NetLabel: check for a CIPSOv4 option before we do call into the CIPSO…

…v4 layer Right now the NetLabel code always jumps into the CIPSOv4 layer to determine if a CIPSO IP option is present. However, we can do this check directly in the NetLabel code by making use of the CIPSO_V4_OPTEXIST() macro which should save us a function call in the common case of not having a CIPSOv4 option present. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
git-mirror · Dec 3, 2006 · 05e00cb · 05e00cb
1 parent 701a90b
commit 05e00cb
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 6 deletions.
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
@@ -1435,8 +1435,6 @@ int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
 	u32 doi;
 	struct cipso_v4_doi *doi_def;
 
-	if (!CIPSO_V4_OPTEXIST(skb))
-		return -ENOMSG;
 	cipso_ptr = CIPSO_V4_OPTPTR(skb);
 	if (cipso_v4_cache_check(cipso_ptr, cipso_ptr[1], secattr) == 0)
 		return 0;

diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
@@ -149,10 +149,8 @@ int netlbl_socket_getattr(const struct socket *sock,
 int netlbl_skbuff_getattr(const struct sk_buff *skb,
 			  struct netlbl_lsm_secattr *secattr)
 {
-	int ret_val;
-
-	ret_val = cipso_v4_skbuff_getattr(skb, secattr);
-	if (ret_val == 0)
+	if (CIPSO_V4_OPTEXIST(skb) &&
+	    cipso_v4_skbuff_getattr(skb, secattr) == 0)
 		return 0;
 
 	return netlbl_unlabel_getattr(secattr);