summaryrefslogtreecommitdiffstats
path: root/net/netlabel
diff options
context:
space:
mode:
authorHuw Davies <huw@codeweavers.com>2016-06-27 21:06:16 +0200
committerPaul Moore <paul@paul-moore.com>2016-06-27 21:06:16 +0200
commita04e71f631fa3d2fd2aa0404c11484739d1e9073 (patch)
treec69ef0d43baa723ea7c62d8e8e35faec0a5067ca /net/netlabel
parentcalipso: Allow the lsm to label the skbuff directly. (diff)
downloadlinux-a04e71f631fa3d2fd2aa0404c11484739d1e9073.tar.xz
linux-a04e71f631fa3d2fd2aa0404c11484739d1e9073.zip
netlabel: Pass a family parameter to netlbl_skbuff_err().
This makes it possible to route the error to the appropriate labelling engine. CALIPSO is far less verbose than CIPSO when encountering a bogus packet, so there is no need for a CALIPSO error handler. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'net/netlabel')
-rw-r--r--net/netlabel/netlabel_kapi.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index c50a1c5d1e1a..a42ce3c15d70 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -1249,6 +1249,7 @@ int netlbl_skbuff_getattr(const struct sk_buff *skb,
/**
* netlbl_skbuff_err - Handle a LSM error on a sk_buff
* @skb: the packet
+ * @family: the family
* @error: the error code
* @gateway: true if host is acting as a gateway, false otherwise
*
@@ -1258,10 +1259,14 @@ int netlbl_skbuff_getattr(const struct sk_buff *skb,
* according to the packet's labeling protocol.
*
*/
-void netlbl_skbuff_err(struct sk_buff *skb, int error, int gateway)
+void netlbl_skbuff_err(struct sk_buff *skb, u16 family, int error, int gateway)
{
- if (cipso_v4_optptr(skb))
- cipso_v4_error(skb, error, gateway);
+ switch (family) {
+ case AF_INET:
+ if (cipso_v4_optptr(skb))
+ cipso_v4_error(skb, error, gateway);
+ break;
+ }
}
/**