Code Review
/
kvmfornfv.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
These changes are the raw update to linux-4.4.6-rt14. Kernel sources
[kvmfornfv.git]
/
kernel
/
security
/
smack
/
smack_netfilter.c
diff --git
a/kernel/security/smack/smack_netfilter.c
b/kernel/security/smack/smack_netfilter.c
index
a455cfc
..
aa6bf1b
100644
(file)
--- a/
kernel/security/smack/smack_netfilter.c
+++ b/
kernel/security/smack/smack_netfilter.c
@@
-17,19
+17,21
@@
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv6.h>
#include <linux/netdevice.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv6.h>
#include <linux/netdevice.h>
+#include <net/inet_sock.h>
#include "smack.h"
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
#include "smack.h"
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-static unsigned int smack_ipv6_output(
const struct nf_hook_ops *ops
,
+static unsigned int smack_ipv6_output(
void *priv
,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
struct sk_buff *skb,
const struct nf_hook_state *state)
{
+ struct sock *sk = skb_to_full_sk(skb);
struct socket_smack *ssp;
struct smack_known *skp;
struct socket_smack *ssp;
struct smack_known *skp;
- if (sk
b && skb->sk && skb->
sk->sk_security) {
- ssp = sk
b->sk
->sk_security;
+ if (sk
&&
sk->sk_security) {
+ ssp = sk->sk_security;
skp = ssp->smk_out;
skb->secmark = skp->smk_secid;
}
skp = ssp->smk_out;
skb->secmark = skp->smk_secid;
}
@@
-38,15
+40,16
@@
static unsigned int smack_ipv6_output(const struct nf_hook_ops *ops,
}
#endif /* IPV6 */
}
#endif /* IPV6 */
-static unsigned int smack_ipv4_output(
const struct nf_hook_ops *ops
,
+static unsigned int smack_ipv4_output(
void *priv
,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
struct sk_buff *skb,
const struct nf_hook_state *state)
{
+ struct sock *sk = skb_to_full_sk(skb);
struct socket_smack *ssp;
struct smack_known *skp;
struct socket_smack *ssp;
struct smack_known *skp;
- if (sk
b && skb->sk && skb->
sk->sk_security) {
- ssp = sk
b->sk
->sk_security;
+ if (sk
&&
sk->sk_security) {
+ ssp = sk->sk_security;
skp = ssp->smk_out;
skb->secmark = skp->smk_secid;
}
skp = ssp->smk_out;
skb->secmark = skp->smk_secid;
}
@@
-57,7
+60,6
@@
static unsigned int smack_ipv4_output(const struct nf_hook_ops *ops,
static struct nf_hook_ops smack_nf_ops[] = {
{
.hook = smack_ipv4_output,
static struct nf_hook_ops smack_nf_ops[] = {
{
.hook = smack_ipv4_output,
- .owner = THIS_MODULE,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_SELINUX_FIRST,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_SELINUX_FIRST,
@@
-65,7
+67,6
@@
static struct nf_hook_ops smack_nf_ops[] = {
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
{
.hook = smack_ipv6_output,
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
{
.hook = smack_ipv6_output,
- .owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP6_PRI_SELINUX_FIRST,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP6_PRI_SELINUX_FIRST,