Code Review / kvmfornfv.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
These changes are the raw update to linux-4.4.6-rt14. Kernel sources
[kvmfornfv.git] / kernel / security / smack / smack_netfilter.c
diff --git a/kernel/security/smack/smack_netfilter.c b/kernel/security/smack/smack_netfilter.c
index a455cfc..aa6bf1b 100644 (file)
--- a/kernel/security/smack/smack_netfilter.c
+++ b/kernel/security/smack/smack_netfilter.c
@@ -17,19 +17,21 @@
 #include <linux/netfilter_ipv4.h>
 #include <linux/netfilter_ipv6.h>
 #include <linux/netdevice.h>
+#include <net/inet_sock.h>
 #include "smack.h"
 
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 
-static unsigned int smack_ipv6_output(const struct nf_hook_ops *ops,
+static unsigned int smack_ipv6_output(void *priv,
                                        struct sk_buff *skb,
                                        const struct nf_hook_state *state)
 {
+       struct sock *sk = skb_to_full_sk(skb);
        struct socket_smack *ssp;
        struct smack_known *skp;
 
-       if (skb && skb->sk && skb->sk->sk_security) {
-               ssp = skb->sk->sk_security;
+       if (sk && sk->sk_security) {
+               ssp = sk->sk_security;
                skp = ssp->smk_out;
                skb->secmark = skp->smk_secid;
        }
@@ -38,15 +40,16 @@ static unsigned int smack_ipv6_output(const struct nf_hook_ops *ops,
 }
 #endif /* IPV6 */
 
-static unsigned int smack_ipv4_output(const struct nf_hook_ops *ops,
+static unsigned int smack_ipv4_output(void *priv,
                                        struct sk_buff *skb,
                                        const struct nf_hook_state *state)
 {
+       struct sock *sk = skb_to_full_sk(skb);
        struct socket_smack *ssp;
        struct smack_known *skp;
 
-       if (skb && skb->sk && skb->sk->sk_security) {
-               ssp = skb->sk->sk_security;
+       if (sk && sk->sk_security) {
+               ssp = sk->sk_security;
                skp = ssp->smk_out;
                skb->secmark = skp->smk_secid;
        }
@@ -57,7 +60,6 @@ static unsigned int smack_ipv4_output(const struct nf_hook_ops *ops,
 static struct nf_hook_ops smack_nf_ops[] = {
        {
                .hook =         smack_ipv4_output,
-               .owner =        THIS_MODULE,
                .pf =           NFPROTO_IPV4,
                .hooknum =      NF_INET_LOCAL_OUT,
                .priority =     NF_IP_PRI_SELINUX_FIRST,
@@ -65,7 +67,6 @@ static struct nf_hook_ops smack_nf_ops[] = {
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
        {
                .hook =         smack_ipv6_output,
-               .owner =        THIS_MODULE,
                .pf =           NFPROTO_IPV6,
                .hooknum =      NF_INET_LOCAL_OUT,
                .priority =     NF_IP6_PRI_SELINUX_FIRST,