lsm: Relocate the IPv4 security_inet_conn_request() hooks

[cascardo/linux.git] / net / ipv4 / syncookies.c

diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 9d38005..b35a950 100644 (file)
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -16,6 +16,7 @@
 #include <linux/cryptohash.h>
 #include <linux/kernel.h>
 #include <net/tcp.h>
+#include <net/route.h>
 
 /* Timestamps: lowest 9 bits store TCP options */
 #define TSBITS 9
@@ -287,15 +288,12 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
        if (!req)
                goto out;
 
-       if (security_inet_conn_request(sk, skb, req)) {
-               reqsk_free(req);
-               goto out;
-       }
        ireq = inet_rsk(req);
        treq = tcp_rsk(req);
        treq->rcv_isn           = ntohl(th->seq) - 1;
        treq->snt_isn           = cookie;
        req->mss                = mss;
+       ireq->loc_port          = th->dest;
        ireq->rmt_port          = th->source;
        ireq->loc_addr          = ip_hdr(skb)->daddr;
        ireq->rmt_addr          = ip_hdr(skb)->saddr;
@@ -320,6 +318,11 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
                }
        }
 
+       if (security_inet_conn_request(sk, skb, req)) {
+               reqsk_free(req);
+               goto out;
+       }
+
        req->expires    = 0UL;
        req->retrans    = 0;
 
@@ -337,6 +340,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
                                                .saddr = ireq->loc_addr,
                                                .tos = RT_CONN_FLAGS(sk) } },
                                    .proto = IPPROTO_TCP,
+                                   .flags = inet_sk_flowi_flags(sk),
                                    .uli_u = { .ports =
                                               { .sport = th->dest,
                                                 .dport = th->source } } };