diff options
author | Eric Dumazet <edumazet@google.com> | 2015-11-08 19:54:08 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-11-09 02:56:38 +0100 |
commit | 8827d90e29e664aa959817467a3da72041ca2269 (patch) | |
tree | b93d7f1df7eeb6411f300f9b94e1737f96ff350e /security/smack | |
parent | net: add skb_to_full_sk() helper and use it in selinux_netlbl_skbuff_setsid() (diff) | |
download | linux-8827d90e29e664aa959817467a3da72041ca2269.tar.xz linux-8827d90e29e664aa959817467a3da72041ca2269.zip |
smack: use skb_to_full_sk() helper
This module wants to access sk->sk_security, which is not
available for request sockets.
Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/smack')
-rw-r--r-- | security/smack/smack_netfilter.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index 6d1706c9777e..aa6bf1b22ec5 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c @@ -17,6 +17,7 @@ #include <linux/netfilter_ipv4.h> #include <linux/netfilter_ipv6.h> #include <linux/netdevice.h> +#include <net/inet_sock.h> #include "smack.h" #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) @@ -25,11 +26,12 @@ static unsigned int smack_ipv6_output(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct sock *sk = skb_to_full_sk(skb); struct socket_smack *ssp; struct smack_known *skp; - if (skb && skb->sk && skb->sk->sk_security) { - ssp = skb->sk->sk_security; + if (sk && sk->sk_security) { + ssp = sk->sk_security; skp = ssp->smk_out; skb->secmark = skp->smk_secid; } @@ -42,11 +44,12 @@ static unsigned int smack_ipv4_output(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { + struct sock *sk = skb_to_full_sk(skb); struct socket_smack *ssp; struct smack_known *skp; - if (skb && skb->sk && skb->sk->sk_security) { - ssp = skb->sk->sk_security; + if (sk && sk->sk_security) { + ssp = sk->sk_security; skp = ssp->smk_out; skb->secmark = skp->smk_secid; } |