diff options
-rw-r--r-- | security/smack/smack_netfilter.c | 26 |
1 files changed, 3 insertions, 23 deletions
diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index fc7399b45373..b945c1d3a743 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c @@ -18,27 +18,7 @@ #include <net/net_namespace.h> #include "smack.h" -#if IS_ENABLED(CONFIG_IPV6) - -static unsigned int smack_ipv6_output(void *priv, - struct sk_buff *skb, - const struct nf_hook_state *state) -{ - struct sock *sk = skb_to_full_sk(skb); - struct socket_smack *ssp; - struct smack_known *skp; - - if (sk && sk->sk_security) { - ssp = sk->sk_security; - skp = ssp->smk_out; - skb->secmark = skp->smk_secid; - } - - return NF_ACCEPT; -} -#endif /* IPV6 */ - -static unsigned int smack_ipv4_output(void *priv, +static unsigned int smack_ip_output(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { @@ -57,14 +37,14 @@ static unsigned int smack_ipv4_output(void *priv, static const struct nf_hook_ops smack_nf_ops[] = { { - .hook = smack_ipv4_output, + .hook = smack_ip_output, .pf = NFPROTO_IPV4, .hooknum = NF_INET_LOCAL_OUT, .priority = NF_IP_PRI_SELINUX_FIRST, }, #if IS_ENABLED(CONFIG_IPV6) { - .hook = smack_ipv6_output, + .hook = smack_ip_output, .pf = NFPROTO_IPV6, .hooknum = NF_INET_LOCAL_OUT, .priority = NF_IP6_PRI_SELINUX_FIRST, |