NetLabel: check for a CIPSOv4 option before we do call into the CIPSOv4 layer Right now the NetLabel code always jumps into the CIPSOv4 layer to determine if a CIPSO IP option is present. However, we can do this check directly in the NetLabel code by making use of the CIPSO_V4_OPTEXIST() macro which should save us a function call in the common case of not having a CIPSOv4 option present. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: 05e00cbf5036929355020dab4837b637203a0742 [log] [tgz]
author: Paul Moore <paul.moore@hp.com> Fri Nov 17 17:38:47 2006 -0500
committer: David S. Miller <davem@sunset.davemloft.net> Sat Dec 02 21:24:08 2006 -0800
tree: 642cd1852808fbd89a2c666e39f23b7f48f2c4c0
parent: 701a90bad99b8081a824cca52c178c8fc8f46bb2 [diff] [blame]
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index da2f197..b35ebf9 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c

@@ -149,10 +149,8 @@
 int netlbl_skbuff_getattr(const struct sk_buff *skb,
 			  struct netlbl_lsm_secattr *secattr)
 {
-	int ret_val;
-
-	ret_val = cipso_v4_skbuff_getattr(skb, secattr);
-	if (ret_val == 0)
+	if (CIPSO_V4_OPTEXIST(skb) &&
+	    cipso_v4_skbuff_getattr(skb, secattr) == 0)
 		return 0;
 
 	return netlbl_unlabel_getattr(secattr);
commit	05e00cbf5036929355020dab4837b637203a0742	[log] [tgz]
author	Paul Moore <paul.moore@hp.com>	Fri Nov 17 17:38:47 2006 -0500
committer	David S. Miller <davem@sunset.davemloft.net>	Sat Dec 02 21:24:08 2006 -0800
tree	642cd1852808fbd89a2c666e39f23b7f48f2c4c0
parent	701a90bad99b8081a824cca52c178c8fc8f46bb2 [diff] [blame]