path: root/security
diff options
authorPaul Moore <pmoore@redhat.com>2013-12-03 11:39:13 -0500
committerPaul Moore <pmoore@redhat.com>2013-12-04 16:08:27 -0500
commit0b1f24e6db9a60c1f68117ad158ea29faa7c3a7f (patch)
tree3720295706f668b9a8f6e5d754ec0a7bcbe9e14e /security
parent050d032b25e617cd738db8d6fd5aed24d87cbbcb (diff)
selinux: pull address family directly from the request_sock struct
We don't need to inspect the packet to determine if the packet is an IPv4 packet arriving on an IPv6 socket when we can query the request_sock directly. Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security')
1 files changed, 1 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index cc076a9b0344..17d7689660ea 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4476,14 +4476,10 @@ static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
struct sk_security_struct *sksec = sk->sk_security;
int err;
- u16 family = sk->sk_family;
+ u16 family = req->rsk_ops->family;
u32 connsid;
u32 peersid;
- /* handle mapped IPv4 packets arriving via IPv6 sockets */
- if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
- family = PF_INET;
err = selinux_skb_peerlbl_sid(skb, family, &peersid);
if (err)
return err;

Privacy Policy