From 5e80e1a36e5b47b2c1380253b6c3616314f22abf Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Fri, 27 Mar 2009 17:10:28 -0400 Subject: [PATCH] --- yaml --- r: 137587 b: refs/heads/master c: 284904aa79466a4736f4c775fdbe5c7407fa136c h: refs/heads/master i: 137585: e39a81186d7051914481f91628fef044d541ac30 137583: 94c58db80f57bbc6a55df4d3ccc8b3b156f0f7c8 v: v3 --- [refs] | 2 +- trunk/net/ipv4/syncookies.c | 9 +++++---- trunk/net/ipv4/tcp_ipv4.c | 7 ++++--- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/[refs] b/[refs] index 67fe7e65837d..d2e02d221a58 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: bb798169d1bb860b07192cf9c75937fadc8610b4 +refs/heads/master: 284904aa79466a4736f4c775fdbe5c7407fa136c diff --git a/trunk/net/ipv4/syncookies.c b/trunk/net/ipv4/syncookies.c index d346c22aa6ae..b35a950d2e06 100644 --- a/trunk/net/ipv4/syncookies.c +++ b/trunk/net/ipv4/syncookies.c @@ -288,10 +288,6 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, if (!req) goto out; - if (security_inet_conn_request(sk, skb, req)) { - reqsk_free(req); - goto out; - } ireq = inet_rsk(req); treq = tcp_rsk(req); treq->rcv_isn = ntohl(th->seq) - 1; @@ -322,6 +318,11 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, } } + if (security_inet_conn_request(sk, skb, req)) { + reqsk_free(req); + goto out; + } + req->expires = 0UL; req->retrans = 0; diff --git a/trunk/net/ipv4/tcp_ipv4.c b/trunk/net/ipv4/tcp_ipv4.c index d0a314879d81..5d427f86b414 100644 --- a/trunk/net/ipv4/tcp_ipv4.c +++ b/trunk/net/ipv4/tcp_ipv4.c @@ -1230,14 +1230,15 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) tcp_openreq_init(req, &tmp_opt, skb); - if (security_inet_conn_request(sk, skb, req)) - goto drop_and_free; - ireq = inet_rsk(req); ireq->loc_addr = daddr; ireq->rmt_addr = saddr; ireq->no_srccheck = inet_sk(sk)->transparent; ireq->opt = tcp_v4_save_options(sk, skb); + + if (security_inet_conn_request(sk, skb, req)) + goto drop_and_free; + if (!want_cookie) TCP_ECN_create_request(req, tcp_hdr(skb));