aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2008-10-10 10:16:30 -0400
committerPaul Moore <paul.moore@hp.com>2008-10-10 10:16:30 -0400
commitd8395c876bb8a560c8a032887e191b95499a25d6 (patch)
tree6c2ef0d59e04b90a9ef673fa34e1c042d22f128e /security/selinux/ss
parent948a72438d4178d0728c4b0a38836d280b846939 (diff)
downloadmrst-s0i3-test-d8395c876bb8a560c8a032887e191b95499a25d6.tar.gz
mrst-s0i3-test-d8395c876bb8a560c8a032887e191b95499a25d6.tar.xz
mrst-s0i3-test-d8395c876bb8a560c8a032887e191b95499a25d6.zip
selinux: Better local/forward check in selinux_ip_postroute()
It turns out that checking to see if skb->sk is NULL is not a very good indicator of a forwarded packet as some locally generated packets also have skb->sk set to NULL. Fix this by not only checking the skb->sk field but also the IP[6]CB(skb)->flags field for the IP[6]SKB_FORWARDED flag. While we are at it, we are calling selinux_parse_skb() much earlier than we really should resulting in potentially wasted cycles parsing packets for information we might no use; so shuffle the code around a bit to fix this. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss')
0 files changed, 0 insertions, 0 deletions