projects
/
powerpc.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
[XFRM] STATE: Support non-fragment outbound transformation headers.
[powerpc.git]
/
net
/
ipv4
/
syncookies.c
diff --git
a/net/ipv4/syncookies.c
b/net/ipv4/syncookies.c
index
e20be33
..
661e0a4
100644
(file)
--- a/
net/ipv4/syncookies.c
+++ b/
net/ipv4/syncookies.c
@@
-214,6
+214,10
@@
struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
if (!req)
goto out;
if (!req)
goto out;
+ if (security_inet_conn_request(sk, skb, req)) {
+ reqsk_free(req);
+ goto out;
+ }
ireq = inet_rsk(req);
treq = tcp_rsk(req);
treq->rcv_isn = htonl(skb->h.th->seq) - 1;
ireq = inet_rsk(req);
treq = tcp_rsk(req);
treq->rcv_isn = htonl(skb->h.th->seq) - 1;
@@
-259,6
+263,7
@@
struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
.uli_u = { .ports =
{ .sport = skb->h.th->dest,
.dport = skb->h.th->source } } };
.uli_u = { .ports =
{ .sport = skb->h.th->dest,
.dport = skb->h.th->source } } };
+ security_req_classify_flow(req, &fl);
if (ip_route_output_key(&rt, &fl)) {
reqsk_free(req);
goto out;
if (ip_route_output_key(&rt, &fl)) {
reqsk_free(req);
goto out;