diff options
Diffstat (limited to 'net/dccp/ipv6.c')
| -rw-r--r-- | net/dccp/ipv6.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c index 610c722ac27f..7a47399cf31f 100644 --- a/net/dccp/ipv6.c +++ b/net/dccp/ipv6.c | |||
| @@ -201,6 +201,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, | |||
| 201 | fl.oif = sk->sk_bound_dev_if; | 201 | fl.oif = sk->sk_bound_dev_if; |
| 202 | fl.fl_ip_dport = usin->sin6_port; | 202 | fl.fl_ip_dport = usin->sin6_port; |
| 203 | fl.fl_ip_sport = inet->sport; | 203 | fl.fl_ip_sport = inet->sport; |
| 204 | security_sk_classify_flow(sk, &fl); | ||
| 204 | 205 | ||
| 205 | if (np->opt != NULL && np->opt->srcrt != NULL) { | 206 | if (np->opt != NULL && np->opt->srcrt != NULL) { |
| 206 | const struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt; | 207 | const struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt; |
| @@ -230,7 +231,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, | |||
| 230 | ipv6_addr_copy(&np->saddr, saddr); | 231 | ipv6_addr_copy(&np->saddr, saddr); |
| 231 | inet->rcv_saddr = LOOPBACK4_IPV6; | 232 | inet->rcv_saddr = LOOPBACK4_IPV6; |
| 232 | 233 | ||
| 233 | __ip6_dst_store(sk, dst, NULL); | 234 | __ip6_dst_store(sk, dst, NULL, NULL); |
| 234 | 235 | ||
| 235 | icsk->icsk_ext_hdr_len = 0; | 236 | icsk->icsk_ext_hdr_len = 0; |
| 236 | if (np->opt != NULL) | 237 | if (np->opt != NULL) |
| @@ -322,6 +323,7 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 322 | fl.oif = sk->sk_bound_dev_if; | 323 | fl.oif = sk->sk_bound_dev_if; |
| 323 | fl.fl_ip_dport = inet->dport; | 324 | fl.fl_ip_dport = inet->dport; |
| 324 | fl.fl_ip_sport = inet->sport; | 325 | fl.fl_ip_sport = inet->sport; |
| 326 | security_sk_classify_flow(sk, &fl); | ||
| 325 | 327 | ||
| 326 | err = ip6_dst_lookup(sk, &dst, &fl); | 328 | err = ip6_dst_lookup(sk, &dst, &fl); |
| 327 | if (err) { | 329 | if (err) { |
| @@ -422,6 +424,7 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req, | |||
| 422 | fl.oif = ireq6->iif; | 424 | fl.oif = ireq6->iif; |
| 423 | fl.fl_ip_dport = inet_rsk(req)->rmt_port; | 425 | fl.fl_ip_dport = inet_rsk(req)->rmt_port; |
| 424 | fl.fl_ip_sport = inet_sk(sk)->sport; | 426 | fl.fl_ip_sport = inet_sk(sk)->sport; |
| 427 | security_req_classify_flow(req, &fl); | ||
| 425 | 428 | ||
| 426 | if (dst == NULL) { | 429 | if (dst == NULL) { |
| 427 | opt = np->opt; | 430 | opt = np->opt; |
| @@ -566,6 +569,7 @@ static void dccp_v6_ctl_send_reset(struct sk_buff *rxskb) | |||
| 566 | fl.oif = inet6_iif(rxskb); | 569 | fl.oif = inet6_iif(rxskb); |
| 567 | fl.fl_ip_dport = dh->dccph_dport; | 570 | fl.fl_ip_dport = dh->dccph_dport; |
| 568 | fl.fl_ip_sport = dh->dccph_sport; | 571 | fl.fl_ip_sport = dh->dccph_sport; |
| 572 | security_skb_classify_flow(rxskb, &fl); | ||
| 569 | 573 | ||
| 570 | /* sk = NULL, but it is safe for now. RST socket required. */ | 574 | /* sk = NULL, but it is safe for now. RST socket required. */ |
| 571 | if (!ip6_dst_lookup(NULL, &skb->dst, &fl)) { | 575 | if (!ip6_dst_lookup(NULL, &skb->dst, &fl)) { |
| @@ -622,6 +626,7 @@ static void dccp_v6_reqsk_send_ack(struct sk_buff *rxskb, | |||
| 622 | fl.oif = inet6_iif(rxskb); | 626 | fl.oif = inet6_iif(rxskb); |
| 623 | fl.fl_ip_dport = dh->dccph_dport; | 627 | fl.fl_ip_dport = dh->dccph_dport; |
| 624 | fl.fl_ip_sport = dh->dccph_sport; | 628 | fl.fl_ip_sport = dh->dccph_sport; |
| 629 | security_req_classify_flow(req, &fl); | ||
| 625 | 630 | ||
| 626 | if (!ip6_dst_lookup(NULL, &skb->dst, &fl)) { | 631 | if (!ip6_dst_lookup(NULL, &skb->dst, &fl)) { |
| 627 | if (xfrm_lookup(&skb->dst, &fl, NULL, 0) >= 0) { | 632 | if (xfrm_lookup(&skb->dst, &fl, NULL, 0) >= 0) { |
| @@ -704,6 +709,9 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 704 | 709 | ||
| 705 | dccp_openreq_init(req, &dp, skb); | 710 | dccp_openreq_init(req, &dp, skb); |
| 706 | 711 | ||
| 712 | if (security_inet_conn_request(sk, skb, req)) | ||
| 713 | goto drop_and_free; | ||
| 714 | |||
| 707 | ireq6 = inet6_rsk(req); | 715 | ireq6 = inet6_rsk(req); |
| 708 | ireq = inet_rsk(req); | 716 | ireq = inet_rsk(req); |
| 709 | ipv6_addr_copy(&ireq6->rmt_addr, &skb->nh.ipv6h->saddr); | 717 | ipv6_addr_copy(&ireq6->rmt_addr, &skb->nh.ipv6h->saddr); |
| @@ -842,6 +850,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk, | |||
| 842 | fl.oif = sk->sk_bound_dev_if; | 850 | fl.oif = sk->sk_bound_dev_if; |
| 843 | fl.fl_ip_dport = inet_rsk(req)->rmt_port; | 851 | fl.fl_ip_dport = inet_rsk(req)->rmt_port; |
| 844 | fl.fl_ip_sport = inet_sk(sk)->sport; | 852 | fl.fl_ip_sport = inet_sk(sk)->sport; |
| 853 | security_sk_classify_flow(sk, &fl); | ||
| 845 | 854 | ||
| 846 | if (ip6_dst_lookup(sk, &dst, &fl)) | 855 | if (ip6_dst_lookup(sk, &dst, &fl)) |
| 847 | goto out; | 856 | goto out; |
| @@ -863,7 +872,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk, | |||
| 863 | * comment in that function for the gory details. -acme | 872 | * comment in that function for the gory details. -acme |
| 864 | */ | 873 | */ |
| 865 | 874 | ||
| 866 | __ip6_dst_store(newsk, dst, NULL); | 875 | __ip6_dst_store(newsk, dst, NULL, NULL); |
| 867 | newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM | | 876 | newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM | |
| 868 | NETIF_F_TSO); | 877 | NETIF_F_TSO); |
| 869 | newdp6 = (struct dccp6_sock *)newsk; | 878 | newdp6 = (struct dccp6_sock *)newsk; |
| @@ -961,7 +970,7 @@ static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) | |||
| 961 | if (skb->protocol == htons(ETH_P_IP)) | 970 | if (skb->protocol == htons(ETH_P_IP)) |
| 962 | return dccp_v4_do_rcv(sk, skb); | 971 | return dccp_v4_do_rcv(sk, skb); |
| 963 | 972 | ||
| 964 | if (sk_filter(sk, skb, 0)) | 973 | if (sk_filter(sk, skb)) |
| 965 | goto discard; | 974 | goto discard; |
| 966 | 975 | ||
| 967 | /* | 976 | /* |