diff options
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/inet_connection_sock.c | 4 | ||||
| -rw-r--r-- | net/ipv4/syncookies.c | 6 | ||||
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 3 |
3 files changed, 11 insertions, 2 deletions
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c index 772b4eac78bc..07204391d083 100644 --- a/net/ipv4/inet_connection_sock.c +++ b/net/ipv4/inet_connection_sock.c | |||
| @@ -327,7 +327,7 @@ struct dst_entry* inet_csk_route_req(struct sock *sk, | |||
| 327 | { .sport = inet_sk(sk)->sport, | 327 | { .sport = inet_sk(sk)->sport, |
| 328 | .dport = ireq->rmt_port } } }; | 328 | .dport = ireq->rmt_port } } }; |
| 329 | 329 | ||
| 330 | security_sk_classify_flow(sk, &fl); | 330 | security_req_classify_flow(req, &fl); |
| 331 | if (ip_route_output_flow(&rt, &fl, sk, 0)) { | 331 | if (ip_route_output_flow(&rt, &fl, sk, 0)) { |
| 332 | IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES); | 332 | IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES); |
| 333 | return NULL; | 333 | return NULL; |
| @@ -510,6 +510,8 @@ struct sock *inet_csk_clone(struct sock *sk, const struct request_sock *req, | |||
| 510 | 510 | ||
| 511 | /* Deinitialize accept_queue to trap illegal accesses. */ | 511 | /* Deinitialize accept_queue to trap illegal accesses. */ |
| 512 | memset(&newicsk->icsk_accept_queue, 0, sizeof(newicsk->icsk_accept_queue)); | 512 | memset(&newicsk->icsk_accept_queue, 0, sizeof(newicsk->icsk_accept_queue)); |
| 513 | |||
| 514 | security_inet_csk_clone(newsk, req); | ||
| 513 | } | 515 | } |
| 514 | return newsk; | 516 | return newsk; |
| 515 | } | 517 | } |
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 307dc3c0d635..661e0a4bca72 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c | |||
| @@ -214,6 +214,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
| 214 | if (!req) | 214 | if (!req) |
| 215 | goto out; | 215 | goto out; |
| 216 | 216 | ||
| 217 | if (security_inet_conn_request(sk, skb, req)) { | ||
| 218 | reqsk_free(req); | ||
| 219 | goto out; | ||
| 220 | } | ||
| 217 | ireq = inet_rsk(req); | 221 | ireq = inet_rsk(req); |
| 218 | treq = tcp_rsk(req); | 222 | treq = tcp_rsk(req); |
| 219 | treq->rcv_isn = htonl(skb->h.th->seq) - 1; | 223 | treq->rcv_isn = htonl(skb->h.th->seq) - 1; |
| @@ -259,7 +263,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
| 259 | .uli_u = { .ports = | 263 | .uli_u = { .ports = |
| 260 | { .sport = skb->h.th->dest, | 264 | { .sport = skb->h.th->dest, |
| 261 | .dport = skb->h.th->source } } }; | 265 | .dport = skb->h.th->source } } }; |
| 262 | security_sk_classify_flow(sk, &fl); | 266 | security_req_classify_flow(req, &fl); |
| 263 | if (ip_route_output_key(&rt, &fl)) { | 267 | if (ip_route_output_key(&rt, &fl)) { |
| 264 | reqsk_free(req); | 268 | reqsk_free(req); |
| 265 | goto out; | 269 | goto out; |
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 4b04c3edd4a9..43f6740244f8 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
| @@ -798,6 +798,9 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 798 | 798 | ||
| 799 | tcp_openreq_init(req, &tmp_opt, skb); | 799 | tcp_openreq_init(req, &tmp_opt, skb); |
| 800 | 800 | ||
| 801 | if (security_inet_conn_request(sk, skb, req)) | ||
| 802 | goto drop_and_free; | ||
| 803 | |||
| 801 | ireq = inet_rsk(req); | 804 | ireq = inet_rsk(req); |
| 802 | ireq->loc_addr = daddr; | 805 | ireq->loc_addr = daddr; |
| 803 | ireq->rmt_addr = saddr; | 806 | ireq->rmt_addr = saddr; |