From patchwork Mon Nov 27 19:31:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Haines X-Patchwork-Id: 10080309 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1D9306056A for ; Tue, 28 Nov 2017 13:26:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0EF1F28875 for ; Tue, 28 Nov 2017 13:26:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 03D7328975; Tue, 28 Nov 2017 13:26:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from uhil19pa12.eemsg.mail.mil (uhil19pa12.eemsg.mail.mil [214.24.21.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E65D128875 for ; Tue, 28 Nov 2017 13:26:08 +0000 (UTC) Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by uhil19pa12.eemsg.mail.mil with ESMTP; 28 Nov 2017 13:26:03 +0000 X-IronPort-AV: E=Sophos;i="5.44,468,1505779200"; d="scan'208";a="6417205" IronPort-PHdr: =?us-ascii?q?9a23=3AXyufURa93fSjY+/9tIC4tkf/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZosS/Yx7h7PlgxGXEQZ/co6odzbGH4+a4ASQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7?= =?us-ascii?q?Ovr6GpLIj8Swyuu+54Dfbx9GiTe5Yr5+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYe?= =?us-ascii?q?RWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZ?= =?us-ascii?q?TAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+t4b1rSBv1gy?= =?us-ascii?q?kZMTA3/nzchshpgK5GvB6tohpyyJPWbo6ILvpzZqPTc80US2RCWchfSjRBD4Gh?= =?us-ascii?q?Y4YBEeUBJv1Vo5Xhq1YUsRezHxWgCP/pxzRVhnH2x6o60+E5HA/a3QwvA9IOv2?= =?us-ascii?q?7OrNroKawcU/q6zKjOzTrddPNdxDDw6JLJch89ofGDR6hwftfJxkYzDwzFjk+f?= =?us-ascii?q?qY3jPzyLzeQAqHOU7/ZhVeKpl24otRtxoj6xyccwkIXGmoUVylXd+Ch/3Y07K9?= =?us-ascii?q?q4SEthbt6lFptdrz2VOJFuQsw4WG5ovDg1xqcAuZGlYCgHzoksyR3Ha/GfboSF?= =?us-ascii?q?7R3uWPyRLDtlnn5pZr2yiwio/US90uHxVdS43ExXoidLjNXArH8A2h7J5sSaRP?= =?us-ascii?q?Zw/kGs0iuV2Q/J8OFLO0U0mLLeK54m37E/iIIesV/GHi/qgEX2i7KWdlk89uio?= =?us-ascii?q?9evnZrLmq4eAN4BukAH+M7kumtelDeQkMgkBQ2ib+eOm2L3l4UL5W6lFguczkq?= =?us-ascii?q?nYtJDWPcUbpqinDA9Jyosv9hmyAji83NkYgHULNkxJdR2Zg4TzJl3COPX4Au2+?= =?us-ascii?q?g1Sonjdr3ffGPrj5D5XWMHfDlLbhfbBg609T0QY81tdf549SCr4dPv3zQVT8tM?= =?us-ascii?q?DYDxAlMwy0xPzrCNNm1owEQ26PDaiZML3KvV+S+u0vO/WMZJMSuDvlKfgl4Pju?= =?us-ascii?q?gmUlmV8dZ6ap24AaaHK/HvRgJkWWe2HsgssfHmcQpQoyVuvqiEeNUTRLfXa9Q7?= =?us-ascii?q?o85i0nCIKhFYrDRIKtj6ad0ye4BZ1WYWZGClGSEXrzeYWEX+oMaS2JLc98lDwE?= =?us-ascii?q?SaWhR5Um1RG0uw/w06BnIfbM+i0EqZLj08B45uPSlRE28Dx7Ed6d3nqDT25qg2?= =?us-ascii?q?wIQCU207pnoUxnzVeD07Z3jOBEFdBJ4PNJSAg6P4bGz+NmE9DyRh7BftCRRVm7?= =?us-ascii?q?XtqmBDYxTtQtw9MTeEt9BcutjgrC3yurBL8VkaaHBJoq/aLAx3LxPdpyy27a1K?= =?us-ascii?q?k9iFkrWtZANXG8ia5l7AXcG4nJk0CFmKmwbqQcwDTB9GGdwmqSpEtYShJ/Ub3Z?= =?us-ascii?q?XXADYUvbtdT450LFT7+oErknNw9BxdeDKqtMcNHpi09JRO3gONTffWK+hX28BR?= =?us-ascii?q?CWybOQdIDqYXkS3D3BCEgYlAAe5XiGNRIkCSenv23eDSduGEnqY0P08OlysWi7?= =?us-ascii?q?T0Evzw2QaE1hzbW18AYPhfOAU/MTwq4EuCA5pjV3Blm93NXWC8ebqgpiZqpcYt?= =?us-ascii?q?Q94Epd2WLerQx9MYSqL7p+iV4GbwR3o0Tu2g1tBYpdi8gqrW0lzBBpJK2CzFxB?= =?us-ascii?q?cimU3ZfqOr3YMmPy5gyga7bK2lHC19ab4r0P5+klpFj4swGpE0Uj/29h09ZLz3?= =?us-ascii?q?uW/o/KAxYKUZLtTkY38AB3p6rUYikn4IPUzmFsPLKvsj/E3NIoCu4lxQymf9tF?= =?us-ascii?q?NqOLChPyGdUAB8eyMOwqh0SpbhUcMeFc7qE0O9+meOWc2K6wJ+tggiypjX5c74?= =?us-ascii?q?Bg10KA7S18SvTH35wd2fGXwhOHVyvgjFemqs33hZ1LaiwTHmWlzSjpH5JeZqp3?= =?us-ascii?q?fYkXE2iuONG3ys94h5HzR35S7ESjCE8e2M+1ZRqSaETw3QtR1UQTpXyohzC4wi?= =?us-ascii?q?dunD43tKqf2zbCw+P4dBoIImRLXnVtjU/wIYioiNAXRFaobwk1mxu54kb63bJX?= =?us-ascii?q?q7h/L2nUR0dIcDP7L2VjUqu2rLWCeclP5IkvsSVNX+S2eUqaRaLloxsGzyPjGH?= =?us-ascii?q?NTxDQ6dzGxppX1hgd6h3yZLHZyqnrZZM5xyAzE5NzERP5R2DsGSzVjiTXNAFiz?= =?us-ascii?q?IcWp982Ol5jfquC+S36hVppLfCnxyoOAsC+76nNwARKjmPCylMbqERMn0SDnzN?= =?us-ascii?q?lmTyLIrAzzYoPzzaS1LfpnflV0BF/788d6GZ9xko0rhJwL2ngVmJOV/WEBkWjt?= =?us-ascii?q?LdVXw6X+bGACRTQT2d7a/BDl2FF/LnKO34/5Tm+SwtZlZ9akemMZwCQ979xUB6?= =?us-ascii?q?eO97FEgDB1rUSirQLKe/R9hTAdyeY06HEGne4Jtg0tzj+SAr8MB0VYOzLjlwiQ?= =?us-ascii?q?5dCksKpXfHqvcaS31Edmg9ChCqyNrxpCWHb/Z5giHTV87sNhP1LQyHfz8J3reM?= =?us-ascii?q?HMbdIPsR2Ziw/AgPJIKJI1jfcFmStnOX79vHE8xe40lxpu0Yu9vIidJGVn5Li5?= =?us-ascii?q?DQJANj3pe8MT/SngjahEkcaQw4CvGZBhFy4FXJT2UP2oFygSuu7/NwaUFz08qG?= =?us-ascii?q?mUFqbDHQOF70dmtX3PGYixN36LPHkZ0cliRB6FKUxamg8UWDE6kYAlFgC23sPu?= =?us-ascii?q?alx05jYP6V7ksRtD1vhnNwHhXWvFogendCs0QoCFLBVK9gFC+1vVMcuG4+JpBS?= =?us-ascii?q?1Z8IetrAmXJWyfYARJDXoEVVaYCFDmJLWu4sPA8+eADOqkM/TOeamOqfBZV/qQ?= =?us-ascii?q?y5KvyJVp8CuXNsqVOHliE/o72lFYUH9jB8vZni8DSysNlyLCd8Sbvguz+jVrrs?= =?us-ascii?q?Cj9/TmQATv5ZGVBLtKKdVi4B62gaaZN+6LmCZ5JzdY1pUWyn/O1Lcf3UQdiyV0?= =?us-ascii?q?ezmqC7QAujbHTLjMla9PEx4bdyRzOdNQ760ixQZCJ8jbitLp1r5/lfM1CklKWk?= =?us-ascii?q?L/lc2zYswKOW69PkvdBEmXLLSGOSHLw8bvbKynUrJci+FUtxyruTaHCE/vJC+D?= =?us-ascii?q?mCf1WBy1KuFDkiWbPB1YuIGgfRdgEnTsTdL8ah2mK997lzM3zqcohnPRMm4cNy?= =?us-ascii?q?Jwc0RXrr2f9SlYmOlwG3Rd7np5KumJgz2W7+jXKpYRt/tmGTl7mPxB73Q70bRV?= =?us-ascii?q?6jtIRPtvmCvdttRuuU2pkvGTyjp7VxpDsixEhI2RskV8J6rU7Z5AWW7a8xIL6G?= =?us-ascii?q?WfERUKp99+Bd3otKFc0N/PlLj8KD1a6dLb4dMcB9TIKMKAKHchLR3pGDvOAAsf?= =?us-ascii?q?Sj6qNH/Qh0pGn/GI8X2asJs6p4Pwl5oJT79USEY6FugGCkh/GtwNPot3VCs+kb?= =?us-ascii?q?GHlM4I+Wa+rB7JScVZvpHHUuydDO7qKDaeg7lEaQUHwa/kLYQTMY373lJtZkN8?= =?us-ascii?q?nIvUB0raRcpNrTF5bg8ovEVN92BzTmst1E3/bgOg+3wTFfmvnh4qkAR+Z/8t9D?= =?us-ascii?q?Tt41stIFrFujcwmlErmdr5mTCRbCLxLKCoUIFMFSX0rFY+PYnhQwlpbQ2/hldr?= =?us-ascii?q?NDbeR71MiLtge3hriBXCtppPA/JcS7NLYAMIz/GNe/ooyUhcqjmgxUJf+OTFDp?= =?us-ascii?q?1ilA03fpGyq3JA2hluY8QrKqzKI6pF1F9QhriBviWwzOA+3BceJ1oR8GOVYCMH?= =?us-ascii?q?pVYHNqcnJyW15exh8haNmyFZeGgLWfsquexl+V8gO+SaziLgz75CJlq3N+OBM6?= =?us-ascii?q?OTo3LAmtKQQlMsykMIkFFI/bxx0cc5bUWUUUEuzLyKGhQGM8rCNBtZb81I9Hjc?= =?us-ascii?q?ZSyOq/nCwYppP4WhEeDlVfSOu7gQgkKlGgYpAosN498dEZmr1UHXMd3oLKUZyR?= =?us-ascii?q?k34gTkOkmFBuxTeB2XiDcHv92/zJhv0IlBJzEdBGJ9MTm35rfXvQIlnfuDXdcs?= =?us-ascii?q?bXgBRIcEMGw5WNGikS5Do3tAFCW30v4eyAWa9TD8oiXQAyXiYNV7YfeVZRVsCN?= =?us-ascii?q?aw+Tol6KW5kl/X/Y/YJ23jO9Rip8XD6eUEqJabE/lUV6Vys1/Am4lEQHynS3XA?= =?us-ascii?q?HsCzJ5XrcYYjcML0BWigUlykkT01VcfwMMyqLqiSjgHiXZxUv5WD3DA/Kc+9ES?= =?us-ascii?q?kTGxhtp+EC4KJ8YRMMY58gbBH1qQsxLK2/Lx2e0tm0RGatMzRWReFFzeqmf7xX?= =?us-ascii?q?0zYsbuiixXs6SJE6zvW48U4KRJEOlRHQ3e+taZREXyXvHXJQYBnApS08l2d9LO?= =?us-ascii?q?ky2fs/zAnOsVYCLzCBbPZpZ3Bcv9EgGVOSJm17CnAiSF+GiorM+RWh36wI/yRH?= =?us-ascii?q?gdZbz+lFsHn4vp/QZDKsWaOrqZXJsyoud9cmuahxPZblIsSYqJPUhibfQ4XIsg?= =?us-ascii?q?2ZTC66EOJXm9ZKLC1EQPlImGQlOc0ctopC8kcxV9kxKKJRB6U2obCqczVkBzYI?= =?us-ascii?q?zSAFT4OAwCACguCk1rvfjBiQapciPwIYsJVDhNsdXDV7Yy0Eq6+lS4rWk2iESn?= =?us-ascii?q?UWLwcI9whM4hwPlpNodOD//IXIVINMyyJRo/9sSCTLDIRo913hRmGVmlX4SfSh?= =?us-ascii?q?k+213Q1J1v7s1McUWAJnA0hH2+lWjlcoKK1wK6QIv47KtCOIel3+vG3zzeupOk?= =?us-ascii?q?VRydfUdlDjC4rFrXTzUisZ+XIORI9PzGrQFZMdkgZjb6YrvlpMKpi8ekni/zwk?= =?us-ascii?q?25hpH76gWMC3wFYlqG0LRzu2H9pEEO5qqlTXVyN5Y5qzspXqJ41SQnNM+J2as1?= =?us-ascii?q?pZkF9iMzSjxppYNs5A+SMDUyZXoTWFotSyTNNM2dVsA58LONd/tG/3GLlYN5iJ?= =?us-ascii?q?v302prvvx2fb+zA7rli33yi8FLGjT+1H5W0eBhsmKHmEpkkpEeQs7n/Y8krRvV?= =?us-ascii?q?Bs4+dbGr+PgF1qrzZzAp9CGjRE2W2rIlloUHZGtOBaJ7jPfMxHX/k+fxmvNAIi?= =?us-ascii?q?FfQ+xUyG4Vl0nWvlYyx1rgZa4T7SUBQ0VSYPnrfggjkeqsa5OTAEVZ5HcTIhYD?= =?us-ascii?q?rbJA6BnyBYogpfYVlwW58FGtZF560b3YxM88raUkasNTsKUwF+Ng8jyvpfklND?= =?us-ascii?q?sF+Edi/DCwqoaezPvQdzfcuLq86pNvv59h9dioz7qOA467kDR3q+lA2xW9DRsZ?= =?us-ascii?q?HzucCRu0uTcKf4L/e8bmXfTDjNihCwgakrD4XQ8yjUKgpbJIFwyWA4bpj5FW7L?= =?us-ascii?q?IRNGKroZJ0VBT6B6bs5GouRAaM96Y6sJ/LJtBhabRhPuBIOvreNJLlDIRTjEKC?= =?us-ascii?q?WB6OO/q5rJ7bPBUejgetCMx3HfTqJ1JJh67zf7G63t0YBD5EX7wett+Vl8SVjd?= =?us-ascii?q?NCCNttLhKR0X5MO6bEvtooUpHS/KAJd3iHftwEVAetEWQy2s9ZQU0pJZ6HD+Se?= =?us-ascii?q?JiyEfzq/FS96N56YYr/7Bp1N20KrnIJfRdq09nDQCeBh92+ZU1HGh/W2dRb/cX?= =?us-ascii?q?KPfQYasZisTupPrsF6AN6R2V/OtZacDcJ0zan8myBT6dRQZDnAcbpj4QNhGc2O?= =?us-ascii?q?Kdm69oVcalovD01V437Fi6MBEG16xt5IeD+qeTv+/YcxrRwqYCWqj2R8P8tK4g?= =?us-ascii?q?u0WM6v04jLQOYHB6YxW7EOgBUc4Q3mPgzbsvzS8sCM7DEazv9+NEV3IjhD3gg4?= =?us-ascii?q?p9H1IUGvwKAbWL4Z5SnmAim+zWLtcWaLxNmn6TFR64Fb8P0Xyr6yqSIGR+hxHB?= =?us-ascii?q?zRHxTn2p7F/3qy94TjHAz9H9nUpJTrO3H1tdXzK1OU9ktzOCJAvotdvttqsv8E?= =?us-ascii?q?47KXfku8yRlGS/JLxbBcr/JMaTISMsvlIYkIUxRsCz2YAcAdeyO9YR8Gpwb/TE?= =?us-ascii?q?6WOrkjNBo79diIrD5sGY4enYHX69gKKEsbqN2SpYyn8ivV4l8NygMevO59KSSf?= =?us-ascii?q?Syy2kRVzt/uxfGXxOtsrzUtUwUNlCL0EbFn4wKJNJZ0WAj1k744OgjQdQz9BhR?= =?us-ascii?q?F4vbf/MNvyzzNyf0wVeRZNI3TCqe3yFUHl3rC1l4HrYz2GbqsMLOj3fQ9EUiRp?= =?us-ascii?q?NseEz/mRx3E4I4JFox6FgN3CUDFRICaRaFA7yzGEvlLIQEVUkfaRudx7i1YL03?= =?us-ascii?q?3VBpzrOp+uDTcfR2B7AROfZFkg6OgF9bF4oZsaIEWrJzZUNd9K7MqwjmCojnQ+?= =?us-ascii?q?bplXoqOv2oWcBW68YZuGU+4gynXRqv9Y9D76oHiJCPbqNEbobDvMZg70dg4j4D?= =?us-ascii?q?cTdNjwZ7jxO4V+Acue/i78PfsJW28OavVLwiS/8R9xcqG2R0l4Hwj0w7odHLy+?= =?us-ascii?q?dcTZXYhpj98A9XP3GHo5rV0x54KeoKKoKkYqxg92kZKCcCJ3ICJ92Wa+Mz4yV1?= =?us-ascii?q?KjXc+0RCAt8QZdMfJMfNnAdUikv1WLFc6MXWAVqYC4ZpeMAu8WX31D408ZwmUu?= =?us-ascii?q?bj8z+6P5bf4E9RP/lbliVjiMrCpPQJwfrVECUX7mWWawNuwi+b1peDBPD+/eSK?= =?us-ascii?q?yNHJWFILBSE2U4JHKzqE5wOrXO21lI/mUgmM8M/8nIo+dF6MRny2hKkFsKFMEe?= =?us-ascii?q?5GiinhwjdeFoT1h++IvNut6WtXsEZHEIVy7RDeBqVfP4t7Ng78lsa2R0hwHC3/?= =?us-ascii?q?d9/IdhA2ouqZ2v8M4/liN0v5fYIbIwwExKj86XdOSgtuVaP5vleeXeIKftdmT+?= =?us-ascii?q?nErn9N44J6N6APJESdpIDtrjpQqlA5HgEpaLE0rjFBeEjBhgtVVLjouLIajAsT?= =?us-ascii?q?T8J5s1dWGW2sIGI++ybHVaNNgameDPwV9TuSQbIKU0VsKS5+WBS12JNve7S1h/?= =?us-ascii?q?xHtH1Jnj9lqvgwzzNmXAe8uTHrp68V2zIg+LG5tC0GuXxBT+WejznHBE5GzPQL?= =?us-ascii?q?kaccEWjt5Ua7YHkZY4v4+KNnKtj49Yk9/3Q/Zg0ufzEHXeSlECzwk6KIDZCMsN?= =?us-ascii?q?1CgB6BosPOYqGvLSIKLLQy1QrjR2Rh0gjZhBto9WoLQjaj7N8jP4i9O9wqximv?= =?us-ascii?q?GWjdalkM5LlFsM3vul4XVOE2c09uwH1/0sibQS0AXNfAFHgzjgg4cmhEa5ZD6R?= =?us-ascii?q?gGF6k0nDaHoLRJ8hsTYDfOHYSv4pPQktvQ2XkhUddqwXrbprWChpMuynJlgd11?= =?us-ascii?q?7imKuHQcbOHYVshsAn/o1ohB1eP+ffKtsvscSItnzrShX+UOMs65+Wu5wJ9qQF?= =?us-ascii?q?OqxqwCH1qlN+8O3rnbXDmhSW2ZQeSEbXOBnjc4Mk734BmnMEc3aMNUoEMnNevC?= =?us-ascii?q?nJFcnRX7UbxoXiWQuUPbzGs7POIUbwI2ooandBAUQ+MKYuicJPQuwOcgB1cWaH?= =?us-ascii?q?/JByR2AfessVGxhIh7J2lg4ULibOTq9gDpLsCfGgEAEYHAtZ5x5f26SX6dOX96?= =?us-ascii?q?0hJ9IlN49+HBGFQtruVcaYqencDMh9Rn1u4Ib/NtMSw7ut4OlYNv8I2U0MaRcR?= =?us-ascii?q?HN1Zb/PtDVreKeA/3Y1UgqfXtaUrUBawPv+4o6JsI5W6HUHbZBuBQTH7Q1QJwg?= =?us-ascii?q?N2f386F5Nx1zcg/XZLuqhsnqp+SLZoZbpnPM6VIwNijcsQUZyvOoVQx7c4yqh3?= =?us-ascii?q?LqLZAyXD1BrNptBQB9EYtSHcMAswqnA5mJmKG0i9+x51l2u+kUvqrsEvrKzsi2?= =?us-ascii?q?351tX5hG4kyGJDTRBKxsgkR/lOSyg+zA34L3Ccz4fNMLSul7TnTCar/cEYW1Mi?= =?us-ascii?q?iONd7ke05a776c16p0Ug6fZCD8Q6WLtS6pOe564Uol0Ix4fevSzDsr773B3tv9?= =?us-ascii?q?eX1b9W+fqiuSOZ9e6kHaLfDPVBJTD/ye+SBqGrNTJY356OsDL/Q8z9WGpQp+9j?= =?us-ascii?q?JP1I2COafl5kvN3F9rMInQMFPBxSk0Q88JLQ65PE9qhnXW7jzZAHJBPo2/JMJw?= =?us-ascii?q?mteJH1no4EVsnWwFeGFMACzrSM2XNGxd3NixNyOQ8wceNdcIn+etdQYYv6y0RP?= =?us-ascii?q?Igbo9EkuWjrrkwmuFpIiDJSdNyNT3RKqN7JDxcEqPEo11+MU1MiKQ8RopgPcvG?= =?us-ascii?q?G0gAKkrVjHqqwA=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2CQAgCIYx1a/wHyM5BdGwEBAQEDAQEBCQEBAYMQKQOBVCe?= =?us-ascii?q?PE44imG8QgX0miidAFwEBAQEBAQEBAQFqKII4JIJLAiQZATgBAgMJAgUyEQgDA?= =?us-ascii?q?VoSBYhNgTcBAxUDAak8OoMKBYEChFCCRAQIgzyBNlODPoYWgW+BBIU5BaJJlQC?= =?us-ascii?q?TXJd5IQE2gVEyGiNPgimCAkEPHIFnd4pkAQEB?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 28 Nov 2017 13:26:01 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id vASDQ06q020763; Tue, 28 Nov 2017 08:26:00 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id vAS7AFJC025836 for ; Tue, 28 Nov 2017 02:10:15 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id vAS7AAIX003383; Tue, 28 Nov 2017 02:10:10 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1CUAQDFCh1a/y0VGNZdHAEBAQQBAQoBA?= =?us-ascii?q?YMQKQOBVCeOH3SOIJhrEIIBD4U2hHo/GAEBAQEBAQEBAWuFdRkBOAEVMncSiFK?= =?us-ascii?q?BNwEDFQMBqRU6gwoFgQKETIIeASUECIM6gTZRgz6GFoFsgQSFOQWiSZR/k1yXe?= =?us-ascii?q?R85gVAyGiNOgimCAkEPHIFnd4ocAQEB?= X-IPAS-Result: =?us-ascii?q?A1CUAQDFCh1a/y0VGNZdHAEBAQQBAQoBAYMQKQOBVCeOH3S?= =?us-ascii?q?OIJhrEIIBD4U2hHo/GAEBAQEBAQEBAWuFdRkBOAEVMncSiFKBNwEDFQMBqRU6g?= =?us-ascii?q?woFgQKETIIeASUECIM6gTZRgz6GFoFsgQSFOQWiSZR/k1yXeR85gVAyGiNOgim?= =?us-ascii?q?CAkEPHIFnd4ocAQEB?= X-IronPort-AV: E=Sophos;i="5.44,467,1505793600"; d="scan'208";a="128378" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 28 Nov 2017 02:10:10 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3APE+zzRN0fCgiYpBiHYEl6mtUPXoX/o7sNwtQ0KIM?= =?us-ascii?q?zox0I/n8rarrMEGX3/hxlliBBdydsKMUzbKO+4nbGkU4qa6bt34DdJEeHzQksu?= =?us-ascii?q?4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1?= =?us-ascii?q?Ov71GonPhMiryuy+4ZPebgFLiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPde?= =?us-ascii?q?RWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbY?= =?us-ascii?q?UwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD+s7bpkSAXwhS?= =?us-ascii?q?kaNzA37m/ZhM93gq9AvB6tuwZyz5LObY2JKPZzeL7Wc9MARWpGW8ZcTzBPAoKg?= =?us-ascii?q?YIsPFeUBJ/tXpJT/qVQUrBu+AxejBPjywTJPnH/23LE10+Q7HgHcwQMvB84Bv2?= =?us-ascii?q?zUrNrvNacSV/66zLLTwDrYc/NW2DH96JTWfRA7p/GDQ65wfdDNxkkoEgPIl1Od?= =?us-ascii?q?opHrMTOS0+QCqWmb7+x4WO2zkWEnsxt+rSOrxsgykIXJgJwaykzC+C5kw4g1Pc?= =?us-ascii?q?W1RFBmbdOrCpdcqS6XO5FoTs8/WW1ltyY3xqUFtJKmZiQG1ZoqywDFZ/GIcYWE?= =?us-ascii?q?+A/vWeiRLDp+mXlrYqiwhwyo/kil0uD8Vte70FJNriddnNbCtHMD2Rrd58WZUP?= =?us-ascii?q?Vw4lut1DeV2w/N9O5EJFs0laXBJ54k2LEwl54TvV7GHi/3nEX6lK6WdkM69ei0?= =?us-ascii?q?8+nrfKjqq5CGO4NqhQzyKLoiltGlDek3MgUCR22b9v691L3n8035WrJKjvgun6?= =?us-ascii?q?nDsZDVOcQbqbSjAwBIyoks9w6wDze839QZm3kIMklFdQmcgIj1OlHOJuz4Auml?= =?us-ascii?q?g1Sqjjhr2+rKMaHmApXINnTDiqvufa5h605Azwo+1ctf6I9PCrwaPPLyWlP+tN?= =?us-ascii?q?zfDhMjNQy02PzoBM9y1oMZR2KFGrWZP7/KsV+U+uIvJPGBZJQLtzb5Kvgl4ePu?= =?us-ascii?q?jHAilF8BfaimwZsXaHeiEvRgOEWWe2DggtgGEWcU7UICS7nxhVmDVyNDT2qjVK?= =?us-ascii?q?I7oDcgAcSpCpmHDoagnLCMwg+lEZBMIGNLEFaBFTHvbYrAE/MNbj+CZ9RqjiQs?= =?us-ascii?q?S7esUcki2AuouQu8zKBoaqLQ+ysFpdf42dNo/ezPhFQ38jBpC8m1zW6AVSd3k3?= =?us-ascii?q?kOSjtw27pw8mJnzVLW66lzg/VCGZRz7vJPXxxyYYTdxOxzEdzFUTXBd9aPRU2O?= =?us-ascii?q?SMmnBy08VNQ835kFZEMrSIbqtQzKwyf/W+xdrLeMHpFhqq8=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CVAQCKCx1a/y0VGNZdHAEBAQQBAQoBA?= =?us-ascii?q?YMQKQOBVCeOH3SOIJhrEIIBD4U2hHo/GAEBAQEBAQEBAQFqKII4IoJzGQE4ARU?= =?us-ascii?q?ydxKIUoE3AQMVAwGpFDqDCgWBAoRMgh4BJQQIgzqBNlGDPoYWgWyBBIIZDIMUB?= =?us-ascii?q?aJJlH+TXJd5HzmBUDIaI06CKYICQQ8cgWd3ihwBAQE?= X-IPAS-Result: =?us-ascii?q?A0CVAQCKCx1a/y0VGNZdHAEBAQQBAQoBAYMQKQOBVCeOH3S?= =?us-ascii?q?OIJhrEIIBD4U2hHo/GAEBAQEBAQEBAQFqKII4IoJzGQE4ARUydxKIUoE3AQMVA?= =?us-ascii?q?wGpFDqDCgWBAoRMgh4BJQQIgzqBNlGDPoYWgWyBBIIZDIMUBaJJlH+TXJd5Hzm?= =?us-ascii?q?BUDIaI06CKYICQQ8cgWd3ihwBAQE?= X-IronPort-AV: E=Sophos;i="5.44,467,1505779200"; d="scan'208";a="6402188" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from uhil3cpa06.eemsg.mail.mil ([214.24.21.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 28 Nov 2017 07:10:08 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;f37f2e91-9e9d-42f6-81ec-efc12a10efba Authentication-Results: uhil19pa06.eesmg.mail.mil; dkim=permerror (key too small [TEST]) header.i=@btinternet.com X-EEMSG-check-008: 246175688|UHIL19PA06_EEMSG_MP4.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 65.20.0.129 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0C0AABbsRxah4EAFEFcg0GCAI86pwkQggEPhTaFNRgCAQEBAQEBARMBAQEIDQkIKC+FZgE4ARUyd4hkgTcBGASpHIMKBYEChEqCRAQIgzqBNowRgQSCGQyDFAWiRpR/k1uXdB+CCTIaI06FC4FziyIBAQE X-IPAS-Result: A0C0AABbsRxah4EAFEFcg0GCAI86pwkQggEPhTaFNRgCAQEBAQEBARMBAQEIDQkIKC+FZgE4ARUyd4hkgTcBGASpHIMKBYEChEqCRAQIgzqBNowRgQSCGQyDFAWiRpR/k1uXdB+CCTIaI06FC4FziyIBAQE Received: from rgout0602.bt.lon5.cpcloud.co.uk (HELO rgout06.bt.lon5.cpcloud.co.uk) ([65.20.0.129]) by uhil19pa06.eesmg.mail.mil with ESMTP; 27 Nov 2017 19:31:42 +0000 X-OWM-Source-IP: 81.132.47.135 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-Junkmail-Premium-Raw: score=8/50, refid=2.7.2:2017.11.27.190016:17:8.317, ip=, rules=__HAS_FROM, __FRAUD_WEBMAIL_FROM, __TO_MALFORMED_2, __TO_NO_NAME, __HAS_CC_HDR, __MULTIPLE_RCPTS_CC_X2, __CC_NAME, __CC_NAME_DIFF_FROM_ACC, __SUBJ_ALPHA_END, __HAS_MSGID, __SANE_MSGID, __HAS_X_MAILER, __FROM_DOMAIN_IN_ANY_CC1, __ANY_URI, __FRAUD_BODY_WEBMAIL, __URI_NO_WWW, __NO_HTML_TAG_RAW, __MIME_TEXT_P1, __MIME_TEXT_ONLY, __URI_NS, HTML_00_01, HTML_00_10, __FRAUD_WEBMAIL, __FROM_DOMAIN_IN_RCPT, __CC_REAL_NAMES, MULTIPLE_RCPTS, __PHISH_SPEAR_STRUCTURE_1, __MIME_TEXT_P, NO_URI_HTTPS Received: from localhost.localdomain (81.132.47.135) by rgout06.bt.lon5.cpcloud.co.uk (9.0.019.13-1) (authenticated as richard_c_haines@btinternet.com) id 5A025DDB0206EAE9; Mon, 27 Nov 2017 19:31:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btinternet.com; s=btcpcloud; t=1511811103; bh=4y9IJokuQOk0SnsabHAt3D+a+2YGXt5ZZAHK1j8UT+8=; h=From:To:Cc:Subject:Date:Message-Id:X-Mailer; b=B1hk238PPLWYnB+je37RTIyWoHVJx7+R7+Fp3XAA/mlFlOtVtCBKaRICZ9gjSzOOaEDeMhHREE3R2M9qkoG3/6FXDiIr0KBeIrSUhmDDTkUCLgyaUOoPxmh+2rQLFTytDEPo5Jra4bczdGfccAXITsfXg50KKwY3LLPuJ3EPyjU= X-EEMSG-check-009: 444-444 From: Richard Haines To: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-sctp@vger.kernel.org, linux-security-module@vger.kernel.org Date: Mon, 27 Nov 2017 19:31:21 +0000 Message-Id: <20171127193121.2666-1-richard_c_haines@btinternet.com> X-Mailer: git-send-email 2.14.3 X-Mailman-Approved-At: Tue, 28 Nov 2017 08:24:06 -0500 Subject: [PATCH 2/4] sctp: Add ip option support X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: marcelo.leitner@gmail.com, nhorman@tuxdriver.com, vyasevich@gmail.com, sds@tycho.nsa.gov Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Add ip option support to allow LSM security modules to utilise CIPSO/IPv4 and CALIPSO/IPv6 services. Signed-off-by: Richard Haines --- include/net/sctp/structs.h | 2 ++ net/sctp/chunk.c | 13 ++++++++----- net/sctp/ipv6.c | 42 +++++++++++++++++++++++++++++++++++------- net/sctp/output.c | 5 ++++- net/sctp/protocol.c | 36 ++++++++++++++++++++++++++++++++++++ net/sctp/socket.c | 8 ++++++-- 6 files changed, 91 insertions(+), 15 deletions(-) diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index 5ab29af..7767577 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h @@ -461,6 +461,7 @@ struct sctp_af { void (*ecn_capable)(struct sock *sk); __u16 net_header_len; int sockaddr_len; + int (*ip_options_len)(struct sock *sk); sa_family_t sa_family; struct list_head list; }; @@ -485,6 +486,7 @@ struct sctp_pf { int (*addr_to_user)(struct sctp_sock *sk, union sctp_addr *addr); void (*to_sk_saddr)(union sctp_addr *, struct sock *sk); void (*to_sk_daddr)(union sctp_addr *, struct sock *sk); + void (*copy_ip_options)(struct sock *sk, struct sock *newsk); struct sctp_af *af; }; diff --git a/net/sctp/chunk.c b/net/sctp/chunk.c index 1323d41..ba15a72 100644 --- a/net/sctp/chunk.c +++ b/net/sctp/chunk.c @@ -153,7 +153,6 @@ static void sctp_datamsg_assign(struct sctp_datamsg *msg, struct sctp_chunk *chu chunk->msg = msg; } - /* A data chunk can have a maximum payload of (2^16 - 20). Break * down any such message into smaller chunks. Opportunistically, fragment * the chunks down to the current MTU constraints. We may get refragmented @@ -170,6 +169,8 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc, struct list_head *pos, *temp; struct sctp_chunk *chunk; struct sctp_datamsg *msg; + struct sctp_sock *sp; + struct sctp_af *af; int err; msg = sctp_datamsg_new(GFP_KERNEL); @@ -188,9 +189,12 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc, /* This is the biggest possible DATA chunk that can fit into * the packet */ - max_data = asoc->pathmtu - - sctp_sk(asoc->base.sk)->pf->af->net_header_len - - sizeof(struct sctphdr) - sizeof(struct sctp_data_chunk); + sp = sctp_sk(asoc->base.sk); + af = sp->pf->af; + max_data = asoc->pathmtu - af->net_header_len - + sizeof(struct sctphdr) - sizeof(struct sctp_data_chunk) - + af->ip_options_len(asoc->base.sk); + max_data = SCTP_TRUNC4(max_data); /* If the the peer requested that we authenticate DATA chunks @@ -210,7 +214,6 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc, /* Set first_len and then account for possible bundles on first frag */ first_len = max_data; - /* Check to see if we have a pending SACK and try to let it be bundled * with this message. Do this if we don't have any data queued already. * To check that, look at out_qlen and retransmit list. diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index a4b6ffb..cddd237 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -423,6 +423,38 @@ static void sctp_v6_copy_addrlist(struct list_head *addrlist, rcu_read_unlock(); } +/* Copy over any ip options */ +static void sctp_v6_copy_ip_options(struct sock *sk, struct sock *newsk) +{ + struct ipv6_pinfo *newnp, *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + + newnp = inet6_sk(newsk); + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) + opt = ipv6_dup_options(newsk, opt); + RCU_INIT_POINTER(newnp->opt, opt); + rcu_read_unlock(); +} + +/* Account for the IP options */ +static int sctp_v6_ip_options_len(struct sock *sk) +{ + struct ipv6_pinfo *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + int len = 0; + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) + len = opt->opt_flen + opt->opt_nflen; + + rcu_read_unlock(); + return len; +} + /* Initialize a sockaddr_storage from in incoming skb. */ static void sctp_v6_from_skb(union sctp_addr *addr, struct sk_buff *skb, int is_saddr) @@ -662,7 +694,6 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk, struct sock *newsk; struct ipv6_pinfo *newnp, *np = inet6_sk(sk); struct sctp6_sock *newsctp6sk; - struct ipv6_txoptions *opt; newsk = sk_alloc(sock_net(sk), PF_INET6, GFP_KERNEL, sk->sk_prot, kern); if (!newsk) @@ -685,12 +716,7 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk, newnp->ipv6_ac_list = NULL; newnp->ipv6_fl_list = NULL; - rcu_read_lock(); - opt = rcu_dereference(np->opt); - if (opt) - opt = ipv6_dup_options(newsk, opt); - RCU_INIT_POINTER(newnp->opt, opt); - rcu_read_unlock(); + sctp_v6_copy_ip_options(sk, newsk); /* Initialize sk's sport, dport, rcv_saddr and daddr for getsockname() * and getpeername(). @@ -1033,6 +1059,7 @@ static struct sctp_af sctp_af_inet6 = { .ecn_capable = sctp_v6_ecn_capable, .net_header_len = sizeof(struct ipv6hdr), .sockaddr_len = sizeof(struct sockaddr_in6), + .ip_options_len = sctp_v6_ip_options_len, #ifdef CONFIG_COMPAT .compat_setsockopt = compat_ipv6_setsockopt, .compat_getsockopt = compat_ipv6_getsockopt, @@ -1051,6 +1078,7 @@ static struct sctp_pf sctp_pf_inet6 = { .addr_to_user = sctp_v6_addr_to_user, .to_sk_saddr = sctp_v6_to_sk_saddr, .to_sk_daddr = sctp_v6_to_sk_daddr, + .copy_ip_options = sctp_v6_copy_ip_options, .af = &sctp_af_inet6, }; diff --git a/net/sctp/output.c b/net/sctp/output.c index 9d85049..baca8d6 100644 --- a/net/sctp/output.c +++ b/net/sctp/output.c @@ -151,7 +151,10 @@ void sctp_packet_init(struct sctp_packet *packet, INIT_LIST_HEAD(&packet->chunk_list); if (asoc) { struct sctp_sock *sp = sctp_sk(asoc->base.sk); - overhead = sp->pf->af->net_header_len; + struct sctp_af *af = sp->pf->af; + + overhead = af->net_header_len + + af->ip_options_len(asoc->base.sk); } else { overhead = sizeof(struct ipv6hdr); } diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index 989a900..a9e54ac 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -237,6 +237,38 @@ int sctp_copy_local_addr_list(struct net *net, struct sctp_bind_addr *bp, return error; } +/* Copy over any ip options */ +static void sctp_v4_copy_ip_options(struct sock *sk, struct sock *newsk) +{ + struct inet_sock *newinet, *inet = inet_sk(sk); + struct ip_options_rcu *inet_opt, *newopt = NULL; + + newinet = inet_sk(newsk); + + rcu_read_lock(); + inet_opt = rcu_dereference(inet->inet_opt); + if (inet_opt) { + newopt = sock_kmalloc(newsk, sizeof(*inet_opt) + + inet_opt->opt.optlen, GFP_ATOMIC); + if (newopt) + memcpy(newopt, inet_opt, sizeof(*inet_opt) + + inet_opt->opt.optlen); + } + RCU_INIT_POINTER(newinet->inet_opt, newopt); + rcu_read_unlock(); +} + +/* Account for the IP options */ +static int sctp_v4_ip_options_len(struct sock *sk) +{ + struct inet_sock *inet = inet_sk(sk); + + if (inet->inet_opt) + return inet->inet_opt->opt.optlen; + else + return 0; +} + /* Initialize a sctp_addr from in incoming skb. */ static void sctp_v4_from_skb(union sctp_addr *addr, struct sk_buff *skb, int is_saddr) @@ -590,6 +622,8 @@ static struct sock *sctp_v4_create_accept_sk(struct sock *sk, sctp_copy_sock(newsk, sk, asoc); sock_reset_flag(newsk, SOCK_ZAPPED); + sctp_v4_copy_ip_options(sk, newsk); + newinet = inet_sk(newsk); newinet->inet_daddr = asoc->peer.primary_addr.v4.sin_addr.s_addr; @@ -1008,6 +1042,7 @@ static struct sctp_pf sctp_pf_inet = { .addr_to_user = sctp_v4_addr_to_user, .to_sk_saddr = sctp_v4_to_sk_saddr, .to_sk_daddr = sctp_v4_to_sk_daddr, + .copy_ip_options = sctp_v4_copy_ip_options, .af = &sctp_af_inet }; @@ -1092,6 +1127,7 @@ static struct sctp_af sctp_af_inet = { .ecn_capable = sctp_v4_ecn_capable, .net_header_len = sizeof(struct iphdr), .sockaddr_len = sizeof(struct sockaddr_in), + .ip_options_len = sctp_v4_ip_options_len, #ifdef CONFIG_COMPAT .compat_setsockopt = compat_ip_setsockopt, .compat_getsockopt = compat_ip_getsockopt, diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 8d76086..f2d9c84 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3123,8 +3123,10 @@ static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned if (asoc) { if (val == 0) { + struct sctp_af *af = sp->pf->af; val = asoc->pathmtu; - val -= sp->pf->af->net_header_len; + val -= af->ip_options_len(asoc->base.sk); + val -= af->net_header_len; val -= sizeof(struct sctphdr) + sizeof(struct sctp_data_chunk); } @@ -4917,9 +4919,11 @@ int sctp_do_peeloff(struct sock *sk, sctp_assoc_t id, struct socket **sockp) sctp_copy_sock(sock->sk, sk, asoc); /* Make peeled-off sockets more like 1-1 accepted sockets. - * Set the daddr and initialize id to something more random + * Set the daddr and initialize id to something more random and also + * copy over any ip options. */ sp->pf->to_sk_daddr(&asoc->peer.primary_addr, sk); + sp->pf->copy_ip_options(sk, sock->sk); /* Populate the fields of the newsk from the oldsk and migrate the * asoc to the newsk.