 if (!want_cookie)
1242 TCP_ECN_create_request(req, tcp_hdr(skb)); 1243 TCP_ECN_create_request(req, tcp_hdr(skb));
1243 1244