selinux: pull address family directly from the request_sock struct

We don't need to inspect the packet to determine if the packet is an IPv4 packet arriving on an IPv6 socket when we can query the request_sock directly. Signed-off-by: Paul Moore <pmoore@redhat.com>
git-mirror · Dec 4, 2013 · 0b1f24e · 0b1f24e
1 parent 050d032
commit 0b1f24e
Showing 1 changed file with 1 addition and 5 deletions.
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
@@ -4476,14 +4476,10 @@ static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
 {
 	struct sk_security_struct *sksec = sk->sk_security;
 	int err;
-	u16 family = sk->sk_family;
+	u16 family = req->rsk_ops->family;
 	u32 connsid;
 	u32 peersid;
 
-	/* handle mapped IPv4 packets arriving via IPv6 sockets */
-	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
-		family = PF_INET;
-
 	err = selinux_skb_peerlbl_sid(skb, family, &peersid);
 	if (err)
 		return err;