diff options
Diffstat (limited to 'net/dccp/ipv6.c')
| -rw-r--r-- | net/dccp/ipv6.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c index 65e2ab0886e6..7a47399cf31f 100644 --- a/net/dccp/ipv6.c +++ b/net/dccp/ipv6.c | |||
| @@ -12,7 +12,6 @@ | |||
| 12 | * 2 of the License, or (at your option) any later version. | 12 | * 2 of the License, or (at your option) any later version. |
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| 15 | #include <linux/config.h> | ||
| 16 | #include <linux/module.h> | 15 | #include <linux/module.h> |
| 17 | #include <linux/random.h> | 16 | #include <linux/random.h> |
| 18 | #include <linux/xfrm.h> | 17 | #include <linux/xfrm.h> |
| @@ -32,6 +31,7 @@ | |||
| 32 | 31 | ||
| 33 | #include "dccp.h" | 32 | #include "dccp.h" |
| 34 | #include "ipv6.h" | 33 | #include "ipv6.h" |
| 34 | #include "feat.h" | ||
| 35 | 35 | ||
| 36 | /* Socket used for sending RSTs and ACKs */ | 36 | /* Socket used for sending RSTs and ACKs */ |
| 37 | static struct socket *dccp_v6_ctl_socket; | 37 | static struct socket *dccp_v6_ctl_socket; |
| @@ -201,6 +201,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, | |||
| 201 | fl.oif = sk->sk_bound_dev_if; | 201 | fl.oif = sk->sk_bound_dev_if; |
| 202 | fl.fl_ip_dport = usin->sin6_port; | 202 | fl.fl_ip_dport = usin->sin6_port; |
| 203 | fl.fl_ip_sport = inet->sport; | 203 | fl.fl_ip_sport = inet->sport; |
| 204 | security_sk_classify_flow(sk, &fl); | ||
| 204 | 205 | ||
| 205 | if (np->opt != NULL && np->opt->srcrt != NULL) { | 206 | if (np->opt != NULL && np->opt->srcrt != NULL) { |
| 206 | const struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt; | 207 | const struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt; |
| @@ -230,7 +231,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, | |||
| 230 | ipv6_addr_copy(&np->saddr, saddr); | 231 | ipv6_addr_copy(&np->saddr, saddr); |
| 231 | inet->rcv_saddr = LOOPBACK4_IPV6; | 232 | inet->rcv_saddr = LOOPBACK4_IPV6; |
| 232 | 233 | ||
| 233 | ip6_dst_store(sk, dst, NULL); | 234 | __ip6_dst_store(sk, dst, NULL, NULL); |
| 234 | 235 | ||
| 235 | icsk->icsk_ext_hdr_len = 0; | 236 | icsk->icsk_ext_hdr_len = 0; |
| 236 | if (np->opt != NULL) | 237 | if (np->opt != NULL) |
| @@ -322,6 +323,7 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 322 | fl.oif = sk->sk_bound_dev_if; | 323 | fl.oif = sk->sk_bound_dev_if; |
| 323 | fl.fl_ip_dport = inet->dport; | 324 | fl.fl_ip_dport = inet->dport; |
| 324 | fl.fl_ip_sport = inet->sport; | 325 | fl.fl_ip_sport = inet->sport; |
| 326 | security_sk_classify_flow(sk, &fl); | ||
| 325 | 327 | ||
| 326 | err = ip6_dst_lookup(sk, &dst, &fl); | 328 | err = ip6_dst_lookup(sk, &dst, &fl); |
| 327 | if (err) { | 329 | if (err) { |
| @@ -422,6 +424,7 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req, | |||
| 422 | fl.oif = ireq6->iif; | 424 | fl.oif = ireq6->iif; |
| 423 | fl.fl_ip_dport = inet_rsk(req)->rmt_port; | 425 | fl.fl_ip_dport = inet_rsk(req)->rmt_port; |
| 424 | fl.fl_ip_sport = inet_sk(sk)->sport; | 426 | fl.fl_ip_sport = inet_sk(sk)->sport; |
| 427 | security_req_classify_flow(req, &fl); | ||
| 425 | 428 | ||
| 426 | if (dst == NULL) { | 429 | if (dst == NULL) { |
| 427 | opt = np->opt; | 430 | opt = np->opt; |
| @@ -566,6 +569,7 @@ static void dccp_v6_ctl_send_reset(struct sk_buff *rxskb) | |||
| 566 | fl.oif = inet6_iif(rxskb); | 569 | fl.oif = inet6_iif(rxskb); |
| 567 | fl.fl_ip_dport = dh->dccph_dport; | 570 | fl.fl_ip_dport = dh->dccph_dport; |
| 568 | fl.fl_ip_sport = dh->dccph_sport; | 571 | fl.fl_ip_sport = dh->dccph_sport; |
| 572 | security_skb_classify_flow(rxskb, &fl); | ||
| 569 | 573 | ||
| 570 | /* sk = NULL, but it is safe for now. RST socket required. */ | 574 | /* sk = NULL, but it is safe for now. RST socket required. */ |
| 571 | if (!ip6_dst_lookup(NULL, &skb->dst, &fl)) { | 575 | if (!ip6_dst_lookup(NULL, &skb->dst, &fl)) { |
| @@ -622,6 +626,7 @@ static void dccp_v6_reqsk_send_ack(struct sk_buff *rxskb, | |||
| 622 | fl.oif = inet6_iif(rxskb); | 626 | fl.oif = inet6_iif(rxskb); |
| 623 | fl.fl_ip_dport = dh->dccph_dport; | 627 | fl.fl_ip_dport = dh->dccph_dport; |
| 624 | fl.fl_ip_sport = dh->dccph_sport; | 628 | fl.fl_ip_sport = dh->dccph_sport; |
| 629 | security_req_classify_flow(req, &fl); | ||
| 625 | 630 | ||
| 626 | if (!ip6_dst_lookup(NULL, &skb->dst, &fl)) { | 631 | if (!ip6_dst_lookup(NULL, &skb->dst, &fl)) { |
| 627 | if (xfrm_lookup(&skb->dst, &fl, NULL, 0) >= 0) { | 632 | if (xfrm_lookup(&skb->dst, &fl, NULL, 0) >= 0) { |
| @@ -704,12 +709,14 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 704 | 709 | ||
| 705 | dccp_openreq_init(req, &dp, skb); | 710 | dccp_openreq_init(req, &dp, skb); |
| 706 | 711 | ||
| 712 | if (security_inet_conn_request(sk, skb, req)) | ||
| 713 | goto drop_and_free; | ||
| 714 | |||
| 707 | ireq6 = inet6_rsk(req); | 715 | ireq6 = inet6_rsk(req); |
| 708 | ireq = inet_rsk(req); | 716 | ireq = inet_rsk(req); |
| 709 | ipv6_addr_copy(&ireq6->rmt_addr, &skb->nh.ipv6h->saddr); | 717 | ipv6_addr_copy(&ireq6->rmt_addr, &skb->nh.ipv6h->saddr); |
| 710 | ipv6_addr_copy(&ireq6->loc_addr, &skb->nh.ipv6h->daddr); | 718 | ipv6_addr_copy(&ireq6->loc_addr, &skb->nh.ipv6h->daddr); |
| 711 | req->rcv_wnd = 100; /* Fake, option parsing will get the | 719 | req->rcv_wnd = dccp_feat_default_sequence_window; |
| 712 | right value */ | ||
| 713 | ireq6->pktopts = NULL; | 720 | ireq6->pktopts = NULL; |
| 714 | 721 | ||
| 715 | if (ipv6_opt_accepted(sk, skb) || | 722 | if (ipv6_opt_accepted(sk, skb) || |
| @@ -843,6 +850,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk, | |||
| 843 | fl.oif = sk->sk_bound_dev_if; | 850 | fl.oif = sk->sk_bound_dev_if; |
| 844 | fl.fl_ip_dport = inet_rsk(req)->rmt_port; | 851 | fl.fl_ip_dport = inet_rsk(req)->rmt_port; |
| 845 | fl.fl_ip_sport = inet_sk(sk)->sport; | 852 | fl.fl_ip_sport = inet_sk(sk)->sport; |
| 853 | security_sk_classify_flow(sk, &fl); | ||
| 846 | 854 | ||
| 847 | if (ip6_dst_lookup(sk, &dst, &fl)) | 855 | if (ip6_dst_lookup(sk, &dst, &fl)) |
| 848 | goto out; | 856 | goto out; |
| @@ -864,7 +872,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk, | |||
| 864 | * comment in that function for the gory details. -acme | 872 | * comment in that function for the gory details. -acme |
| 865 | */ | 873 | */ |
| 866 | 874 | ||
| 867 | ip6_dst_store(newsk, dst, NULL); | 875 | __ip6_dst_store(newsk, dst, NULL, NULL); |
| 868 | newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM | | 876 | newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM | |
| 869 | NETIF_F_TSO); | 877 | NETIF_F_TSO); |
| 870 | newdp6 = (struct dccp6_sock *)newsk; | 878 | newdp6 = (struct dccp6_sock *)newsk; |
| @@ -962,7 +970,7 @@ static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) | |||
| 962 | if (skb->protocol == htons(ETH_P_IP)) | 970 | if (skb->protocol == htons(ETH_P_IP)) |
| 963 | return dccp_v4_do_rcv(sk, skb); | 971 | return dccp_v4_do_rcv(sk, skb); |
| 964 | 972 | ||
| 965 | if (sk_filter(sk, skb, 0)) | 973 | if (sk_filter(sk, skb)) |
| 966 | goto discard; | 974 | goto discard; |
| 967 | 975 | ||
| 968 | /* | 976 | /* |