On Tue, 2 Sep 2008, Paul Moore wrote: > It turns out that checking to see if skb->sk is NULL is not a very good > indicator of a forwarded packet as some locally generated packets also have > skb->sk set to NULL. Fix this by not only checking the skb->sk field but also > the IP[6]CB(skb)->flags field for the IP[6]SKB_FORWARDED flag. > > Signed-off-by: Paul Moore <paul.moore@xxxxxx> > --- > > security/selinux/hooks.c | 36 +++++++++++++++++++++++++++--------- > 1 files changed, 27 insertions(+), 9 deletions(-) Acked-by: James Morris <jmorris@xxxxxxxxx> -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
