Message ID | 1340515324-2152-1-git-send-email-ncardwell@google.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
On Sun, 2012-06-24 at 01:22 -0400, Neal Cardwell wrote: > If security_inet_conn_request() returns non-zero then TCP/IPv6 should > drop the request, just as in TCP/IPv4 and DCCP in both IPv4 and IPv6. > > Signed-off-by: Neal Cardwell <ncardwell@google.com> > --- > net/ipv6/tcp_ipv6.c | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c > index 3a9aec2..9df64a5 100644 > --- a/net/ipv6/tcp_ipv6.c > +++ b/net/ipv6/tcp_ipv6.c > @@ -1212,7 +1212,8 @@ have_isn: > tcp_rsk(req)->snt_isn = isn; > tcp_rsk(req)->snt_synack = tcp_time_stamp; > > - security_inet_conn_request(sk, skb, req); > + if (security_inet_conn_request(sk, skb, req)) > + goto drop_and_release; > > if (tcp_v6_send_synack(sk, req, > (struct request_values *)&tmp_ext, Acked-by: Eric Dumazet <edumazet@google.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Eric Dumazet <eric.dumazet@gmail.com> Date: Sun, 24 Jun 2012 09:36:57 +0200 > On Sun, 2012-06-24 at 01:22 -0400, Neal Cardwell wrote: >> If security_inet_conn_request() returns non-zero then TCP/IPv6 should >> drop the request, just as in TCP/IPv4 and DCCP in both IPv4 and IPv6. >> >> Signed-off-by: Neal Cardwell <ncardwell@google.com> >> --- >> net/ipv6/tcp_ipv6.c | 3 ++- >> 1 files changed, 2 insertions(+), 1 deletions(-) >> >> diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c >> index 3a9aec2..9df64a5 100644 >> --- a/net/ipv6/tcp_ipv6.c >> +++ b/net/ipv6/tcp_ipv6.c >> @@ -1212,7 +1212,8 @@ have_isn: >> tcp_rsk(req)->snt_isn = isn; >> tcp_rsk(req)->snt_synack = tcp_time_stamp; >> >> - security_inet_conn_request(sk, skb, req); >> + if (security_inet_conn_request(sk, skb, req)) >> + goto drop_and_release; >> >> if (tcp_v6_send_synack(sk, req, >> (struct request_values *)&tmp_ext, > > Acked-by: Eric Dumazet <edumazet@google.com> Applied to 'net'. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 3a9aec2..9df64a5 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1212,7 +1212,8 @@ have_isn: tcp_rsk(req)->snt_isn = isn; tcp_rsk(req)->snt_synack = tcp_time_stamp; - security_inet_conn_request(sk, skb, req); + if (security_inet_conn_request(sk, skb, req)) + goto drop_and_release; if (tcp_v6_send_synack(sk, req, (struct request_values *)&tmp_ext,
If security_inet_conn_request() returns non-zero then TCP/IPv6 should drop the request, just as in TCP/IPv4 and DCCP in both IPv4 and IPv6. Signed-off-by: Neal Cardwell <ncardwell@google.com> --- net/ipv6/tcp_ipv6.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)