Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 05e00cbf authored Nov 17, 2006 by Paul Moore Committed by David S. Miller Dec 02, 2006

NetLabel: check for a CIPSOv4 option before we do call into the CIPSOv4 layer

Right now the NetLabel code always jumps into the CIPSOv4 layer to determine if
a CIPSO IP option is present. However, we can do this check directly in the
NetLabel code by making use of the CIPSO_V4_OPTEXIST() macro which should save
us a function call in the common case of not having a CIPSOv4 option present.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>

parent 701a90ba

net/ipv4/cipso_ipv4.c

+0 −2

Original line number	Diff line number	Diff line
		@@ -1435,8 +1435,6 @@ int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
		u32 doi;
		struct cipso_v4_doi *doi_def;

		if (!CIPSO_V4_OPTEXIST(skb))
		return -ENOMSG;
		cipso_ptr = CIPSO_V4_OPTPTR(skb);
		if (cipso_v4_cache_check(cipso_ptr, cipso_ptr[1], secattr) == 0)
		return 0;

net/netlabel/netlabel_kapi.c

+2 −4

Original line number	Diff line number	Diff line
		@@ -149,10 +149,8 @@ int netlbl_socket_getattr(const struct socket *sock,
		int netlbl_skbuff_getattr(const struct sk_buff *skb,
		struct netlbl_lsm_secattr *secattr)
		{
		int ret_val;

		ret_val = cipso_v4_skbuff_getattr(skb, secattr);
		if (ret_val == 0)
		if (CIPSO_V4_OPTEXIST(skb) &&
		cipso_v4_skbuff_getattr(skb, secattr) == 0)
		return 0;

		return netlbl_unlabel_getattr(secattr);