[PATCH v1 net-next 06/15] smack: Remove IPPROTO_UDPLITE support in security_sock_rcv_skb().

[Casey Schaufler]

On 3/4/2026 11:28 AM, Kuniyuki Iwashima wrote:
> smack_socket_sock_rcv_skb() is registered as socket_sock_rcv_skb,
> which is called as security_sock_rcv_skb() in sk_filter_trim_cap().
>
> Now that UDP-Lite is gone, let's remove the IPPROTO_UDPLITE support
> in smack_socket_sock_rcv_skb().
>
> Signed-off-by: Kuniyuki Iwashima <kuniyu at google.com>

Acked-by: Casey Schaufler <casey at schaufler-ca.com>

> ---
> Cc: Casey Schaufler <casey at schaufler-ca.com>
> Cc: Paul Moore <paul at paul-moore.com>
> Cc: James Morris <jmorris at namei.org>
> Cc: "Serge E. Hallyn" <serge at hallyn.com>
> Cc: linux-security-module at vger.kernel.org
> ---
>  security/smack/smack_lsm.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 98af9d7b9434..e581d6465946 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -4176,7 +4176,6 @@ static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
>  			sip->sin6_port = th->source;
>  		break;
>  	case IPPROTO_UDP:
> -	case IPPROTO_UDPLITE:
>  		uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
>  		if (uh != NULL)
>  			sip->sin6_port = uh->source;
> @@ -4301,8 +4300,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
>  #if IS_ENABLED(CONFIG_IPV6)
>  	case PF_INET6:
>  		proto = smk_skb_to_addr_ipv6(skb, &sadd);
> -		if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE &&
> -		    proto != IPPROTO_TCP)
> +		if (proto != IPPROTO_UDP && proto != IPPROTO_TCP)
>  			break;
>  #ifdef SMACK_IPV6_SECMARK_LABELING
>  		skp = smack_from_skb(skb);