patch-2.1.116 linux/net/ipv4/ip_fragment.c
Next file: linux/net/packet/af_packet.c
Previous file: linux/net/ipv4/arp.c
Back to the patch index
Back to the overall index
- Lines: 17
- Date:
Tue Aug 18 16:16:30 1998
- Orig file:
v2.1.115/linux/net/ipv4/ip_fragment.c
- Orig date:
Tue Jul 28 14:21:10 1998
diff -u --recursive --new-file v2.1.115/linux/net/ipv4/ip_fragment.c linux/net/ipv4/ip_fragment.c
@@ -370,6 +370,16 @@
skb->pkt_type = qp->fragments->skb->pkt_type;
skb->protocol = qp->fragments->skb->protocol;
+ /*
+ * Clearly bogus, because security markings of the individual
+ * fragments should have been checked for consistency before
+ * gluing, and intermediate coalescing of fragments may have
+ * taken place in ip_defrag() before ip_glue() ever got called.
+ * If we're not going to do the consistency checking, we might
+ * as well take the value associated with the first fragment.
+ * --rct
+ */
+ skb->security = qp->fragments->skb->security;
/* Done with all fragments. Fixup the new IP header. */
iph = skb->nh.iph;
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen, slshen@lbl.gov