On Tuesday 30 September 2008 9:43:12 pm James Morris wrote: > On Tue, 16 Sep 2008, Paul Moore wrote: > > It turns out that checking to see if skb->sk is NULL is not a very > > good indicator of a forwarded packet as some locally generated > > packets also have skb->sk set to NULL. Fix this by not only > > checking the skb->sk field but also the IP[6]CB(skb)->flags field > > for the IP[6]SKB_FORWARDED flag. While we are at it, we are > > calling selinux_parse_skb() much earlier than we really should > > resulting in potentially wasted cycles parsing packets for > > information we might no use; so shuffle the code around a bit to > > fix this. > > > > Signed-off-by: Paul Moore <paul.moore@xxxxxx> > > Acked-by: James Morris <jmorris@xxxxxxxxx> > > (Wow, this code is getting complex... :-) Yeah, it is pretty surprising too (at least to me anyway). I beginning to think our common case is the existence of corner cases :) -- paul moore linux @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
