On Tue, 16 Sep 2008, Paul Moore wrote: > It turns out that checking to see if skb->sk is NULL is not a very good > indicator of a forwarded packet as some locally generated packets also have > skb->sk set to NULL. Fix this by not only checking the skb->sk field but also > the IP[6]CB(skb)->flags field for the IP[6]SKB_FORWARDED flag. While we are > at it, we are calling selinux_parse_skb() much earlier than we really should > resulting in potentially wasted cycles parsing packets for information we > might no use; so shuffle the code around a bit to fix this. > > Signed-off-by: Paul Moore <paul.moore@xxxxxx> Acked-by: James Morris <jmorris@xxxxxxxxx> (Wow, this code is getting complex... :-) -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
