diff options
Diffstat (limited to 'net/ipv4/syncookies.c')
| -rw-r--r-- | net/ipv4/syncookies.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 307dc3c0d635..661e0a4bca72 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c | |||
| @@ -214,6 +214,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
| 214 | if (!req) | 214 | if (!req) |
| 215 | goto out; | 215 | goto out; |
| 216 | 216 | ||
| 217 | if (security_inet_conn_request(sk, skb, req)) { | ||
| 218 | reqsk_free(req); | ||
| 219 | goto out; | ||
| 220 | } | ||
| 217 | ireq = inet_rsk(req); | 221 | ireq = inet_rsk(req); |
| 218 | treq = tcp_rsk(req); | 222 | treq = tcp_rsk(req); |
| 219 | treq->rcv_isn = htonl(skb->h.th->seq) - 1; | 223 | treq->rcv_isn = htonl(skb->h.th->seq) - 1; |
| @@ -259,7 +263,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
| 259 | .uli_u = { .ports = | 263 | .uli_u = { .ports = |
| 260 | { .sport = skb->h.th->dest, | 264 | { .sport = skb->h.th->dest, |
| 261 | .dport = skb->h.th->source } } }; | 265 | .dport = skb->h.th->source } } }; |
| 262 | security_sk_classify_flow(sk, &fl); | 266 | security_req_classify_flow(req, &fl); |
| 263 | if (ip_route_output_key(&rt, &fl)) { | 267 | if (ip_route_output_key(&rt, &fl)) { |
| 264 | reqsk_free(req); | 268 | reqsk_free(req); |
| 265 | goto out; | 269 | goto out; |