forked from Minki/linux
NetLabel: check for a CIPSOv4 option before we do call into the CIPSOv4 layer
Right now the NetLabel code always jumps into the CIPSOv4 layer to determine if a CIPSO IP option is present. However, we can do this check directly in the NetLabel code by making use of the CIPSO_V4_OPTEXIST() macro which should save us a function call in the common case of not having a CIPSOv4 option present. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
701a90bad9
commit
05e00cbf50
@ -1435,8 +1435,6 @@ int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
|
||||
u32 doi;
|
||||
struct cipso_v4_doi *doi_def;
|
||||
|
||||
if (!CIPSO_V4_OPTEXIST(skb))
|
||||
return -ENOMSG;
|
||||
cipso_ptr = CIPSO_V4_OPTPTR(skb);
|
||||
if (cipso_v4_cache_check(cipso_ptr, cipso_ptr[1], secattr) == 0)
|
||||
return 0;
|
||||
|
@ -149,10 +149,8 @@ int netlbl_socket_getattr(const struct socket *sock,
|
||||
int netlbl_skbuff_getattr(const struct sk_buff *skb,
|
||||
struct netlbl_lsm_secattr *secattr)
|
||||
{
|
||||
int ret_val;
|
||||
|
||||
ret_val = cipso_v4_skbuff_getattr(skb, secattr);
|
||||
if (ret_val == 0)
|
||||
if (CIPSO_V4_OPTEXIST(skb) &&
|
||||
cipso_v4_skbuff_getattr(skb, secattr) == 0)
|
||||
return 0;
|
||||
|
||||
return netlbl_unlabel_getattr(secattr);
|
||||
|
Loading…
Reference in New Issue
Block a user