From patchwork Tue Feb 13 20:54:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn via Selinux X-Patchwork-Id: 10217619 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EAB8E60329 for ; Tue, 13 Feb 2018 21:36:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DA58028C17 for ; Tue, 13 Feb 2018 21:36:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CEA2828D6D; Tue, 13 Feb 2018 21:36:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from UCOL19PA11.eemsg.mail.mil (ucol19pa11.eemsg.mail.mil [214.24.24.84]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CBA8B28C17 for ; Tue, 13 Feb 2018 21:36:05 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.46,509,1511827200"; d="scan'208";a="444953561" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by UCOL19PA11.eemsg.mail.mil with ESMTP; 13 Feb 2018 21:36:05 +0000 X-IronPort-AV: E=Sophos;i="5.46,509,1511827200"; d="scan'208";a="8659280" IronPort-PHdr: =?us-ascii?q?9a23=3AUzEI2RYVL0P6MYZ58+tvSLn/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZosS4Zh7h7PlgxGXEQZ/co6odzbaO6Oa6CSdZvcfJmUtBWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYdFRrlKAV6?= =?us-ascii?q?OPn+FJLMgMSrzeCy/IDYbxlViDanbr5+MBu7oR/PusQVjoduN6k8xx/UqXZUZu?= =?us-ascii?q?pawn9lK0iOlBjm/Mew+5Bj8yVUu/0/8sNLTLv3caclQ7FGFToqK2866tHluhnF?= =?us-ascii?q?VguP+2ATUn4KnRpSAgjK9w/1U5HsuSbnrOV92S2aPcrrTbAoXDmp8qlmRAP0hC?= =?us-ascii?q?oBKjU2/nvXishth6xFphyvqQF0z4rNbI2IKPZye6XQds4YS2VcRMZcTzJPDI2/?= =?us-ascii?q?YYUIEuQBJeRVo5TzqlUOtxuxGxKsCfjzxjNUnHL6wbc33/g9HQzAwQcuH8gOsH?= =?us-ascii?q?PRrNjtKKkSUPy6zKnSwjXZcvxdxDXz55LJchAnv/6MRq97cdTQyUY1CgjLk0uf?= =?us-ascii?q?qYjkPzOTy+QMvHWQ4u17Ve2xj24nqgdxoiWgx8o3lonIhp4aylDD9SljxoY1Ps?= =?us-ascii?q?e3RFR0Yd6jDptdrieXPJZ4TMMlRmFnoic6yrsetJGnZicK0I4oyAXba/OZaYSI?= =?us-ascii?q?5AzsVPqXLDxlh3xlYKqyiwu9/EWv0OHxVtS43ExUoidKjNXArG0B2wTQ58WGUP?= =?us-ascii?q?dx40ms1DmV2w3T9O1IO0E5mbTdJpU82LA/jIATvl7GHiLunUX2i7KZeVs89+iz?= =?us-ascii?q?7uTnfq3mppiBN49okg3+Mrohmsi4AekgLggBRXKb+eWh1L3450H5XLVLgeE2kq?= =?us-ascii?q?neqpzaI9gUprWlDANP14Yj6hK/Ay+n0NQeg3YHMEpIdA+IgoXmIV3DIO30Ae2h?= =?us-ascii?q?j1mjjjtn3e3KMqXkAprXL3jDlLnhfax6605Z0Acz1s5Q55ZVCrEHPfLyVVb9u8?= =?us-ascii?q?ffDh8kNQy73/joCM5m24MCWWOAHq+ZMKTIvV+O/eIgOfOAZIASuDbjM/Ql/eLh?= =?us-ascii?q?jWclmV8BeqmkxZkXaHe+Hvt8P0WZYWDjgtEaHGcIuQo+Sunqh0eZUT5PeXmyRb?= =?us-ascii?q?k86is8CIK8AofJXpqtj6CZ3CenAp1WYXhLClKOEXjya4qEWOwMaCWUIs9gjDwJ?= =?us-ascii?q?TrahS4s81RChrwD61rxnLvbJ+iECspLjztd17fXJlR4u7Tx0E9id02aVQmFsgG?= =?us-ascii?q?wHXCE53KZ+oUxhzVeOyql4jOJGGtNN/f9JVR06NZHExexgF9/yQh7BfsuOSFu+?= =?us-ascii?q?X9qmBjcxTtQszNAQZ0Z9Gs6vgQrd0CqwBL8ZjbuLBIY78qjExXj+O959y2ra1K?= =?us-ascii?q?kml1QpX9dPOne8hqNk6wfTAIvJnFmDmKaxaaQQxijN+3mfzWCWpkFXTBZwUbnZ?= =?us-ascii?q?XXAYfkbWrNL55l/cQL+qF7snNxVOydKYKqpKcdDpik1GS+nlONTbeW2xmmOwCg?= =?us-ascii?q?2PxrKDdobqfH8d3CrFAkgejw8T5WqGNRQ5Biq5o2PfDTtuFVT0bkPp9elysXK7?= =?us-ascii?q?TkkuwwGMdUJhzbm1+h8LhfOCUf8T2KwLuDs5oTVuAFm9x87WC8aHpwd5cqRcYN?= =?us-ascii?q?c94FJZ2mLDrAF9MIKvIL1lhl4EaQt3p1nu1xJ1CopejccqsGkmzA1oKaKXyFlB?= =?us-ascii?q?bS+X3YjsOr3LLWn/5B6va7TM1VHYzNmW+7wP5e89q1X7vQGlD1Ei8nt809VP1H?= =?us-ascii?q?uc/JrKBhIIUZ3tSkY36wR6p7bCbyk+/YzU1npsMbSvvz/Bwd0pB+wlygu6c9dY?= =?us-ascii?q?KqOEGxf4E9cGCMi2NOwqh1+pYwoeM+9P7q40Pt2pd+Gd1aGxIOlgmSiqjWNd4I?= =?us-ascii?q?ByykiM7TZzSvbU35YZxPGVxheIWC34jFi/qcD3hYBFZTYJE2qk1SfkBZBeZqtu?= =?us-ascii?q?fYYKE2iiOcu3yctih5T1QX5X6EajB08a2M+uYReSdUHy0hBL2EQYpHymljG0zz?= =?us-ascii?q?pqnDE1tqCfxjDBw/z+dBobPW5GXHJijVn2IYizlNAaQFOlbxMvlBui60f6wrJU?= =?us-ascii?q?pKJlI2nVX0hIYzD8L3t+XauoqrqCf8lP5YsmsCpNVOS8fU6VSqTmoxYBzSPsAX?= =?us-ascii?q?FeyysmdzGvoJn5mAZ6iG2FJnZpsHXZYd1wxQvY5NHEW/5R3yYJRDV/iTnNHFSz?= =?us-ascii?q?I9mp/dKSl5fMqe2+U2OhVptJfinxyoOMriy75XdlARenhfC8hsXnERQm0S/8z9?= =?us-ascii?q?RqUSTIrA3gYoXyzKS1L+ZnfkhuBF/h5Mt3AZp+kpMxhJEW2HgVmo6V8WABkWjt?= =?us-ascii?q?LdVRwbj+Y2YVRT4X397V5xDo2FdkLnKNw4L2SG+dzddmZ9i0eW4WwT894NxRCK?= =?us-ascii?q?uO67xEhyR1qEKirQ3Nefh9gisdyfw25X4Zne4JvhEtwz6eAr8MG0lYJirsmAqU?= =?us-ascii?q?79ykq6VXfmmve6Cq1EVihdChEK2CogZEVXbhYJgiACtw4dtnMF3W1n3z9p/reM?= =?us-ascii?q?PLYNIOrR2bjQ3Aj/NPJJIqkfoKmDBnNn7jsn0rzO47lxNu0o+gsIiBNWpt4Lqz?= =?us-ascii?q?AgREOT3te8MT5jbtgL5AnsaQwo+iBYthGjMWU5voV/6oFiwdtej/PQaUDDI8sm?= =?us-ascii?q?ubGabYHQKH8EdptW/PE5SwOn6LJXkZ0dVjSACTJENFhgAYRjI6noQ2Fgqy3szu?= =?us-ascii?q?bF955iwN5l7/shZMyeJpNx3hXWrEoQeobTk0SJaBIxpK8gFC50DVMcmA4e5pGS?= =?us-ascii?q?FX4IGhphSXKmOHfwRIEX0JWkucClDtJLau48XA8++dBuelIfvBf6iBqetEV/iS?= =?us-ascii?q?3ZKvyIxm/zSSOcqTInluFfo72lBMXXphAcTWhy0PSzALlyLKd8OUuQuz+ihwrs?= =?us-ascii?q?C57PTnRRni5ZWRBLtIMNVu+he2gaGZO+6Wmil5NS5S1okQyn/Q1LgfwFkShjlg?= =?us-ascii?q?dzm3D7sPqDXNQ7jWmq9LCB4bcDh+O9FU4KI5xAVNPtTbitzt3L5ikvE1E0tFVU?= =?us-ascii?q?DmmsyxY8wKOXuyNEvfBEuQOrSGJCfLw9rrYaOySL1Qiv9btxustjaaCUDjOi6P?= =?us-ascii?q?lz7zVxCgKetMlj2UPARCuIGhdRZgEXPsQ8nhZh2/Md93liE2waYuinPRK2ETLS?= =?us-ascii?q?Jwc1hTob2U7CNYhOh/GmNa43V5LeiEgTuZ7/LCJpcYq/RrHj90l+Vc4HggzLtV?= =?us-ascii?q?9i5ETuRvmCTOtt5uv02mku6XxzphURpOrjJLi5yQvUh5I6rW6INAWXHe8BIK92?= =?us-ascii?q?WQBAwAp8F5Bd33p6BQ1t/PmbroJzdD/NLU+s0cCtPJJ82ZK3UhMADmGDjOAAsC?= =?us-ascii?q?Vz6rOnnVh1ZBn/GK6n2Vsp86p4D2l5oBULBbSkI6G+gdCkR9AtMCJpJ3USklkb?= =?us-ascii?q?6fl8EI4nW/oAPWRMVAsZDNTuiSDun3KDaFkblEYAMFwa//LYQWLIH7wUtia1hk?= =?us-ascii?q?k4TMAEXQR9dNrTNibgIvvEpN931+QXEp1EL+dgOh+nkTGuConhQukAtxffwt9C?= =?us-ascii?q?vw41cwPlfKpiswkUkpmdXihTCRcSLxI7mrUIFTCir0q1IxPY3hTwZydw2yklRu?= =?us-ascii?q?NC3YSLJJk7tgaWdrhRfauZRRA/FcSbZJYBwXxfGMe/Uny1Jcqj6kxU9G/+fFD4?= =?us-ascii?q?VtlBcye562s31Awx5jbMIyJaHIPqpG0ENQibyUsS+yyu8xwBQTKF0M8GOIZSEI?= =?us-ascii?q?v0IINqE8JyW2/u1g8wqClCVfeGIUTfolvupq9l8hO+SH1y/vzqRMKl6wN+OCNK?= =?us-ascii?q?OUoHLPldSSQlM32EIIjFdK8qRr0cc5ckqUS0AuwKGXFxsXKcrIMRtVYNZK9HjP?= =?us-ascii?q?YSaOtv3AwZZyP4WnCO/oS+6PtKEPj0KrGgYpAp4A7sMbHpmjyEvYN9voLKYZyR?= =?us-ascii?q?Ux4wTmPE6FA+pNeBKKljcHvs6+wYRr0olaIzESHX9yMT6r5rrNoA8lnuaDVs8s?= =?us-ascii?q?YngGRosEKm42WMqili5FvnRACT630v4ZyAmC9DLzuyXQDTnmYNV4fvuUYw1jCM?= =?us-ascii?q?2u8zUl76e2kULX8onZJ2ziL9tivt7P5v8EqJmfDvNVTb99s0Dam4ZCXHGlSG/P?= =?us-ascii?q?HsSzJ5TpZYkscMb4CnCkXVyjkzg1Vdv+PM6xLqiUhgHlXZ1bv5ed3D04L8CyCy?= =?us-ascii?q?8eFAlqp+EY/q18fw0Cb4A8YR7yuAQ0L7a/LxuA0tWyX2atLiNbT+NZzeW7e7NX?= =?us-ascii?q?zy0sbuuhyHU4V5800vO5/FIKSpwRkh7ewvOjaJVEXijoBnxRYQPPqjQll2J5LO?= =?us-ascii?q?Y93v8/wA/UsVkbKz2EaO5pZ3ZYsNwnGVySJnF2Cm45R1CCl4rD/hCj0KwS/ydH?= =?us-ascii?q?mNZUy+JFumDkvpDDeDKsRLCrqZLNvio6d9cmuapxPpf4L8uarpPRhCLfQ4fUsg?= =?us-ascii?q?2EVi66GP5amtlfICJYXPlIl3sqOdYDuYZb70o+SNs+LaRVCKYwvrCqdSZkDSkK?= =?us-ascii?q?wC4XTY+PwDwCgua527vbjBiQc48vMB0av5pcnNQRSSl2YjkRpKW7TYXZi3eESn?= =?us-ascii?q?QXIAcU9QlM4RgPlpVzfu/7/IrITZlMyzFNrvN6SCTLEIVn91/8SmGLnFf4U++t?= =?us-ascii?q?k+q30gJO1PjsyMUUWAZjCUhBwOZbjlMoKLZzK6YKpI7LvDiIdUf0vG/2zeumI1?= =?us-ascii?q?5RydbKeFLkForFsnH8UjYd+X0SSo9D0nbfFY4dkwBhcqYkuE1MIJy6ekb5/zEr?= =?us-ascii?q?3Z5pH6S+VcyxxFYotncGRyarE9pdEO5qqlTXVyN5Y5qzspXqJ41SQnNM+J2as1?= =?us-ascii?q?pZjEJtMyuixJpAN81N5yUDUCJJoTqDoNu4UNdD1tNuD58QPtd/vG/wGKNeN5iL?= =?us-ascii?q?uXI2vqHgx2TE9D8iqFe63Cu8G6umQOJD5WEeHR8pJ2uGoEk1E+Qs6nvS8kzKsl?= =?us-ascii?q?1s/edbAaaAgF5srzljBZBBGCxJ1Wy7IFtuVnVGtftVKLjNecxGX/YyfQOvOwA5?= =?us-ascii?q?FfM+w0yG4Fx7nXbjbCx2rQZV5yfdXwwoWiYPmbfthScSqse5Nj8GU5hIdykubz?= =?us-ascii?q?/ZKwKHniBapA1Qa092VJwFANtJ5r8W0JBI8crFTEajNTsKXAd+Ng4i1/pQi1JD?= =?us-ascii?q?ul2CeS/BFQqoaerPshpvcMeLssGmMfT58x1bio78tOA48LsDSGO4lQKxRtDRsp?= =?us-ascii?q?HzuseMtkSQaKfyK/e8bmPZTDjQkRCwgq8pD4HR/yjPKgVUNoV6xGE/YZjmFG7L?= =?us-ascii?q?JwhJKLwdJ0pHT6B1c9FGrvpdZ89+d6YD4bVtCQ6fRhPzBIyvq+FLLkrJRTvAMS?= =?us-ascii?q?qO7/eyoZ/X7bzBU+jvfNKMx3fAQ6JzIJh69SP3G7Dw0Y9R4kD2wOti9ltmSVja?= =?us-ascii?q?NCCMtNHhKRkP5MmmaETiooEpEinMD5prlnri2F1Ad9ELTCKw6JQX1olV6HDuRu?= =?us-ascii?q?JkykLzqvFd96F46Ykr5LBk0cW0Kr3IKfRdqk9nBgKbBhtx+5UoHWh/Q3xRYu4N?= =?us-ascii?q?J/fQZ6sZi9vup/rwF6wN5x2f4/ZZZsffJ0Hdhsm/DSmRSR5ekwcHpz4aNAyc2O?= =?us-ascii?q?OblKJvVcaqv+752lkq41SkKB4J0qxt75+e+qWUvO/XcwfRzb8cV6jlW8Pzr7As?= =?us-ascii?q?u0eM6v0hj7MBZ3J6bBamEOcHUM4R3GDgzbolzSg0CcPMA6rg+OJfV3I+hj/gmZ?= =?us-ascii?q?F9H1ANF/MRA7WK/ZpRnn05m+zfOd0aaKZClXiTFRS8CL8N1War6zeLIGlimhzO?= =?us-ascii?q?1RXwTHiy7F/wqC90WyrMz9HtkkpPTLa3HltSXzC0OUBkrDOPIRDou8TttaQy9k?= =?us-ascii?q?E2PXTutMiRm2u5JLNXA8r/KcSZISkzolIXkJIxScK01IAeGNqyOtER/29ibvrQ?= =?us-ascii?q?7GOriSxBo7xdi4rY/M6V5u3dHWO8gK2Ct7WN2DdYx2A8vVEk79CtNurD59OUTP?= =?us-ascii?q?u10GYRVT1wuxPbXx6yqLzUsUwbOVCR3EfMgowKMclT3WMk2UH++OgjXNUz+R1f?= =?us-ascii?q?FofBffwNvyz8NSDvwVmBf9I4SDWR3yFQHlLvHllyALI8137ovMLViXfQ/EUlSZ?= =?us-ascii?q?Jxd0z8ix14FYc4KUMx6FgP2CUDDAwNZAuHA7GvGEvqM5ELVVUZaRSAxri1YL07?= =?us-ascii?q?3UppwrOg/OXTd/BzB7IRNvZBiQ6DhEBbFYgKsaICQLJ9dVhd9LTUpgT7EIjoQf?= =?us-ascii?q?zmlXs2Nf2oTcFX6tgZuGE+4gmjRxqh55BD76wYiJySda5Lf4LMvMZi4Edj/zIP?= =?us-ascii?q?cTZNgBdnhROjTe8cvPzj4sTcsJew5eahTrwtSPsL9xg0HGl+i5rwgEw9rtHXze?= =?us-ascii?q?hcV5bVhZ758A9TP36AoJza3AVkKeoSN4Kre65t93oZKCgYO3IOOt2WZ/4n4yBz?= =?us-ascii?q?NDXT5lpCAt4DZN4DOMrChxpUi03zV71J8MrUBEOYAZ9pd88092r31Cw18ZwkX+?= =?us-ascii?q?bm6T+5OZff71VXMPNYlilsldXCpO8OwfrJEyUX5HaUahdvziOF0ZmNBO76/f+Q?= =?us-ascii?q?x9HMS1MGAik2Xp9SJDWe4gynXfO5mojmXA2S68/zho8+dU2LS3y+maQKqKBMHv?= =?us-ascii?q?BahiX8xDheGZj/h+iJvNq09GtXqlpHHZ5x7R3CGKVfOI93Ngj4lsmvW0hzGyr+?= =?us-ascii?q?eMDSdho1u+qWx/wB4/t/N0vgf4AbJg8Ly7Pg5XpTUARuVKb8vkyFUuIJeNtmVP?= =?us-ascii?q?TEo2hU6YJ+MaAPOkOQpJj3rjhVqVA2BxQpZKU3rjxAeUnEhBdVVLrsuL4clgsc?= =?us-ascii?q?VsZ0uU1SFmK+NmI+4yHKVKpPg6mXFvMV7i+fTqoQXEV0Kil+WQ+62I1ye7u1mv?= =?us-ascii?q?BKqmxGnid6oPkkzTNmQB+8tDb3p6IK3zIg+a23uC8HuXNbUuWUiz3IBklbzPQW?= =?us-ascii?q?kaccDG7v6UC9YHkGd4by/LhnKtjj9YY/53QzexMjcDMaXe64ESH/k7uIApCTsN?= =?us-ascii?q?JbnBONvcTObbywLSgVLbk9ywjsR3t60gjYghlo9nEHQjO+4984PI+9I9oqxjK0?= =?us-ascii?q?GWjHc1YB+rhGv9X3tV4XV+Y2cldhwGJ/0sibWC0CWtHAF3wyjgg+ZmVOaIhD5g?= =?us-ascii?q?MCF6k0njaIubFL/g8KbzfQE4Sl4pffkNzJ2Hk8SNdqw3zZpreBhpw0ynFlnMl0?= =?us-ascii?q?7iGWsnQIa+PYS9NsAmT01opHx+3+f++tsuEbR4R407mhVf4CMtW5+WSowplqXV?= =?us-ascii?q?WlxrsGFVqjLOAD3qvbUzuiSWCAXuSLd3aDki0hMk72/xaoNUE3aMZWoE8hKOvN?= =?us-ascii?q?mIBTmxfnUbxqWiWavUXbw3A7MeMGawI2v5+qewgLTO4XeuidKvEiwPk/CFsXc3?= =?us-ascii?q?/JBjB7C+6svl6rm4h3IXJg4V/1Ye716ADpLMOSGgUYEY7dtpNx/Oa1SX6BOX9h?= =?us-ascii?q?yh1yO1J59/neF1Q3qOBcd5eRnd7Nh9V0y+IFcO1tMSIlsN4Jho1j8ZWU0NuNcR?= =?us-ascii?q?zJzJb9P9LVov+DDPDE0kQqfH1aUroeYQPo6IU6PsI5V6fVHbRHoRQWHbI6T4A5?= =?us-ascii?q?N2ft6KF0Kxt+cgzUZLSzmMnqvOOLZoBPqn/Q9F0wKTnTuxwZxvyzVwx7YIigh2?= =?us-ascii?q?/uL5AoWjJBs9ptBwN9HItBHsMPswuqDp2PlaGlldCx4UJ6uu4Nsar2EPzK0sq2?= =?us-ascii?q?35kiF6RdsFeGODfXGblDnlVujuP0hOzJlJb2F4eqf94YWOVlanDKZ6WAHYilLD?= =?us-ascii?q?+KfMXmdAoO97+azaI8SR6NfAjnUKec8i6pLvNp5QM80IM8NO7SyiE9qqrW08bo?= =?us-ascii?q?Zn1K4yKkoWONObNB41HQQ+/TRRRZTbyC6mk2J6APaZrI87I0MNciycKQqyl67T?= =?us-ascii?q?JPy4PROamqrkbW1nVwQpLSLU3kwA4zRYgMPBmlN0Ywx2TeryKOL25bK52eKMJt?= =?us-ascii?q?icyZRjzk5k98gikzZ2cJIWfsRNGMKSBPwM+6ZQuX5CpXHt0DmKixYkd+uaqsH7?= =?us-ascii?q?o7cq5ZkPmn4e1U2e1iLDvCEY0DZyw=3D?= X-IPAS-Result: =?us-ascii?q?A2BmBAAsWYNa/wHyM5BdGwEBAQEDAQEBCQEBAYMlLYFWKI5?= =?us-ascii?q?9jTKDGZZWC4F0JogNWBQBAgEBAQEBAQIBaiiCOCSCTwIkUgMDCQI3EQgDAVoSB?= =?us-ascii?q?YgHVYE8AQEBFQMBshE6hBNhhAqCQ4UBghUQgy+GGYFygQSFPQWkLgmVd5RRmVQ?= =?us-ascii?q?2IoFQKwgCGAghDz2BMxp5ggVQHIIGeI5cAQEB?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 13 Feb 2018 21:36:04 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w1DLa4ZC000704; Tue, 13 Feb 2018 16:36:04 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w1DKsxAx048412 for ; Tue, 13 Feb 2018 15:54:59 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w1DKt1tI018411; Tue, 13 Feb 2018 15:55:01 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1BHAwCKT4NalywYGNZdHgEGDIMlKoFZK?= =?us-ascii?q?I59jTKDGZZWggOFRYJqWBQBAgEBAQEBAQITAQEBAQEGGAaGKBkBOAEVMncSiGG?= =?us-ascii?q?BOwEDFQMBshM6gwwFgQKEYweCEQElBAiFAYE2X4M/hhmBcoEEhT0FpC4JlXeUU?= =?us-ascii?q?ZlUNoFyMxojUoJGggVBDxAMggZ4jlwBAQE?= X-IPAS-Result: =?us-ascii?q?A1BHAwCKT4NalywYGNZdHgEGDIMlKoFZKI59jTKDGZZWggO?= =?us-ascii?q?FRYJqWBQBAgEBAQEBAQITAQEBAQEGGAaGKBkBOAEVMncSiGGBOwEDFQMBshM6g?= =?us-ascii?q?wwFgQKEYweCEQElBAiFAYE2X4M/hhmBcoEEhT0FpC4JlXeUUZlUNoFyMxojUoJ?= =?us-ascii?q?GggVBDxAMggZ4jlwBAQE?= X-IronPort-AV: E=Sophos;i="5.46,509,1511845200"; d="scan'208";a="199207" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 13 Feb 2018 15:55:01 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AjhOKmB3NfDXrM77FsmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?seMTL/ad9pjvdHbS+e9qxAeQG9mDsrQc06L/iOPJYSQ4+5GPsXQPItRndiQuro?= =?us-ascii?q?EopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZv?= =?us-ascii?q?JuTyB4Xek9m72/q99pHPfglEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+?= =?us-ascii?q?VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfM?= =?us-ascii?q?QA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7S60/Vza/4KdxUBLmlS?= =?us-ascii?q?cJOSA3/m/UjcJ9l75XrA67qhBj2YPYfJ2ZOfxjda3dZ9MaQm9BU95NWSxAHoy8?= =?us-ascii?q?b5EAD/AcMu1FrYfyvVoOrR2gCgm3GejizSVIhn7q0q06yeshCxzJ0xQ8EN0WsH?= =?us-ascii?q?TbttT1NKEMXuCu16TH1inDb/JQ2Tfh9ofIaBYhru+QXb5qbcXRzkwvGhrDg16N?= =?us-ascii?q?p4LlODaV2f4Ms2id9+dvSfigi3Y9pA5qpjig2N0gio/XiYIJzF3P6CZ3wJ4tKN?= =?us-ascii?q?GmVUJ2bsSoHIVfui2AKYd7TdkuTm5ntSoiybALuIS3cDUExZko3RLSa+KLf5KJ?= =?us-ascii?q?7x79UuuaPC12i2h/eL2lgha/6UigxfP4VsmzyFtFoDRInMDKuH0DyRHd8NSKRu?= =?us-ascii?q?d880u7xzmAyQXT6vpLIUwukKrUMZ8hwroqmpoWsETDGjf6mETwjKCIakUp4vak?= =?us-ascii?q?5/nob7n8uJOROJV4hh/xP6g0lcGyDvw0Mg0UUGia/eS82qfj/Ur8QLhSlP02k7?= =?us-ascii?q?XWsJDAKsQBu6G2GxNa3Z4j6xmlDjem1soXnWIcIV1eZBKHjo7pO03QL/DiC/ew?= =?us-ascii?q?nUisnC13yPDBO73tGo/NIWTbkLf9YbZ97FZRyBEuwtBE/J9UFrEAL+7zWk/2rt?= =?us-ascii?q?DYCAQ5PBauz+boD9V9yJsUWXiTDa+BLKPSrViI6/o0I+aSYI8VuTD9K+Uq5vP1?= =?us-ascii?q?kX84mUMSfamu3ZcNbnC4Be5pL1+WYXrrnNdSWVsN6xEzSO3slU2qTS9YZ3H0Wb?= =?us-ascii?q?k1oD48FsbuC4rfSo2zqKKO0T39HZBMYG1CTFeWHjOgc4SCRudJcymOOud/nTEe?= =?us-ascii?q?E7usUYks0VeprgC+g75mKPfEvzYVvo/51cRkoujUmQw2+BRqAMmHlWKAVWd5mi?= =?us-ascii?q?UPXTBl8rp4pBlHy1yD2LJ0y9xRFNpe/LsdSAYxNZfGw9txPND7WwTMZf+DVFeg?= =?us-ascii?q?Xti8BzwtCNk2xoldMA5GB9y+g0WbjGKRCLgPmunTCQ=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AIAwA3UINalywYGNZdHQEBBQELAYMlK?= =?us-ascii?q?oFZKI59jTKDGZZWggOFRYJqWBQBAgEBAQEBAQIBEgEBAQEBBhgGV4I4IoJ3GQE?= =?us-ascii?q?4ARUydxKIYYE7AQMVAwGyEDqDDAWBAoRjB4IRASUECIUBgTZfgz+GGYFygQSCG?= =?us-ascii?q?wyDFgWkLgmVd5RRmVQ2gXIzGiNSgkaCBUEPEAyCBniOXAEBAQ?= X-IPAS-Result: =?us-ascii?q?A0AIAwA3UINalywYGNZdHQEBBQELAYMlKoFZKI59jTKDGZZ?= =?us-ascii?q?WggOFRYJqWBQBAgEBAQEBAQIBEgEBAQEBBhgGV4I4IoJ3GQE4ARUydxKIYYE7A?= =?us-ascii?q?QMVAwGyEDqDDAWBAoRjB4IRASUECIUBgTZfgz+GGYFygQSCGwyDFgWkLgmVd5R?= =?us-ascii?q?RmVQ2gXIzGiNSgkaCBUEPEAyCBniOXAEBAQ?= X-IronPort-AV: E=Sophos;i="5.46,509,1511827200"; d="scan'208";a="9305149" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol3cpa06.eemsg.mail.mil ([214.24.24.44]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 13 Feb 2018 20:55:00 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;e71ddcb5-41c9-439f-8c75-1b002dd3e038 X-EEMSG-check-008: 546166005|UCOL19PA15_EEMSG_MP13.csd.disa.mil X-EEMSG-SBRS: 3.4 X-EEMSG-ORIG-IP: 65.20.0.129 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BrAQCeTYNahoEAFEFdHAEBAQQBAQoBAYMlggMojn2QS5ZWggMPhTaDQhQBAgEBAQEBAQITAQEBCAsLCCgvhVEZATgBFTJ3EohhgTsBAxUEshE6gwwFgQKEYweCESYECIUBgTaEHoYZgXKBBIIbDIMWBaQuCZV3lFGZVDaBcjMaI1KCRoIFAUAPEAyCBniOXAEBAQ X-IPAS-Result: A0BrAQCeTYNahoEAFEFdHAEBAQQBAQoBAYMlggMojn2QS5ZWggMPhTaDQhQBAgEBAQEBAQITAQEBCAsLCCgvhVEZATgBFTJ3EohhgTsBAxUEshE6gwwFgQKEYweCESYECIUBgTaEHoYZgXKBBIIbDIMWBaQuCZV3lFGZVDaBcjMaI1KCRoIFAUAPEAyCBniOXAEBAQ Received: from rgout0602.bt.lon5.cpcloud.co.uk (HELO rgout06.bt.lon5.cpcloud.co.uk) ([65.20.0.129]) by ucol19pa15.eemsg.mail.mil with ESMTP; 13 Feb 2018 20:54:58 +0000 X-OWM-Source-IP: 86.134.52.62 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-Junkmail-Premium-Raw: score=8/50, refid=2.7.2:2018.2.13.203916:17:8.317, ip=, rules=__HAS_FROM, __FRAUD_WEBMAIL_FROM, __TO_MALFORMED_2, __TO_NO_NAME, __HAS_CC_HDR, __MULTIPLE_RCPTS_CC_X2, __CC_NAME, __CC_NAME_DIFF_FROM_ACC, __SUBJ_ALPHA_END, __HAS_MSGID, __SANE_MSGID, __HAS_X_MAILER, __FROM_DOMAIN_IN_ANY_CC1, __ANY_URI, __FRAUD_BODY_WEBMAIL, __URI_NO_WWW, __INVOICE_MULTILINGUAL, __NO_HTML_TAG_RAW, BODY_SIZE_10000_PLUS, __MIME_TEXT_P1, __MIME_TEXT_ONLY, __URI_NS, HTML_00_01, HTML_00_10, __FRAUD_WEBMAIL, __FROM_DOMAIN_IN_RCPT, __CC_REAL_NAMES, MULTIPLE_RCPTS, __PHISH_SPEAR_STRUCTURE_1, __MIME_TEXT_P, NO_URI_HTTPS Received: from localhost.localdomain (86.134.52.62) by rgout06.bt.lon5.cpcloud.co.uk (9.0.019.21-1) (authenticated as richard_c_haines@btinternet.com) id 5A5E1C4B0B7D90C6; Tue, 13 Feb 2018 20:54:56 +0000 X-EEMSG-check-009: 444-444 To: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-sctp@vger.kernel.org, linux-security-module@vger.kernel.org Date: Tue, 13 Feb 2018 20:54:44 +0000 Message-Id: <20180213205444.4559-1-richard_c_haines@btinternet.com> X-Mailer: git-send-email 2.14.3 X-Mailman-Approved-At: Tue, 13 Feb 2018 16:34:04 -0500 Subject: [PATCH V6 2/4] sctp: Add ip option support X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: From: Richard Haines via Selinux Reply-To: Richard Haines Cc: marcelo.leitner@gmail.com, nhorman@tuxdriver.com, vyasevich@gmail.com, james.l.morris@oracle.com, sds@tycho.nsa.gov Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Add ip option support to allow LSM security modules to utilise CIPSO/IPv4 and CALIPSO/IPv6 services. Signed-off-by: Richard Haines --- include/net/sctp/sctp.h | 4 +++- include/net/sctp/structs.h | 2 ++ net/sctp/chunk.c | 12 +++++++----- net/sctp/ipv6.c | 42 +++++++++++++++++++++++++++++++++++------- net/sctp/output.c | 5 ++++- net/sctp/protocol.c | 36 ++++++++++++++++++++++++++++++++++++ net/sctp/socket.c | 14 ++++++++++---- 7 files changed, 97 insertions(+), 18 deletions(-) diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h index f7ae6b0..25c5c87 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h @@ -441,9 +441,11 @@ static inline int sctp_list_single_entry(struct list_head *head) static inline int sctp_frag_point(const struct sctp_association *asoc, int pmtu) { struct sctp_sock *sp = sctp_sk(asoc->base.sk); + struct sctp_af *af = sp->pf->af; int frag = pmtu; - frag -= sp->pf->af->net_header_len; + frag -= af->ip_options_len(asoc->base.sk); + frag -= af->net_header_len; frag -= sizeof(struct sctphdr) + sctp_datachk_len(&asoc->stream); if (asoc->user_frag) diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index 03e92dd..ead5fce 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h @@ -491,6 +491,7 @@ struct sctp_af { void (*ecn_capable)(struct sock *sk); __u16 net_header_len; int sockaddr_len; + int (*ip_options_len)(struct sock *sk); sa_family_t sa_family; struct list_head list; }; @@ -515,6 +516,7 @@ struct sctp_pf { int (*addr_to_user)(struct sctp_sock *sk, union sctp_addr *addr); void (*to_sk_saddr)(union sctp_addr *, struct sock *sk); void (*to_sk_daddr)(union sctp_addr *, struct sock *sk); + void (*copy_ip_options)(struct sock *sk, struct sock *newsk); struct sctp_af *af; }; diff --git a/net/sctp/chunk.c b/net/sctp/chunk.c index 991a530..d5c0ef7 100644 --- a/net/sctp/chunk.c +++ b/net/sctp/chunk.c @@ -154,7 +154,6 @@ static void sctp_datamsg_assign(struct sctp_datamsg *msg, struct sctp_chunk *chu chunk->msg = msg; } - /* A data chunk can have a maximum payload of (2^16 - 20). Break * down any such message into smaller chunks. Opportunistically, fragment * the chunks down to the current MTU constraints. We may get refragmented @@ -171,6 +170,8 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc, struct list_head *pos, *temp; struct sctp_chunk *chunk; struct sctp_datamsg *msg; + struct sctp_sock *sp; + struct sctp_af *af; int err; msg = sctp_datamsg_new(GFP_KERNEL); @@ -189,9 +190,11 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc, /* This is the biggest possible DATA chunk that can fit into * the packet */ - max_data = asoc->pathmtu - - sctp_sk(asoc->base.sk)->pf->af->net_header_len - - sizeof(struct sctphdr) - sctp_datachk_len(&asoc->stream); + sp = sctp_sk(asoc->base.sk); + af = sp->pf->af; + max_data = asoc->pathmtu - af->net_header_len - + sizeof(struct sctphdr) - sctp_datachk_len(&asoc->stream) - + af->ip_options_len(asoc->base.sk); max_data = SCTP_TRUNC4(max_data); /* If the the peer requested that we authenticate DATA chunks @@ -211,7 +214,6 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc, /* Set first_len and then account for possible bundles on first frag */ first_len = max_data; - /* Check to see if we have a pending SACK and try to let it be bundled * with this message. Do this if we don't have any data queued already. * To check that, look at out_qlen and retransmit list. diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index e35d4f7..0b0f895 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -427,6 +427,38 @@ static void sctp_v6_copy_addrlist(struct list_head *addrlist, rcu_read_unlock(); } +/* Copy over any ip options */ +static void sctp_v6_copy_ip_options(struct sock *sk, struct sock *newsk) +{ + struct ipv6_pinfo *newnp, *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + + newnp = inet6_sk(newsk); + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) + opt = ipv6_dup_options(newsk, opt); + RCU_INIT_POINTER(newnp->opt, opt); + rcu_read_unlock(); +} + +/* Account for the IP options */ +static int sctp_v6_ip_options_len(struct sock *sk) +{ + struct ipv6_pinfo *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + int len = 0; + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) + len = opt->opt_flen + opt->opt_nflen; + + rcu_read_unlock(); + return len; +} + /* Initialize a sockaddr_storage from in incoming skb. */ static void sctp_v6_from_skb(union sctp_addr *addr, struct sk_buff *skb, int is_saddr) @@ -666,7 +698,6 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk, struct sock *newsk; struct ipv6_pinfo *newnp, *np = inet6_sk(sk); struct sctp6_sock *newsctp6sk; - struct ipv6_txoptions *opt; newsk = sk_alloc(sock_net(sk), PF_INET6, GFP_KERNEL, sk->sk_prot, kern); if (!newsk) @@ -689,12 +720,7 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk, newnp->ipv6_ac_list = NULL; newnp->ipv6_fl_list = NULL; - rcu_read_lock(); - opt = rcu_dereference(np->opt); - if (opt) - opt = ipv6_dup_options(newsk, opt); - RCU_INIT_POINTER(newnp->opt, opt); - rcu_read_unlock(); + sctp_v6_copy_ip_options(sk, newsk); /* Initialize sk's sport, dport, rcv_saddr and daddr for getsockname() * and getpeername(). @@ -1041,6 +1067,7 @@ static struct sctp_af sctp_af_inet6 = { .ecn_capable = sctp_v6_ecn_capable, .net_header_len = sizeof(struct ipv6hdr), .sockaddr_len = sizeof(struct sockaddr_in6), + .ip_options_len = sctp_v6_ip_options_len, #ifdef CONFIG_COMPAT .compat_setsockopt = compat_ipv6_setsockopt, .compat_getsockopt = compat_ipv6_getsockopt, @@ -1059,6 +1086,7 @@ static struct sctp_pf sctp_pf_inet6 = { .addr_to_user = sctp_v6_addr_to_user, .to_sk_saddr = sctp_v6_to_sk_saddr, .to_sk_daddr = sctp_v6_to_sk_daddr, + .copy_ip_options = sctp_v6_copy_ip_options, .af = &sctp_af_inet6, }; diff --git a/net/sctp/output.c b/net/sctp/output.c index 01a26ee..668e2fa 100644 --- a/net/sctp/output.c +++ b/net/sctp/output.c @@ -151,7 +151,10 @@ void sctp_packet_init(struct sctp_packet *packet, INIT_LIST_HEAD(&packet->chunk_list); if (asoc) { struct sctp_sock *sp = sctp_sk(asoc->base.sk); - overhead = sp->pf->af->net_header_len; + struct sctp_af *af = sp->pf->af; + + overhead = af->net_header_len + + af->ip_options_len(asoc->base.sk); } else { overhead = sizeof(struct ipv6hdr); } diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index 91813e6..8e786f0 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -237,6 +237,38 @@ int sctp_copy_local_addr_list(struct net *net, struct sctp_bind_addr *bp, return error; } +/* Copy over any ip options */ +static void sctp_v4_copy_ip_options(struct sock *sk, struct sock *newsk) +{ + struct inet_sock *newinet, *inet = inet_sk(sk); + struct ip_options_rcu *inet_opt, *newopt = NULL; + + newinet = inet_sk(newsk); + + rcu_read_lock(); + inet_opt = rcu_dereference(inet->inet_opt); + if (inet_opt) { + newopt = sock_kmalloc(newsk, sizeof(*inet_opt) + + inet_opt->opt.optlen, GFP_ATOMIC); + if (newopt) + memcpy(newopt, inet_opt, sizeof(*inet_opt) + + inet_opt->opt.optlen); + } + RCU_INIT_POINTER(newinet->inet_opt, newopt); + rcu_read_unlock(); +} + +/* Account for the IP options */ +static int sctp_v4_ip_options_len(struct sock *sk) +{ + struct inet_sock *inet = inet_sk(sk); + + if (inet->inet_opt) + return inet->inet_opt->opt.optlen; + else + return 0; +} + /* Initialize a sctp_addr from in incoming skb. */ static void sctp_v4_from_skb(union sctp_addr *addr, struct sk_buff *skb, int is_saddr) @@ -588,6 +620,8 @@ static struct sock *sctp_v4_create_accept_sk(struct sock *sk, sctp_copy_sock(newsk, sk, asoc); sock_reset_flag(newsk, SOCK_ZAPPED); + sctp_v4_copy_ip_options(sk, newsk); + newinet = inet_sk(newsk); newinet->inet_daddr = asoc->peer.primary_addr.v4.sin_addr.s_addr; @@ -1006,6 +1040,7 @@ static struct sctp_pf sctp_pf_inet = { .addr_to_user = sctp_v4_addr_to_user, .to_sk_saddr = sctp_v4_to_sk_saddr, .to_sk_daddr = sctp_v4_to_sk_daddr, + .copy_ip_options = sctp_v4_copy_ip_options, .af = &sctp_af_inet }; @@ -1090,6 +1125,7 @@ static struct sctp_af sctp_af_inet = { .ecn_capable = sctp_v4_ecn_capable, .net_header_len = sizeof(struct iphdr), .sockaddr_len = sizeof(struct sockaddr_in), + .ip_options_len = sctp_v4_ip_options_len, #ifdef CONFIG_COMPAT .compat_setsockopt = compat_ip_setsockopt, .compat_getsockopt = compat_ip_getsockopt, diff --git a/net/sctp/socket.c b/net/sctp/socket.c index bf271f8..8307968 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3138,6 +3138,7 @@ static int sctp_setsockopt_mappedv4(struct sock *sk, char __user *optval, unsign static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned int optlen) { struct sctp_sock *sp = sctp_sk(sk); + struct sctp_af *af = sp->pf->af; struct sctp_assoc_value params; struct sctp_association *asoc; int val; @@ -3159,10 +3160,13 @@ static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned return -EINVAL; } + asoc = sctp_id2assoc(sk, params.assoc_id); + if (val) { int min_len, max_len; - min_len = SCTP_DEFAULT_MINSEGMENT - sp->pf->af->net_header_len; + min_len = SCTP_DEFAULT_MINSEGMENT - af->net_header_len; + min_len -= af->ip_options_len(asoc->base.sk); min_len -= sizeof(struct sctphdr) + sizeof(struct sctp_data_chunk); @@ -3172,10 +3176,10 @@ static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned return -EINVAL; } - asoc = sctp_id2assoc(sk, params.assoc_id); if (asoc) { if (val == 0) { - val = asoc->pathmtu - sp->pf->af->net_header_len; + val = asoc->pathmtu - af->net_header_len; + val -= af->ip_options_len(asoc->base.sk); val -= sizeof(struct sctphdr) + sctp_datachk_len(&asoc->stream); } @@ -5087,9 +5091,11 @@ int sctp_do_peeloff(struct sock *sk, sctp_assoc_t id, struct socket **sockp) sctp_copy_sock(sock->sk, sk, asoc); /* Make peeled-off sockets more like 1-1 accepted sockets. - * Set the daddr and initialize id to something more random + * Set the daddr and initialize id to something more random and also + * copy over any ip options. */ sp->pf->to_sk_daddr(&asoc->peer.primary_addr, sk); + sp->pf->copy_ip_options(sk, sock->sk); /* Populate the fields of the newsk from the oldsk and migrate the * asoc to the newsk.