From patchwork Wed Jul 18 10:39:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Piotr Sawicki X-Patchwork-Id: 10532035 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 964E9600F4 for ; Wed, 18 Jul 2018 10:39:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 971A728F97 for ; Wed, 18 Jul 2018 10:39:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8B75A2902E; Wed, 18 Jul 2018 10:39:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, FORGED_MUA_MOZILLA, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 36FB128F97 for ; Wed, 18 Jul 2018 10:39:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728039AbeGRLQu (ORCPT ); Wed, 18 Jul 2018 07:16:50 -0400 Received: from mailout2.w1.samsung.com ([210.118.77.12]:39403 "EHLO mailout2.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726996AbeGRLQu (ORCPT ); Wed, 18 Jul 2018 07:16:50 -0400 Received: from eucas1p2.samsung.com (unknown [182.198.249.207]) by mailout2.w1.samsung.com (KnoxPortal) with ESMTP id 20180718103932euoutp02e490aefaf61560bf66bb994392d8f1b6~CcF4TSTHd2605626056euoutp02h for ; Wed, 18 Jul 2018 10:39:32 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w1.samsung.com 20180718103932euoutp02e490aefaf61560bf66bb994392d8f1b6~CcF4TSTHd2605626056euoutp02h DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1531910372; bh=hz9XQa1Us1toTN0i9S/Po0uBF+lcgLzgC8UWFIFnD7M=; h=From:Subject:To:Date:References:From; b=MVJaVyUx6qCF8ABy4OeMSAp+WVOt1byilqym8sX18Nzpy8NhZDAvv7neORDGoxss7 X3E2qMaNeXglCoVPcbTcsHsH1MvuiUA0FNqPhdxWVb8oTyxuVKKWKDpNEk9VzKjG9x d346fbck9mgoxKXjxOLDab+BK1WnpwUmQci0zfMo= Received: from eusmges1new.samsung.com (unknown [203.254.199.242]) by eucas1p2.samsung.com (KnoxPortal) with ESMTP id 20180718103931eucas1p28f8cbf1f9e26419226b1dd30e86c956c~CcF3inFBP1668816688eucas1p2B; Wed, 18 Jul 2018 10:39:31 +0000 (GMT) Received: from eucas1p2.samsung.com ( [182.198.249.207]) by eusmges1new.samsung.com (EUCPMTA) with SMTP id EE.88.04627.3E81F4B5; Wed, 18 Jul 2018 11:39:31 +0100 (BST) Received: from eusmtrp1.samsung.com (unknown [182.198.249.138]) by eucas1p2.samsung.com (KnoxPortal) with ESMTPA id 20180718103931eucas1p2123762ecf523ccdcd0caf9e62803ce62~CcF2zNG0N3142931429eucas1p2q; Wed, 18 Jul 2018 10:39:30 +0000 (GMT) Received: from eusmgms2.samsung.com (unknown [182.198.249.180]) by eusmtrp1.samsung.com (KnoxPortal) with ESMTP id 20180718103930eusmtrp1b24e5c2759a01c02ec45ff73934d763f~CcF2jIUB70818808188eusmtrp1a; Wed, 18 Jul 2018 10:39:30 +0000 (GMT) X-AuditID: cbfec7f2-0edff70000021213-e3-5b4f18e3da70 Received: from eusmtip2.samsung.com ( [203.254.199.222]) by eusmgms2.samsung.com (EUCPMTA) with SMTP id 50.50.04183.2E81F4B5; Wed, 18 Jul 2018 11:39:30 +0100 (BST) Received: from [106.120.51.16] (unknown [106.120.51.16]) by eusmtip2.samsung.com (KnoxPortal) with ESMTPA id 20180718103930eusmtip203e1b55f0d445a2070045a84dab62ef5~CcF19keeG2672626726eusmtip2U; Wed, 18 Jul 2018 10:39:30 +0000 (GMT) From: Piotr Sawicki Subject: [PATCH v2 RFC] Smack: Inform peer that IPv6 traffic has been blocked To: LSM , Casey Schaufler , jmorris@namei.org, serge@hallyn.com, "SMACK-discuss@lists.01.org" Newsgroups: gmane.linux.kernel.lsm X-Mozilla-News-Host: news://news.gmane.org Date: Wed, 18 Jul 2018 12:39:27 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Language: en-US X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrOKsWRmVeSWpSXmKPExsWy7djP87qPJfyjDTa8k7e4t+0Xm8W69YuZ LD70PGKzeP9qAavF+Qvn2C2uLt3I7sDmcW13pEf37H8sHj3fkz0OvtvD5HF0/yI2j8+b5ALY orhsUlJzMstSi/TtErgyrr9axVrQxFmx9dBj9gbGrexdjJwcEgImEr2L1wLZXBxCAisYJZZ/ eMgC4XxhlDj0cjMbhPOZUWJO4yG4lisXdjOB2EICyxklzm5Jgih6yyixZNMWsAQbUFHPup8s ILawgL/Ej8bVjCBFIgJ7GSU2/HgHluATUJK49+YPK8RULYlTO3eCxVkEVCVuLF0FFhcViJA4 8mAhI4jNKyAocXLmE7AaZgFxiVtP5jNB2PIS29/OYQZZICGwiF3i8Z1mqIYyiXmfHrFALHCR aN65lQnCFpZ4dXwL1DsyEqcn90DV1Ev0rj/GBjGoh1Gides8NoiEtcTnSVuANnAAbdOUWL9L H8SUEHCU+PlcGMLkk7jxVhDiHD6JSdumM0OEeSU62oQgZuhIvOlbwgIRlpJY1J03gVFpFpK/ ZiH5axaSv2YhbF3AyLKKUTy1tDg3PbXYMC+1XK84Mbe4NC9dLzk/dxMjMPmc/nf80w7Gr5eS DjEKcDAq8fBm/PWNFmJNLCuuzD3EKMHBrCTCe/C9X7QQb0piZVVqUX58UWlOavEhRmkOFiVx 3jiNuighgfTEktTs1NSC1CKYLBMHp1QD49JNOb75F2JCvq90VUnKjnPs5VrzgsfYMGfly4PL 3ZT2Hj3N8/vzcZvEO4Y3KyI1f7mv85vkfn5rQMHqQyvjjAVXrEmZxKm3cd6Do68XFsw17X3c 47IoyNOPb5e7PWtatW7xVf7U86qTdTeduKV3X5DzQjvX62P1TeIrW5Rn75jU9LWl7dL2i0os xRmJhlrMRcWJACADb286AwAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrAIsWRmVeSWpSXmKPExsVy+t/xe7qPJPyjDf41SVrc2/aLzWLd+sVM Fh96HrFZvH+1gNXi/IVz7BZXl25kd2DzuLY70qN79j8Wj57vyR4H3+1h8ji6fxGbx+dNcgFs UXo2RfmlJakKGfnFJbZK0YYWRnqGlhZ6RiaWeobG5rFWRqZK+nY2Kak5mWWpRfp2CXoZ11+t Yi1o4qzYeugxewPjVvYuRk4OCQETiSsXdjN1MXJxCAksZZRYdf0qVEJKYu6/vVC2sMSfa11s EEWvGSUaP1xkBEmwAXX3rPvJAmILC/hKtCzcywhSJCKwl1Fi07xusASfgJLEvTd/WCEmaUmc 2rkTLM4r4CZx5tJjZhCbRUBV4sbSVWA1ogIREquXv2CFqBGUODnzCVg9s4CZxLzND5khbHGJ W0/mM0HY8hLb385hnsAoOAtJyywkLbOQtMxC0rKAkWUVo0hqaXFuem6xkV5xYm5xaV66XnJ+ 7iZGYGxtO/Zzyw7GrnfBhxgFOBiVeHgP/PeNFmJNLCuuzD3EKMHBrCTCe/C9X7QQb0piZVVq UX58UWlOavEhRlOghyYyS4km5wPjPq8k3tDU0NzC0tDc2NzYzEJJnPe8QWWUkEB6Yklqdmpq QWoRTB8TB6dUA6NjnUcE/8xvEQU+hocPVNRsuDRp9tO5q+tcp0adrl+7SOT1/CtbV0QdTqzw 2bJq2oqS3ZOdGURuSh37smDx/aopLk5hJmdf651V+r71f75zQp1+aE31+TWXrp1K2+pmb/L3 718fi886ije+3k3dadX2embMwXlH/ljuLtxx+0OaT/WS7VPnMq+WVGIpzkg01GIuKk4EAG0W FQjDAgAA Message-Id: <20180718103931eucas1p2123762ecf523ccdcd0caf9e62803ce62~CcF2zNG0N3142931429eucas1p2q@eucas1p2.samsung.com> X-CMS-MailID: 20180718103931eucas1p2123762ecf523ccdcd0caf9e62803ce62 X-Msg-Generator: CA X-RootMTR: 20180718103931eucas1p2123762ecf523ccdcd0caf9e62803ce62 X-EPHeader: CA CMS-TYPE: 201P X-CMS-RootMailID: 20180718103931eucas1p2123762ecf523ccdcd0caf9e62803ce62 References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In this patch we're sending an ICMPv6 message to a peer to immediately inform it that making a connection is not possible. In case of TCP connections, without this change, the peer will be waiting until a connection timeout is exceeded. Signed-off-by: Piotr Sawicki --- security/smack/smack_lsm.c | 4 ++++ 1 file changed, 4 insertions(+) } diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index c2282ac..efa81bc 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -4010,6 +4011,9 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) #ifdef SMACK_IPV6_PORT_LABELING rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); #endif /* SMACK_IPV6_PORT_LABELING */ + if (rc != 0) + icmpv6_send(skb, ICMPV6_DEST_UNREACH, + ICMPV6_ADM_PROHIBITED, 0); break; #endif /* CONFIG_IPV6 */