From patchwork Sat Dec 30 17:19:50 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Haines X-Patchwork-Id: 10140525 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D9E68601A1 for ; Tue, 2 Jan 2018 13:27:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D208A203B9 for ; Tue, 2 Jan 2018 13:27:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C6E09285B6; Tue, 2 Jan 2018 13:27:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from USFB19PA14.eemsg.mail.mil (uphb19pa11.eemsg.mail.mil [214.24.26.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7E0A0203B9 for ; Tue, 2 Jan 2018 13:27:41 +0000 (UTC) Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by USFB19PA14.eemsg.mail.mil with ESMTP; 02 Jan 2018 13:27:40 +0000 X-IronPort-AV: E=Sophos;i="5.45,497,1508803200"; d="scan'208";a="7209356" IronPort-PHdr: =?us-ascii?q?9a23=3AiQYnBhLq4DmuRWXHI9mcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgTIvz9rarrMEGX3/hxlliBBdydt6odzbWP+PyxEUU7or+5+EgYd5JNUxJXwe?= =?us-ascii?q?43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRp?= =?us-ascii?q?OOv1BpTSj8Oq3Oyu5pHfeQpFiCagbb9oLhi6sArdu8YSjIB/Nqs/1xzFr2dSde?= =?us-ascii?q?9L321oP1WTnxj95se04pFu9jlbtuwi+cBdT6j0Zrw0QrNEAjsoNWA1/9DrugLY?= =?us-ascii?q?TQST/HscU34ZnQRODgPY8Rz1RJbxsi/9tupgxCmXOND9QL4oVTi+6apgVRHniD?= =?us-ascii?q?0DNzUk7m/ZjMJ+h79frB64uhBz34vYbYeIP/R8Y6zdZ8sXS2pfUMhfVCJPBZ6y?= =?us-ascii?q?b5MNAuYcM+tXsZL9qkASoReiHwSgGPnixiNUinLwwKY00/4hEQbD3AE4A9wOsW?= =?us-ascii?q?jbrNXvO6cITO++0avGwi/Cb/NQxzj985XDfxc7ofGNQb1wcdDeyVMyGAzdklqf?= =?us-ascii?q?sYzlMCmU1uQLrWeb9PFtWvmzi24mrQFxviagxt0qiobXmoIZ0EzL9SJ8wIssI9?= =?us-ascii?q?CzVUB1YdmhEJRKtiGaMZN7Td84TGFwoik10bkGtoChcCgM1psn2xjSYOGEfYiQ?= =?us-ascii?q?+h/vSemcLDhiiH9lZb6znQi+/Ee+xuHmS8W4yFVHoytfntXRuX0A2Abf5tWIR/?= =?us-ascii?q?Z85Eus2DeC2gbO4e9eO080j7DUK5s5z741kZocrFrMEzftmEXzkK+WbkIk+vW0?= =?us-ascii?q?6+j/YrXpuJucN4hshwHiKKsugM2/AfkjMgQUQ2ia+fiz1L3k/UHjRrVFkuY2nb?= =?us-ascii?q?XDvJDfJMQbora1Aw5T0ok99xayFyqq3dsXkHUdLF9JZQiLg5bmNl3QOvz0EO+z?= =?us-ascii?q?g1G2nzdqw/DGMKfhApLILnXbi7fuY7J9609ayAouwtFT/olbCrYcIPL1RkD+qs?= =?us-ascii?q?fYAwQlMw203+nnCNJ92pkYWWKUGKCVKqzSsViW5u43OemDeJcVuCrhK/gi//Pu?= =?us-ascii?q?j3g5mVkHcqm13ZsYcna4E+9kI0WeZ3rsh80OEXwWvgUgVuzqk0eOUTlJZ3a9R6?= =?us-ascii?q?g8/C00CJq6DYffQYCgmL6B3CWhEZJKZWBGEVeMEXHpd4WaQPoMZiaSItJukzMf?= =?us-ascii?q?SLihTZMh1Qy0uA/90bpnIfLe+jcEupL7yNh1++rTmAkq9TNqFMuSzWeNT2Bonm?= =?us-ascii?q?MPXDI23b5wrlJjxVuZ1qh4mfNYH8RJ5/xVSgc6KYLcz+tiBt/vXQLBeNGJR0u4?= =?us-ascii?q?TdWiADE8Vcg+zMEUY0Z6AdmiiQrD3yWyCb8Pi7OLHIA08r7b33XpOsl912zJ1L?= =?us-ascii?q?M6glY6RctPMHGpibRk9wjPHYLJlVuWl7qyf6QGwCHN7HuDzXaJvExAUQ5wV7nF?= =?us-ascii?q?Um4bZkTIqNT2+F/CT6WuCLk8NQtB0dCNKq1PatLzjFVGQOzsONPRYm6rnGewHx?= =?us-ascii?q?mIzKuWbIX2Y2UdwDndCE8cngET/HeGMg4+Czyko2LaFTBuFFTvb1nq8eZksnO7?= =?us-ascii?q?TU40zx+UYEF70bq65AIVj+SGS/wPxrIEpDshqzJsEVez3tLWD9+AqBR7fKhHb9?= =?us-ascii?q?My/kpI1WXDtwNnJpygNadihlwAfAtro0PizRJ3Cp9PkcIytnMl0BJyKb6E0FNG?= =?us-ascii?q?bz6Y04rwNafRKmbu/RCvcLXb2lTG0NaX46sP8/o5q075sAGuDEoi/G1t08NJ3H?= =?us-ascii?q?uE+pXKEA0SXIryUkkt9Bh6oKzabzI+54zO1n1sNrS0viXF29IzC+sv0gygcMtH?= =?us-ascii?q?MKOYCA/yFNUXCNKzJ+wwmlimcAgEMftI+6EoOsOqbfyG2LSkPOx4hjKpkXxH4J?= =?us-ascii?q?xh0kKL7ydzVvTH35IbzPGDwguGVzD8gUy6ss/rmIBLezcSHna+ySf+HoJRYLN9?= =?us-ascii?q?fZoTA2e0P8K33sl+h4LqW3NA7l6sGk4J1dSmeRqXYF3xxwtQ2loLoXa/gyu30y?= =?us-ascii?q?R0ky01rqqYxCHO2OridAAAOm5QWGlvlkzsIY6zj9EUWUindQ4pmAGj5Unk26hR?= =?us-ascii?q?vL5/IHXLQUdUYyj2KHlvU6WqubqGf85A9okosT5MXeSif1+aUKXyowYf0y/5GG?= =?us-ascii?q?te3j87fSmwuprlhxx6lH6dLHFroXrHeMF/2Qvf5NvGRfJLwjUGRC54iT/YBlWn?= =?us-ascii?q?O9mp/NOUmI3ZsuC5TW6hUYdTcSbzx4OaqCS7/XFqAQG4n/2rnt3nEBM60TPi29?= =?us-ascii?q?lxSyrIqBf8Yo/216W1Ku9nZVFoBF7668p7Bo5+iZE8hJcO1ngGnp+V52YIkX/v?= =?us-ascii?q?MdVH3qLzdGANRTkPw97R/gflwlFsLnWHxo/iTXWd39duZ8KgbmMRwCI94NhACL?= =?us-ascii?q?2I47xcgSt1vl24oBrSYfdjmDcd0uAj6H0EjOEPowotyDuSAqwIEUlfJyzsmAyC?= =?us-ascii?q?78qio6VPeGavbb+w2VJmnd+7EbGCph9TWG7jdZckAS9/8N9/PUnR0H3o9I7kYs?= =?us-ascii?q?LQYcgIth2TjhfAlfRaJ4w/lvoNnypnNnzysWcjy+ElkRxkxYu6s5SfK2Vx4KK5?= =?us-ascii?q?BQZVNiPzZ8wO4Tztk6BekduW34y1GJVuBCkLVoPyTf20CDISqejnNwGWHT0ksH?= =?us-ascii?q?ibBL7fEBSD50dns3LOE4mnN3+NK3kf19liQwOdJENHigAOQDo6hoI5FhytxMH5?= =?us-ascii?q?c0d45jQR6UDjpxtJzeJoORf/XXnDpAe0ajc0T52fIwRM4gFE+UjVLdSU7vhvEC?= =?us-ascii?q?FA4p2hsAuNJ3SVZwtSC2EJRkuEB1X4M7mg+9bP7u+YBvCkIPvWe7WOru5eWOmU?= =?us-ascii?q?ypKzyIdm+CyMNsqXNHl4E/I7wlZDXWx+G8nBgTUDUSIWmzjIb8GBoBe8/S12o9?= =?us-ascii?q?ul//v3XQLj/4yPC6FdMd934RC5nb+DN/KMhCZ+MTtY2IkMymHVx7gExlESjT1u?= =?us-ascii?q?dz62EbkbryHCUKfQlrVQDx4BZCN5LNFI4L4k3glRJc7bjcv41rhijvEvE1dFTU?= =?us-ascii?q?fsms+oZcwQOGG9KF3HBEeNNLucIz3E38D3brm4SbFKi+VUrRKwsy6BE0D/JjSD?= =?us-ascii?q?iyXpVxe3PO5Xly6XOxheuICmchZxEmjvVsnmZQOnP9Ntlj0537k0hnLMNW4BPj?= =?us-ascii?q?lxaF9Cr72K7SNFmfVzAWJA4WB5LemfnCaZ6fPUKpEMsftkGi50jf5V4Gwmy7tJ?= =?us-ascii?q?6yFJXPp1mCrWrt5qvV6mifKCxSB5XxpUrTZHnoWLvV9tOa/B7JlPRW7E/A4R7W?= =?us-ascii?q?WXExkFvNplCtLou6BW0dXAibz8JyxD893O+8sQHc/UKNiIMHA5KxrmBCbUDBcZ?= =?us-ascii?q?TT6sLWzQnUNdn+uM9nKLtZU6rYDsl4QISr9eTlM1F/caBV9iHN0NOpt3WSkkkb?= =?us-ascii?q?GDhs4S+XW+tAXRRNldvp3fSvKSBvDvJCyDjblDZhoH37X4Ip8JNo38xUNiaUJ3?= =?us-ascii?q?k5jNG0rVQd9CuDZhbhMurEVL7nd+UnU521j5ZQO1/H8TCfm0kwYwigRge+st8C?= =?us-ascii?q?zh41QwJlrRuCs/ik8xmc7mgTCQajLxKrm/XZ1OASruq0cxKo/7QxpybQCqh0xr?= =?us-ascii?q?KizESKxLgLt6aW9riBTRtoBOGf5GUKJEZxEQxemNZ/o20VVQsCOnylFb5eHdE5?= =?us-ascii?q?ttiBMqcYKwr3JHww9sccQ6JbLRJKVU1VhdnbiBvjWy1uA2zg4ePFgC/3+PeC4S?= =?us-ascii?q?uUwIKrknKzCu/uNy9QyIgyFDd3QUV/o2vvJq8VswO+CHzyL6zbFDLEGwN+uEIq?= =?us-ascii?q?OWvWjAiNSEQlQq1kMHj0NF56R50d8/c0qIUEAi1KCRGAoNNcrDLwFVcsVT+WPP?= =?us-ascii?q?ciaJtOXC3Yh6P56hFuzyS++BqroUiFq+HAk1B4QM8tgBHp603U7FMcjnKbkFyR?= =?us-ascii?q?Mx5Aj2P1iFEupGeAiKkDYGpMG/yoV73Y9DKTEBGW99Kzm45q7Lpg82h/qORMs2?= =?us-ascii?q?YnYfXosDKnI2WM27ljVEsHRBDDi4yPkWxBKE7zDiuiTaFCP8YMZ7ZPeIeRNsD8?= =?us-ascii?q?m79i8786i3lVHY7I3RJ2T6NNRkvd/P7/kVqo2cBPNVV7Z9tV7Qm4dFR3CwVW7A?= =?us-ascii?q?D8K1LYDqa4Ywddz0Fmq6Ulunhj0uUcjxOs2gIbKVjgH2W4lUqpKb0yo5Nc69DD?= =?us-ascii?q?0eHA1wp+4b7qJmeQIDe4Y7YQLvtwkmLay/JgaY3cmuQ2aqLTtWVOFRw/ynabJN?= =?us-ascii?q?0yciafS3x2cnTpE/0+a461UNRI0QghHY2/mje5FUUTLvFXxFZwXPuS05mnB9Oe?= =?us-ascii?q?Yw2Ogw3AjFvkUbMzCPcOxpaXJLv8sgBVyMPXp2CnA0R1iGjYrM+gSsxawd/zNB?= =?us-ascii?q?n9ZI1u1IqGL+sYXFYDKrQ6OmsonVszA6Ytg4vaJxNY3jIs2JtJPanzzfQ5nQsh?= =?us-ascii?q?GLUCGgDfpan8JcICRGT/lUgWslI9AJuZJd6UotUcczP7JOBLMwqbCqaDpkCC8S?= =?us-ascii?q?wjUaV46b3TwNnPmz1KXAmheXapQiPwQOsI9ejdsFTy52fiQeqbemV4rMjW+ESX?= =?us-ascii?q?YEIBsS7QRK6wINjYFxcfrj4IXUSJ9MzCNWrO9vUifREJln6Uf7QHmMgVfkUPWh?= =?us-ascii?q?j/Cp3QVKwfL01dkbXARwCVJTxuZRkksoJqp6K6wXvo7NqT+Ha1/1vHjqyOu9P1?= =?us-ascii?q?lRyMvUd1LiAIrCr2r8XTUW+WcISo9X1HHfCZMSnhJjZ6YxuVVMJpqqekXl6jwl?= =?us-ascii?q?xoRpHqW4Wtuxy1Yjs3kGWz+gE8BdBOF+rFLXRDplboi3qJXiPpVfWXNQ9IGYq1?= =?us-ascii?q?hCikltNTC2yYZEIcFX/jEMRCRPoSmavNaqSM1Mw9V2AIUIIthioHryBb1LOICJ?= =?us-ascii?q?o3Iovrzg1GXZ9yo7sFegyzW5A7W4QP5B/20CBgUpIHyTqksoD+Qy6Wrd707Csk?= =?us-ascii?q?tq8OdBGriAk1h+rCx7Hp9QGjZDzWqlIEhrTHlar+VaL7zYc9BBTPYvZB+gIRg+?= =?us-ascii?q?GOU60EyO+EF7gW32YzdutgdA/SDSQRU0XzEPgrjxgT0ett2nOTgCRp1TYzUucz?= =?us-ascii?q?vJJgCGlS1ZpxtQd0ZqW5UFDdlf4LEbwZFY/szcRkawMSsFRgBtNhok0fpDkk5O?= =?us-ascii?q?qF+Ydj7AAgqob/nPrgZ6fcOWrM63Mvv14htIioT6v+8m7akDQWOpmRG1S9DEs4?= =?us-ascii?q?D8rsGKtleJdKrgK+28emPBQyLRghCsnrokFJ7K/zXJMAVHNZZ6z2YkYYL7Bm7P?= =?us-ascii?q?JxhGILgbJ0VDX6BgddpGuvxaZ9NjeKsR5a9tHAyISQ3yF4G0sflGKkrTRS7EIC?= =?us-ascii?q?Wf8+y/pobT4qLBSeT6YcyM3XnHSbptPphm8Tn7B6vq0YhG90rzwPht8kd6Rkba?= =?us-ascii?q?MyCdttvuPBgG5M+8eUv+pZ0mASnZAI9un3b3wEFPadYXSTWw8JsE0JNZ9GrwSe?= =?us-ascii?q?Vg30jxquJS7b5k6ZIz479z18e5PqLSKelesU97AxibGgRq+Y8rAGhkXWxRZfUR?= =?us-ascii?q?KPjJd6QDkc/us/z3F7AQ6BCN+exWc93HJ0/bmsm4Fz6TVwdJnBsbpj4cNQuc0O?= =?us-ascii?q?SJm6lqRsa5veL5wF4i40CiLh4ay7Bg/YiE+reJpO/Taxve070EV7P3Sczttbss?= =?us-ascii?q?ulmd5fs+mL4JYGx1bBWtEPIBWc4F2mfg0acqwDouE8PCGrLt4/tDWGw5nz3+gZ?= =?us-ascii?q?B9HlMWGvwOEbqN44tegn8ym/bFOd0ObqBChmGPGAaiEr8G0nOr6i2XIGx/jhHP?= =?us-ascii?q?1RHwT3mz40XtrS9kWyvM0svsklZIVrmtG0heRS2pOVV3sDmXJgrnqML3ubgp7E?= =?us-ascii?q?ExKmHksdWNlG29OLNYAcLyP9mcISguq1IRkpIxWtKu2YcBGdq+O9cd6nd+YeXC?= =?us-ascii?q?62mziS9Ov79Hh5bC4sGS4vjXGWKgj6iapriWyjBX1GU3vVYl6t+6LvHO/dqKQ/?= =?us-ascii?q?a22GkNUydzoQzBXwS6qrbDtVAbJVSL0FvXmIwNJtxZ3Hg52Vv86+c/W98z7xtR?= =?us-ascii?q?FpreaPwevzzzPyH0wVmHadItSiaeyydXHk7yEVRgA6c82XnwvczTmnfS+l0oWp?= =?us-ascii?q?FweFb6hRxzFIg3NUUt50UJzSUZDAgNcxebDKuyCkj/KosET0cDYwyd3LemYqc3?= =?us-ascii?q?wVFzwrS36e/Ld+N8G7YCNvZTjw6JhlhbGYsasbYAT7J4el9d8rPXpwf5Boj/Rf?= =?us-ascii?q?fmiWY/Nf27Q8Bd68AZtGEu4gWhSBq675dM8bIbhIqPdq5ebpjGpNp84Ft/5T4T?= =?us-ascii?q?aixNhwByjxyjXuAGuu/j/tjbvYGs6uavSKYiWeUX+AIpB2RllZfwhk4soc3P3e?= =?us-ascii?q?dGVoLVkZj/8BxKI3OSt4bVzR98KfYJK4Kse7pg7GsIJywfJ3IIINqXZOIx4ytz?= =?us-ascii?q?PzXJ511NGNkAZdUGM8rRgQpUkFHmWKlP9srHHV+VE4Fzd8E04GrwzDA664A8Xv?= =?us-ascii?q?zh6D+xIpDf9EpNMuhGjChjm9POvu8VweDdCCIP+3mWdwB1wj+ey5mKE/vw8vmD?= =?us-ascii?q?yMrPV18fAyA4XIFTJDuE+Qy6Seu4j5rpUgaO5c/1np0ybkWQRma+nK4dqKZDDf?= =?us-ascii?q?ZAijnn3jhZDo31hfWVs9qq6GdNqlJHEIJz7QDYF6ReP5V7Pw/4lsqqRkVnGCv/?= =?us-ascii?q?ed/UeQAquOWLx+cA+eN+OFXiZYUDOBIL16r66WZJTgtpULP2v0iZUvgXZNZ9TP?= =?us-ascii?q?PEs21a6YNnK68UJlSdo4bqrjhQolAsHAApcKMwriBddkTWng1aRaj0uLAEigYH?= =?us-ascii?q?X992o0lMFnysOG4k4TrIS7hVhrGLCPMJ6jWTUrAOU0JwPyNxRxO135tvdKWtnf?= =?us-ascii?q?BDqW5GhSR9oP4r0zN6Xhe8vzPjp74V0zI65L64rCkBuWBCTuiGkSfICVVCzOwN?= =?us-ascii?q?jacYCnbi9UKzbWIGbIvz/LlnP9rv+ZMm43QlbhUpZzcGUvi4CyHsk6OIBZSCsM?= =?us-ascii?q?5dhB6Io8jOcb6zIjQRNrsjzRLvXX593RbCnBxw6msEXi2g7MM4JIW6Icslwyuo?= =?us-ascii?q?GWvYdFYL+a5JstH+tV0MTOswd1xhxn9v0s6ZSS0RXMbPAXo6jhA4aWVYd5JO8Q?= =?us-ascii?q?QVGLcugjaUpaRG5QUUYDDIEoS55Infg9rH1WM6TddwyWLcvreFiY8y0H15h9N0?= =?us-ascii?q?6TaDuHoMeOzcUs9sGmb825xeyOz/YvWtt/4ISJFiyLu/SvMCNdOj+WSu0pVwRk?= =?us-ascii?q?Cl3qgeH0a+MOIbyLbbSz2lSWyEVuuVaGWMmjc5MlLo5Ra2NFE3b91Kr0AlOOvY?= =?us-ascii?q?mpFcjxHhUa9zRiiIol/byHIsPPgCdwIyooinYBAKTO8NaOiAP+gh3uMxBEEKb3?= =?us-ascii?q?DXASt8E/W2vkK1nIhnJ3Vg5l33YeDs8gDgLduTFQAIEYrbrp5q5fy6XXmMOX56?= =?us-ascii?q?wx10O0l47eDfF04+tuVEaZaegcDQh8hn0e4Cb/ptNDcytcITmoJi74mU19yHcQ?= =?us-ascii?q?/Qzpb0O97VpvmYA/vCz0UlYG1aVaAZYQzt7YUgItE5Q6HTHadevRkEB6g1Wp8h?= =?us-ascii?q?N2Dq+6xvMQNzdBLRZLSzgsn3qeKLZodUq2XQ7l0uMCfWowcDxeCsTQxnc5CqgG?= =?us-ascii?q?3/IJI1RjJGtd1tEBpmHJBUFsMGtQWnBoCbmKChh9+24UN6tPcAsbDsBfDSyNS5?= =?us-ascii?q?w4JxUoBB5UyFOTbeGKhmj0d+g+SsnPjAyJjxCMLledMCTuR7RHDKaqOVVrm4fy?= =?us-ascii?q?mDPsP6Zl5u76+X0LU/VA6YIi/+Qe7OsiC4OPh6yVs0x5Y+f+fJyjEpqbbB15+6?= =?us-ascii?q?Y2BduzfmtnWVLLNB41HQQ+/TRRRZTbyC6mkhVakWa5bksfwDOsE4wcSNpgx04C?= =?us-ascii?q?lG3eObLKW76EzBwER2cdTcNkS69Tw+XNwwIR+/OFEgyU/Qq3LQGjwINMmvKcB3?= =?us-ascii?q?jOGeORzk5k98gkknem9HBmfyQ9qNf2Mc3pTtN0Wx6AtXAoNbzKaMckkiu/j3EL?= =?us-ascii?q?Fl?= X-IPAS-Result: =?us-ascii?q?A2DSAwBuiEta/wHyM5BdGwEBAQEDAQEBCQEBAYMSKQOBWie?= =?us-ascii?q?PH44kmT+BfSaJVUMUAQEBAQEBAQEBAWoogjgkgk8CJBkBOAECAwkCBTIRCAMBW?= =?us-ascii?q?hIFiFeBOQEDFQMBs3Y6gwsFgQKEWoFsBAiEDIE2XIM/hhlFgSmBBIU9BaNMlSi?= =?us-ascii?q?UCpg/NiKBTzIaI1KCKYIEQQ8cgWd4iH8BAQE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 02 Jan 2018 13:27:39 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w02DRcCF014014; Tue, 2 Jan 2018 08:27:39 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id vBUHLpDg091629 for ; Sat, 30 Dec 2017 12:21:51 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id vBUHLox4028347; Sat, 30 Dec 2017 12:21:50 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1DVBgDlyUdafyoYGNZcHgEGDIMSKYFdJ?= =?us-ascii?q?51CmT6CAQ+FNoQyQxQBAQEBAQEBAQETAQELFoYuGQE4ARUydxKIXIE5AQMVAwG?= =?us-ascii?q?qajqDCwWBAoRYgUYBJQQIhAyBNlyDP4YZRYEpgQSFPQWjTJUolAqYPzaBcTIaI?= =?us-ascii?q?1KCKYIEQQ8cgWd4iRABAQE?= X-IPAS-Result: =?us-ascii?q?A1DVBgDlyUdafyoYGNZcHgEGDIMSKYFdJ51CmT6CAQ+FNoQ?= =?us-ascii?q?yQxQBAQEBAQEBAQETAQELFoYuGQE4ARUydxKIXIE5AQMVAwGqajqDCwWBAoRYg?= =?us-ascii?q?UYBJQQIhAyBNlyDP4YZRYEpgQSFPQWjTJUolAqYPzaBcTIaI1KCKYIEQQ8cgWd?= =?us-ascii?q?4iRABAQE?= X-IronPort-AV: E=Sophos;i="5.45,481,1508817600"; d="scan'208";a="161683" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 30 Dec 2017 12:21:49 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AJmd/wB9KaC7wwv9uRHKM819IXTAuvvDOBiVQ1KB2?= =?us-ascii?q?1eMcTK2v8tzYMVDF4r011RmVBdydta8P0rKM+4nbGkU4qa6bt34DdJEeHzQksu?= =?us-ascii?q?4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1?= =?us-ascii?q?Ov71GonPhMiryuy+4ZLebxlViDanYL5/LBq6oRjNusUInIBvNrs/xhzVr3VSZu?= =?us-ascii?q?9Y33loJVWdnxb94se/4ptu+DlOtvwi6sBNT7z0c7w3QrJEAjsmNXs15NDwuhnY?= =?us-ascii?q?UQSP/HocXX4InRdOHgPI8Qv1Xpb1siv9q+p9xCyXNtD4QLwoRTiv6bpgRRn1gy?= =?us-ascii?q?kFKjE56nnahNFwgqxFrhyvpBtxzpXIbI2JLvdyYrnQcc8GSWdHQ81fVzZBAoS5?= =?us-ascii?q?b4YXE+QBPPpXr4nnqFsUsBS1GAuiC/nuyj9OmHD2xrAx3uM7EQHHwAMgH8gBsG?= =?us-ascii?q?7Jo9rtKKgdSeC1w7PJzTXFcfxWwizw55PUchAgp/GMQax/cdDXyUYxCwPJlEmf?= =?us-ascii?q?qYvgPz6M0OkGrmaV7+1lVe21im4nrRl8rSS1ycc0kIbGnYYVxU7e+SV/3ok1Od?= =?us-ascii?q?u1Q1N4b968CJZcqTyWOoRsTs88TGxkojg2x7IctZO0YiQG0Jcqyh/FZ/CafIWF?= =?us-ascii?q?7QjvWPueLDp5nn5oebOyihCv+ka60OL8TNO70FNSoypFjNbMsncN2gTd5cWZU/?= =?us-ascii?q?Vz+Ems1CiV2Q3P9u1JLlo4mrTFJJ4k2b4wmYAfsUHZES/3nEX6lqqWdkQg+uSw?= =?us-ascii?q?6uTnZKvppoOEOoNqlw3zPb4iltKwDOgiLAQDUHKX9Oui2LH7+E32WrRKjvk4kq?= =?us-ascii?q?nDt5DaINwWprS4AwBJ0oYs8Qy/ACq+39sEhXYHLEhKeBOBj4f3IFHDO+v3Deu+?= =?us-ascii?q?g1SqjDdk2erGPrv/DZXRNHTMjLDhfbNl505G1AUz1cxf545TCrwZO/L8R1Txuc?= =?us-ascii?q?fEDh45LwO0w+HnBM971oMFQ22DGKCZMKTMsVWQ/OIgP/GMZJMJuDb6M/Ul/ODh?= =?us-ascii?q?jXs4mV8bYKmo0oAaaGy4H/t6I0WZZmDggtEaEWgQpAY+Q+vqiEPRGQJUMm2/W6?= =?us-ascii?q?M6+yETFJOtDYCFQJukxrOGwmPzGJBKam1YIk6DHG2udIieXfoILiWILYsplj0C?= =?us-ascii?q?SKjkUIQ9zTmwuwLgjblqNOzZ/msfr52nnNx04fDD0Ao//iFuDtiMlmSKQ3xwk0?= =?us-ascii?q?sWSDIsmqNyu0pwzhGEy6crreZfEIlp5vhJWx02fb7Vzup3EJimQAPKft6TRGGt?= =?us-ascii?q?ddWvADc8Vfo7394If0tnHdi+yBvE2nz5UPcui7WXCclsoern1H/rKpMlxg=3D?= =?us-ascii?q?=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DYBgDQykdafyoYGNZcHgEGDIMSKYFdJ?= =?us-ascii?q?51CmT6CAQ+FNoQyQxQBAQEBAQEBAQEBEgEBCxZdgjgigncZATgBFTJ3EohcgTk?= =?us-ascii?q?BAxUDAapsOoMLBYEChFiBRgElBAiEDIE2XIM/hhlFgSmBBIIbDIMWBaNMlSiUC?= =?us-ascii?q?pg/NoFxMhojUoIpggRBDxyBZ3iJEAEBAQ?= X-IPAS-Result: =?us-ascii?q?A0DYBgDQykdafyoYGNZcHgEGDIMSKYFdJ51CmT6CAQ+FNoQ?= =?us-ascii?q?yQxQBAQEBAQEBAQEBEgEBCxZdgjgigncZATgBFTJ3EohcgTkBAxUDAapsOoMLB?= =?us-ascii?q?YEChFiBRgElBAiEDIE2XIM/hhlFgSmBBIIbDIMWBaNMlSiUCpg/NoFxMhojUoI?= =?us-ascii?q?pggRBDxyBZ3iJEAEBAQ?= X-IronPort-AV: E=Sophos;i="5.45,481,1508803200"; d="scan'208";a="7188471" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol3cpa04.eemsg.mail.mil ([214.24.24.42]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 30 Dec 2017 17:21:45 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;c651bdbd-9c71-4418-9087-1b73eb9a5304 Authentication-Results: UCOL3CPA11.eemsg.mail.mil; dkim=permerror (key too small) header.i=@btinternet.com X-EEMSG-check-008: 2551618|UCOL3CPA11_EEMSG_MP26.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 65.20.0.148 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0DDAACZykdah5QAFEFcHQEBBQELAYMSggYntwCCAQ+FNoQyQxQBAQEBAQEBAQETAQEBCgsJCCgvhVEZATgBFTJ3EohcgTkBAxUEqmw6gwsFgQKEWIFGJgQIhAyBNoQbhhlFgSmBBIIbDIMWBaNMlSiUCpg/NoFxMhojUoIpggQBQA8QDIFneIkQAQEB X-IPAS-Result: A0DDAACZykdah5QAFEFcHQEBBQELAYMSggYntwCCAQ+FNoQyQxQBAQEBAQEBAQETAQEBCgsJCCgvhVEZATgBFTJ3EohcgTkBAxUEqmw6gwsFgQKEWIFGJgQIhAyBNoQbhhlFgSmBBIIbDIMWBaNMlSiUCpg/NoFxMhojUoIpggQBQA8QDIFneIkQAQEB Received: from rgout0801.bt.lon5.cpcloud.co.uk ([65.20.0.148]) by UCOL3CPA11.eemsg.mail.mil with ESMTP; 30 Dec 2017 17:21:43 +0000 X-OWM-Source-IP: 86.144.146.66 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-Junkmail-Premium-Raw: score=8/50, refid=2.7.2:2017.12.30.165416:17:8.317, ip=, rules=__HAS_FROM, __FRAUD_WEBMAIL_FROM, __TO_MALFORMED_2, __TO_NO_NAME, __HAS_CC_HDR, __MULTIPLE_RCPTS_CC_X2, __CC_NAME, __CC_NAME_DIFF_FROM_ACC, __SUBJ_ALPHA_END, __HAS_MSGID, __SANE_MSGID, __HAS_X_MAILER, __FROM_DOMAIN_IN_ANY_CC1, __ANY_URI, __FRAUD_BODY_WEBMAIL, __URI_NO_WWW, __NO_HTML_TAG_RAW, BODY_SIZE_10000_PLUS, __MIME_TEXT_P1, __MIME_TEXT_ONLY, __URI_NS, HTML_00_01, HTML_00_10, __FRAUD_WEBMAIL, __FROM_DOMAIN_IN_RCPT, __CC_REAL_NAMES, MULTIPLE_RCPTS, __PHISH_SPEAR_STRUCTURE_1, __MIME_TEXT_P, NO_URI_HTTPS Received: from localhost.localdomain (86.144.146.66) by rgout08.bt.lon5.cpcloud.co.uk (9.0.019.13-1) (authenticated as richard_c_haines@btinternet.com) id 5A1377BF039C6CD1; Sat, 30 Dec 2017 17:19:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btinternet.com; s=btcpcloud; t=1514654504; bh=nEdv8jk5ZErNwyd10bRowF7XiLhbLxPaNMdgTHdxlcg=; h=From:To:Cc:Subject:Date:Message-Id:X-Mailer; b=rYxwY/gGr0mnm353JaZoF0CVKocPTDAqoz4Nz1G4xvLOv86T5XhfUfI7JHD/MHvJLiKegK5gZj3yfsHYQDBIet4AWWq1kviFerfL2a0c1sgmMTi/R7o+H3/myaT7uj/jYPzt1k8m44aIdrmmkN61b8tE9p6BfwYkk2RvJX24548= X-EEMSG-check-009: 444-444 From: Richard Haines To: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-sctp@vger.kernel.org, linux-security-module@vger.kernel.org Date: Sat, 30 Dec 2017 17:19:50 +0000 Message-Id: <20171230171950.15739-1-richard_c_haines@btinternet.com> X-Mailer: git-send-email 2.14.3 X-Mailman-Approved-At: Tue, 02 Jan 2018 08:24:19 -0500 Subject: [PATCH V4 2/4] sctp: Add ip option support X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: marcelo.leitner@gmail.com, nhorman@tuxdriver.com, vyasevich@gmail.com, sds@tycho.nsa.gov Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Add ip option support to allow LSM security modules to utilise CIPSO/IPv4 and CALIPSO/IPv6 services. Signed-off-by: Richard Haines Acked-by: Marcelo Ricardo Leitner --- include/net/sctp/sctp.h | 4 +++- include/net/sctp/structs.h | 2 ++ net/sctp/chunk.c | 13 ++++++++----- net/sctp/ipv6.c | 42 +++++++++++++++++++++++++++++++++++------- net/sctp/output.c | 5 ++++- net/sctp/protocol.c | 36 ++++++++++++++++++++++++++++++++++++ net/sctp/socket.c | 9 +++++++-- 7 files changed, 95 insertions(+), 16 deletions(-) diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h index d7d8cba..1b2f40a 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h @@ -436,9 +436,11 @@ static inline int sctp_list_single_entry(struct list_head *head) static inline int sctp_frag_point(const struct sctp_association *asoc, int pmtu) { struct sctp_sock *sp = sctp_sk(asoc->base.sk); + struct sctp_af *af = sp->pf->af; int frag = pmtu; - frag -= sp->pf->af->net_header_len; + frag -= af->ip_options_len(asoc->base.sk); + frag -= af->net_header_len; frag -= sizeof(struct sctphdr) + sizeof(struct sctp_data_chunk); if (asoc->user_frag) diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index 0477945..9942ed5 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h @@ -461,6 +461,7 @@ struct sctp_af { void (*ecn_capable)(struct sock *sk); __u16 net_header_len; int sockaddr_len; + int (*ip_options_len)(struct sock *sk); sa_family_t sa_family; struct list_head list; }; @@ -485,6 +486,7 @@ struct sctp_pf { int (*addr_to_user)(struct sctp_sock *sk, union sctp_addr *addr); void (*to_sk_saddr)(union sctp_addr *, struct sock *sk); void (*to_sk_daddr)(union sctp_addr *, struct sock *sk); + void (*copy_ip_options)(struct sock *sk, struct sock *newsk); struct sctp_af *af; }; diff --git a/net/sctp/chunk.c b/net/sctp/chunk.c index 3afac27..9d130f4 100644 --- a/net/sctp/chunk.c +++ b/net/sctp/chunk.c @@ -153,7 +153,6 @@ static void sctp_datamsg_assign(struct sctp_datamsg *msg, struct sctp_chunk *chu chunk->msg = msg; } - /* A data chunk can have a maximum payload of (2^16 - 20). Break * down any such message into smaller chunks. Opportunistically, fragment * the chunks down to the current MTU constraints. We may get refragmented @@ -170,6 +169,8 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc, struct list_head *pos, *temp; struct sctp_chunk *chunk; struct sctp_datamsg *msg; + struct sctp_sock *sp; + struct sctp_af *af; int err; msg = sctp_datamsg_new(GFP_KERNEL); @@ -188,9 +189,12 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc, /* This is the biggest possible DATA chunk that can fit into * the packet */ - max_data = asoc->pathmtu - - sctp_sk(asoc->base.sk)->pf->af->net_header_len - - sizeof(struct sctphdr) - sizeof(struct sctp_data_chunk); + sp = sctp_sk(asoc->base.sk); + af = sp->pf->af; + max_data = asoc->pathmtu - af->net_header_len - + sizeof(struct sctphdr) - sizeof(struct sctp_data_chunk) - + af->ip_options_len(asoc->base.sk); + max_data = SCTP_TRUNC4(max_data); /* If the the peer requested that we authenticate DATA chunks @@ -210,7 +214,6 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc, /* Set first_len and then account for possible bundles on first frag */ first_len = max_data; - /* Check to see if we have a pending SACK and try to let it be bundled * with this message. Do this if we don't have any data queued already. * To check that, look at out_qlen and retransmit list. diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 3b18085..b06dc81 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -423,6 +423,38 @@ static void sctp_v6_copy_addrlist(struct list_head *addrlist, rcu_read_unlock(); } +/* Copy over any ip options */ +static void sctp_v6_copy_ip_options(struct sock *sk, struct sock *newsk) +{ + struct ipv6_pinfo *newnp, *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + + newnp = inet6_sk(newsk); + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) + opt = ipv6_dup_options(newsk, opt); + RCU_INIT_POINTER(newnp->opt, opt); + rcu_read_unlock(); +} + +/* Account for the IP options */ +static int sctp_v6_ip_options_len(struct sock *sk) +{ + struct ipv6_pinfo *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + int len = 0; + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) + len = opt->opt_flen + opt->opt_nflen; + + rcu_read_unlock(); + return len; +} + /* Initialize a sockaddr_storage from in incoming skb. */ static void sctp_v6_from_skb(union sctp_addr *addr, struct sk_buff *skb, int is_saddr) @@ -662,7 +694,6 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk, struct sock *newsk; struct ipv6_pinfo *newnp, *np = inet6_sk(sk); struct sctp6_sock *newsctp6sk; - struct ipv6_txoptions *opt; newsk = sk_alloc(sock_net(sk), PF_INET6, GFP_KERNEL, sk->sk_prot, kern); if (!newsk) @@ -685,12 +716,7 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk, newnp->ipv6_ac_list = NULL; newnp->ipv6_fl_list = NULL; - rcu_read_lock(); - opt = rcu_dereference(np->opt); - if (opt) - opt = ipv6_dup_options(newsk, opt); - RCU_INIT_POINTER(newnp->opt, opt); - rcu_read_unlock(); + sctp_v6_copy_ip_options(sk, newsk); /* Initialize sk's sport, dport, rcv_saddr and daddr for getsockname() * and getpeername(). @@ -1036,6 +1062,7 @@ static struct sctp_af sctp_af_inet6 = { .ecn_capable = sctp_v6_ecn_capable, .net_header_len = sizeof(struct ipv6hdr), .sockaddr_len = sizeof(struct sockaddr_in6), + .ip_options_len = sctp_v6_ip_options_len, #ifdef CONFIG_COMPAT .compat_setsockopt = compat_ipv6_setsockopt, .compat_getsockopt = compat_ipv6_getsockopt, @@ -1054,6 +1081,7 @@ static struct sctp_pf sctp_pf_inet6 = { .addr_to_user = sctp_v6_addr_to_user, .to_sk_saddr = sctp_v6_to_sk_saddr, .to_sk_daddr = sctp_v6_to_sk_daddr, + .copy_ip_options = sctp_v6_copy_ip_options, .af = &sctp_af_inet6, }; diff --git a/net/sctp/output.c b/net/sctp/output.c index 4a865cd..2b39c70 100644 --- a/net/sctp/output.c +++ b/net/sctp/output.c @@ -151,7 +151,10 @@ void sctp_packet_init(struct sctp_packet *packet, INIT_LIST_HEAD(&packet->chunk_list); if (asoc) { struct sctp_sock *sp = sctp_sk(asoc->base.sk); - overhead = sp->pf->af->net_header_len; + struct sctp_af *af = sp->pf->af; + + overhead = af->net_header_len + + af->ip_options_len(asoc->base.sk); } else { overhead = sizeof(struct ipv6hdr); } diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index fcd80fe..cde051a 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -237,6 +237,38 @@ int sctp_copy_local_addr_list(struct net *net, struct sctp_bind_addr *bp, return error; } +/* Copy over any ip options */ +static void sctp_v4_copy_ip_options(struct sock *sk, struct sock *newsk) +{ + struct inet_sock *newinet, *inet = inet_sk(sk); + struct ip_options_rcu *inet_opt, *newopt = NULL; + + newinet = inet_sk(newsk); + + rcu_read_lock(); + inet_opt = rcu_dereference(inet->inet_opt); + if (inet_opt) { + newopt = sock_kmalloc(newsk, sizeof(*inet_opt) + + inet_opt->opt.optlen, GFP_ATOMIC); + if (newopt) + memcpy(newopt, inet_opt, sizeof(*inet_opt) + + inet_opt->opt.optlen); + } + RCU_INIT_POINTER(newinet->inet_opt, newopt); + rcu_read_unlock(); +} + +/* Account for the IP options */ +static int sctp_v4_ip_options_len(struct sock *sk) +{ + struct inet_sock *inet = inet_sk(sk); + + if (inet->inet_opt) + return inet->inet_opt->opt.optlen; + else + return 0; +} + /* Initialize a sctp_addr from in incoming skb. */ static void sctp_v4_from_skb(union sctp_addr *addr, struct sk_buff *skb, int is_saddr) @@ -590,6 +622,8 @@ static struct sock *sctp_v4_create_accept_sk(struct sock *sk, sctp_copy_sock(newsk, sk, asoc); sock_reset_flag(newsk, SOCK_ZAPPED); + sctp_v4_copy_ip_options(sk, newsk); + newinet = inet_sk(newsk); newinet->inet_daddr = asoc->peer.primary_addr.v4.sin_addr.s_addr; @@ -1008,6 +1042,7 @@ static struct sctp_pf sctp_pf_inet = { .addr_to_user = sctp_v4_addr_to_user, .to_sk_saddr = sctp_v4_to_sk_saddr, .to_sk_daddr = sctp_v4_to_sk_daddr, + .copy_ip_options = sctp_v4_copy_ip_options, .af = &sctp_af_inet }; @@ -1092,6 +1127,7 @@ static struct sctp_af sctp_af_inet = { .ecn_capable = sctp_v4_ecn_capable, .net_header_len = sizeof(struct iphdr), .sockaddr_len = sizeof(struct sockaddr_in), + .ip_options_len = sctp_v4_ip_options_len, #ifdef CONFIG_COMPAT .compat_setsockopt = compat_ip_setsockopt, .compat_getsockopt = compat_ip_getsockopt, diff --git a/net/sctp/socket.c b/net/sctp/socket.c index d6163f7..4373e2a 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3162,8 +3162,11 @@ static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned if (asoc) { if (val == 0) { + struct sctp_af *af = sp->pf->af; + val = asoc->pathmtu; - val -= sp->pf->af->net_header_len; + val -= af->ip_options_len(asoc->base.sk); + val -= af->net_header_len; val -= sizeof(struct sctphdr) + sizeof(struct sctp_data_chunk); } @@ -4964,9 +4967,11 @@ int sctp_do_peeloff(struct sock *sk, sctp_assoc_t id, struct socket **sockp) sctp_copy_sock(sock->sk, sk, asoc); /* Make peeled-off sockets more like 1-1 accepted sockets. - * Set the daddr and initialize id to something more random + * Set the daddr and initialize id to something more random and also + * copy over any ip options. */ sp->pf->to_sk_daddr(&asoc->peer.primary_addr, sk); + sp->pf->copy_ip_options(sk, sock->sk); /* Populate the fields of the newsk from the oldsk and migrate the * asoc to the newsk.