diff options
Diffstat (limited to 'net/ipv6/tcp_ipv6.c')
| -rw-r--r-- | net/ipv6/tcp_ipv6.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 802a1a6b1037..46922e57e311 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
| @@ -251,6 +251,8 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, | |||
| 251 | final_p = &final; | 251 | final_p = &final; |
| 252 | } | 252 | } |
| 253 | 253 | ||
| 254 | security_sk_classify_flow(sk, &fl); | ||
| 255 | |||
| 254 | err = ip6_dst_lookup(sk, &dst, &fl); | 256 | err = ip6_dst_lookup(sk, &dst, &fl); |
| 255 | if (err) | 257 | if (err) |
| 256 | goto failure; | 258 | goto failure; |
| @@ -374,6 +376,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
| 374 | fl.oif = sk->sk_bound_dev_if; | 376 | fl.oif = sk->sk_bound_dev_if; |
| 375 | fl.fl_ip_dport = inet->dport; | 377 | fl.fl_ip_dport = inet->dport; |
| 376 | fl.fl_ip_sport = inet->sport; | 378 | fl.fl_ip_sport = inet->sport; |
| 379 | security_skb_classify_flow(skb, &fl); | ||
| 377 | 380 | ||
| 378 | if ((err = ip6_dst_lookup(sk, &dst, &fl))) { | 381 | if ((err = ip6_dst_lookup(sk, &dst, &fl))) { |
| 379 | sk->sk_err_soft = -err; | 382 | sk->sk_err_soft = -err; |
| @@ -467,6 +470,7 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req, | |||
| 467 | fl.oif = treq->iif; | 470 | fl.oif = treq->iif; |
| 468 | fl.fl_ip_dport = inet_rsk(req)->rmt_port; | 471 | fl.fl_ip_dport = inet_rsk(req)->rmt_port; |
| 469 | fl.fl_ip_sport = inet_sk(sk)->sport; | 472 | fl.fl_ip_sport = inet_sk(sk)->sport; |
| 473 | security_sk_classify_flow(sk, &fl); | ||
| 470 | 474 | ||
| 471 | if (dst == NULL) { | 475 | if (dst == NULL) { |
| 472 | opt = np->opt; | 476 | opt = np->opt; |
| @@ -625,6 +629,7 @@ static void tcp_v6_send_reset(struct sk_buff *skb) | |||
| 625 | fl.oif = inet6_iif(skb); | 629 | fl.oif = inet6_iif(skb); |
| 626 | fl.fl_ip_dport = t1->dest; | 630 | fl.fl_ip_dport = t1->dest; |
| 627 | fl.fl_ip_sport = t1->source; | 631 | fl.fl_ip_sport = t1->source; |
| 632 | security_skb_classify_flow(skb, &fl); | ||
| 628 | 633 | ||
| 629 | /* sk = NULL, but it is safe for now. RST socket required. */ | 634 | /* sk = NULL, but it is safe for now. RST socket required. */ |
| 630 | if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) { | 635 | if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) { |
| @@ -691,6 +696,7 @@ static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 | |||
| 691 | fl.oif = inet6_iif(skb); | 696 | fl.oif = inet6_iif(skb); |
| 692 | fl.fl_ip_dport = t1->dest; | 697 | fl.fl_ip_dport = t1->dest; |
| 693 | fl.fl_ip_sport = t1->source; | 698 | fl.fl_ip_sport = t1->source; |
| 699 | security_skb_classify_flow(skb, &fl); | ||
| 694 | 700 | ||
| 695 | if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) { | 701 | if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) { |
| 696 | if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { | 702 | if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { |
| @@ -923,6 +929,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, | |||
| 923 | fl.oif = sk->sk_bound_dev_if; | 929 | fl.oif = sk->sk_bound_dev_if; |
| 924 | fl.fl_ip_dport = inet_rsk(req)->rmt_port; | 930 | fl.fl_ip_dport = inet_rsk(req)->rmt_port; |
| 925 | fl.fl_ip_sport = inet_sk(sk)->sport; | 931 | fl.fl_ip_sport = inet_sk(sk)->sport; |
| 932 | security_sk_classify_flow(sk, &fl); | ||
| 926 | 933 | ||
| 927 | if (ip6_dst_lookup(sk, &dst, &fl)) | 934 | if (ip6_dst_lookup(sk, &dst, &fl)) |
| 928 | goto out; | 935 | goto out; |