From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Moore <paul@paul-moore.com>
Subject: Re: [PATCH] netlabel: If PF_INET6, check sk_buff ip header version
Date: Mon, 13 Nov 2017 17:13:34 -0500
Message-ID: <CAHC9VhT-mALY2UB2nR2fOu5Bc-RRTQw0oXed1OJZNFv2KAcK3w@mail.gmail.com>
References: <20171113205422.2918-1-richard_c_haines@btinternet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Cc: selinux@tycho.nsa.gov, netdev@vger.kernel.org
To: Richard Haines <richard_c_haines@btinternet.com>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-lf0-f67.google.com ([209.85.215.67]:49497 "EHLO
        mail-lf0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751240AbdKMWNg (ORCPT
        <rfc822;netdev@vger.kernel.org>); Mon, 13 Nov 2017 17:13:36 -0500
Received: by mail-lf0-f67.google.com with SMTP id w21so20043602lfc.6
        for <netdev@vger.kernel.org>; Mon, 13 Nov 2017 14:13:36 -0800 (PST)
In-Reply-To: <20171113205422.2918-1-richard_c_haines@btinternet.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On Mon, Nov 13, 2017 at 3:54 PM, Richard Haines
<richard_c_haines@btinternet.com> wrote:
> When resolving a fallback label, check the sk_buff version as it
> is possible (e.g. SCTP) to have family = PF_INET6 while
> receiving ip_hdr(skb)->version = 4.
>
> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> ---
>  net/netlabel/netlabel_unlabeled.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)

Thanks Richard.

Acked-by: Paul Moore <paul@paul-moore.com>

> diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
> index 22dc1b9..c070dfc 100644
> --- a/net/netlabel/netlabel_unlabeled.c
> +++ b/net/netlabel/netlabel_unlabeled.c
> @@ -1472,6 +1472,16 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb,
>                 iface = rcu_dereference(netlbl_unlhsh_def);
>         if (iface == NULL || !iface->valid)
>                 goto unlabel_getattr_nolabel;
> +
> +#if IS_ENABLED(CONFIG_IPV6)
> +       /* When resolving a fallback label, check the sk_buff version as
> +        * it is possible (e.g. SCTP) to have family = PF_INET6 while
> +        * receiving ip_hdr(skb)->version = 4.
> +        */
> +       if (family == PF_INET6 && ip_hdr(skb)->version == 4)
> +               family = PF_INET;
> +#endif /* IPv6 */
> +
>         switch (family) {
>         case PF_INET: {
>                 struct iphdr *hdr4;
> --
> 2.13.6

-- 
paul moore
www.paul-moore.com