[MLSXFRM]: Add flow labeling

[mirror_ubuntu-zesty-kernel.git] / net / dccp / ipv6.c

diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 65e2ab0886e62fd3a2bddde3e9d961b40b63a195..53d255c01431054c5ce8ec54d62772e8ca449537 100644 (file)
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -12,7 +12,6 @@
  *      2 of the License, or (at your option) any later version.
  */
 
-#include <linux/config.h>
 #include <linux/module.h>
 #include <linux/random.h>
 #include <linux/xfrm.h>
@@ -32,6 +31,7 @@
 
 #include "dccp.h"
 #include "ipv6.h"
+#include "feat.h"
 
 /* Socket used for sending RSTs and ACKs */
 static struct socket *dccp_v6_ctl_socket;
@@ -201,6 +201,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
        fl.oif = sk->sk_bound_dev_if;
        fl.fl_ip_dport = usin->sin6_port;
        fl.fl_ip_sport = inet->sport;
+       security_sk_classify_flow(sk, &fl);
 
        if (np->opt != NULL && np->opt->srcrt != NULL) {
                const struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
@@ -230,7 +231,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
        ipv6_addr_copy(&np->saddr, saddr);
        inet->rcv_saddr = LOOPBACK4_IPV6;
 
-       ip6_dst_store(sk, dst, NULL);
+       __ip6_dst_store(sk, dst, NULL);
 
        icsk->icsk_ext_hdr_len = 0;
        if (np->opt != NULL)
@@ -322,6 +323,7 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
                        fl.oif = sk->sk_bound_dev_if;
                        fl.fl_ip_dport = inet->dport;
                        fl.fl_ip_sport = inet->sport;
+                       security_sk_classify_flow(sk, &fl);
 
                        err = ip6_dst_lookup(sk, &dst, &fl);
                        if (err) {
@@ -422,6 +424,7 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req,
        fl.oif = ireq6->iif;
        fl.fl_ip_dport = inet_rsk(req)->rmt_port;
        fl.fl_ip_sport = inet_sk(sk)->sport;
+       security_sk_classify_flow(sk, &fl);
 
        if (dst == NULL) {
                opt = np->opt;
@@ -566,6 +569,7 @@ static void dccp_v6_ctl_send_reset(struct sk_buff *rxskb)
        fl.oif = inet6_iif(rxskb);
        fl.fl_ip_dport = dh->dccph_dport;
        fl.fl_ip_sport = dh->dccph_sport;
+       security_skb_classify_flow(rxskb, &fl);
 
        /* sk = NULL, but it is safe for now. RST socket required. */
        if (!ip6_dst_lookup(NULL, &skb->dst, &fl)) {
@@ -622,6 +626,7 @@ static void dccp_v6_reqsk_send_ack(struct sk_buff *rxskb,
        fl.oif = inet6_iif(rxskb);
        fl.fl_ip_dport = dh->dccph_dport;
        fl.fl_ip_sport = dh->dccph_sport;
+       security_skb_classify_flow(rxskb, &fl);
 
        if (!ip6_dst_lookup(NULL, &skb->dst, &fl)) {
                if (xfrm_lookup(&skb->dst, &fl, NULL, 0) >= 0) {
@@ -708,8 +713,7 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
        ireq = inet_rsk(req);
        ipv6_addr_copy(&ireq6->rmt_addr, &skb->nh.ipv6h->saddr);
        ipv6_addr_copy(&ireq6->loc_addr, &skb->nh.ipv6h->daddr);
-       req->rcv_wnd    = 100; /* Fake, option parsing will get the
-                                 right value */
+       req->rcv_wnd    = dccp_feat_default_sequence_window;
        ireq6->pktopts  = NULL;
 
        if (ipv6_opt_accepted(sk, skb) ||
@@ -843,6 +847,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
                fl.oif = sk->sk_bound_dev_if;
                fl.fl_ip_dport = inet_rsk(req)->rmt_port;
                fl.fl_ip_sport = inet_sk(sk)->sport;
+               security_sk_classify_flow(sk, &fl);
 
                if (ip6_dst_lookup(sk, &dst, &fl))
                        goto out;
@@ -864,7 +869,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
         * comment in that function for the gory details. -acme
         */
 
-       ip6_dst_store(newsk, dst, NULL);
+       __ip6_dst_store(newsk, dst, NULL);
        newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM |
                                                      NETIF_F_TSO);
        newdp6 = (struct dccp6_sock *)newsk;