From patchwork Tue Feb 20 19:15:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn via Selinux X-Patchwork-Id: 10230853 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0BB1C602A7 for ; Tue, 20 Feb 2018 21:11:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EFCE128988 for ; Tue, 20 Feb 2018 21:11:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E415F28973; Tue, 20 Feb 2018 21:11:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from USFB19PA12.eemsg.mail.mil (uphb19pa09.eemsg.mail.mil [214.24.26.83]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 822242896E for ; Tue, 20 Feb 2018 21:11:09 +0000 (UTC) Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by USFB19PA12.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 20 Feb 2018 21:11:07 +0000 X-IronPort-AV: E=Sophos;i="5.46,541,1511827200"; d="scan'208";a="9582928" IronPort-PHdr: =?us-ascii?q?9a23=3AD1WMeBZ213+//+HE9ISBYBT/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZosuyYB7h7PlgxGXEQZ/co6odzbaO6Oa4ASQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7?= =?us-ascii?q?Ovr6GpLIj8Swyuu+54Dfbx9HiTahb75+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYe?= =?us-ascii?q?RWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZ?= =?us-ascii?q?TAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+t4b1rSBv1gy?= =?us-ascii?q?kZMTA3/nzchshpgK5GvB6tohpyyJPWbo6ILvpzZr3Tc90ZS2RGQ8hRTy5MDp6y?= =?us-ascii?q?YoUPFeoOI/1YopLhq1cStxayGROhCP/zxjJOm3T43bc60+MkEQzewAIgHs4BsH?= =?us-ascii?q?TOo9XvKagZTOK7w7PJzTXFcfxWwir26JbJch87vPqCQKx/cc7QyUkpCgPEgUib?= =?us-ascii?q?pIv+PzyL0uQNsm6b7/dvVO+0l24mqx1+ojioxss2jInJnZgaxkrL9SV+3oY4PN?= =?us-ascii?q?u1Q1N1b96jFZtfrSCaN41uT8w+WW5ooDw1xaYCuZGlZiQKzoooxwLHZ/yIcoiI?= =?us-ascii?q?/hLjVPuKLjtimH1lf7e/ihCv+kaj0u3xTtS43VlFoyZfktTAq2oB2wLc58SZUP?= =?us-ascii?q?dx41+t1DWO2gzJ9+1JL085mbDFJ5I93rI8jJkevEXFEyTrgkv5lrWWeV8h+uWw?= =?us-ascii?q?7uTnZajpqYGEOo9vjwH+LrwumsuiAeQkKgQOX3aU+eC71LD74U32Wq9Kjvwrkq?= =?us-ascii?q?nCqpzaOcQaqbK5Aw9SyIoj7QqwDyy639gCmHkHLVZFdAqGj4jvJV7OPOj1Aeqw?= =?us-ascii?q?jlmjijtmx+3KMqf/DpjCMHTPiqrtca5460FGyQozyd5f54hTCrEEOP/zQVH+tN?= =?us-ascii?q?jZDh8/Lgy1zP/rB8561oMDX2KAHrGWMLjJvF+U5uMgP+mMZIgPtDb7MPgq/eTi?= =?us-ascii?q?jXA+mV8DZaWpx4cYaGikHvR6JEWUeXjsgtAHEWgQogo+TPbliFuZXD5RYHayWa?= =?us-ascii?q?c86SsgCIK6E4jDXJutjKaG3CehEZ1cfnpGBUyUEXf0a4WEXO8BaCCQIsB7jjME?= =?us-ascii?q?VqOhS4gn1RGvqg/30LRnLu7J+iwXrp3jyd515/HOlR0o8jx0Fcud2XmXT25ohm?= =?us-ascii?q?MIWyM23KdnrExl1FiMyrZ3g/pZFdxP4PNESQY6OoDCwONkEdzyXRjBftiRQla8?= =?us-ascii?q?XtqmGS0xTs42w9IWfkl9HNOijhbe0CW0B78VlqeGC4Yq/aLG2Hj9PcF9y2zJ1K?= =?us-ascii?q?M5lVkpXtNPNXG6hq547wXcGpLJnF+Dl6uxaasc2yvN+3uZwmqVoEFUSghwXrvZ?= =?us-ascii?q?XXoHfEvZscz55l/eT7+pEbknMw1BydKcJatOdNLpiEtJROv5ONXeeG+xnH+wCg?= =?us-ascii?q?iOxrOJdoXqemEd0z7aCEkLiQwT+myGNQcmDCe7v23eFCBuFU7oY0708eh/qXS7?= =?us-ascii?q?TkkvwgGPa01tzru1+hgPifyaUfwTxLEEuCY/qzpqBlq92czZC8aYrQp7YKpcec?= =?us-ascii?q?894EtA1W/BuQ19P5igL6V8iV4EaAl3sV3h2AhwCoVai8cqtGkqzA1wKa2GzFxB?= =?us-ascii?q?aymU3ZfqOr3YMmPy5gyga7bK2lHC19ab4qkP6O4ipFXloA6pF1Ei/m5i09lN0n?= =?us-ascii?q?uQ/47KDQQJUZ7rVUY37Rd6ranAYiYh/4PUyWFsMa6svz/Bwd0pB+wlygu7ctdc?= =?us-ascii?q?KqyEFwjyE9AAC8ipMuwqlECjbggYM+BK6K40I8SmeuOc16G2JuZgnSypjX5c7Y?= =?us-ascii?q?9nzk2M8jBwSunS35YK2/uYxBeIVy/gjFe9tcD6gZxLaisWHmWh0ijkGI5QZqpp?= =?us-ascii?q?cIYQFWiuItO4xtNih57sQXFU7lijCE0a2MWxYxqdc0T93RFM1UQQuXGngza3wC?= =?us-ascii?q?FvnjEmq6qe0zbCw+L8exobImRLXnVtjU/wIYioiNAXRFOobwYzlBui/kb627NW?= =?us-ascii?q?pL95L2nUT0ZIejL5L2d4Xqu2qLWCf9ZF6Ik0viVPTOS8fVeaR6bzohQA1yPjA3?= =?us-ascii?q?VRxCogdzyxpJX2gQZ6h3mALHZ2tnbZfttwxRjH7tzGWfFRxiYGRDV/iTTPGFi8?= =?us-ascii?q?PsWm/cmTl5fZqOyxS2KhVppVcSnk1o6AsCq75WtwDh2lmPC/gNrnERI10SXjzd?= =?us-ascii?q?llST3IrArgYonsz6m6NeNnflJ0BFPl8Mp1BIV+koo2hJEN1nkXnY6V/WIGkWf1?= =?us-ascii?q?MNVUxbn+YGALRTEV397f+BLl11F7LnKV24L5UW2QwtFmZ9m+ZmMZxDg94NxNCK?= =?us-ascii?q?aa97FEhjZ1rUajrQ7LZvh9hDgdw+M06HEGm+EJpBYtziKFD7ARA0ZYOzfsmg+L?= =?us-ascii?q?79+gqqVXf2Cvfqas1EZkmtChFr6CqBlGWHnlYpciATNw7sJnPVLUynLz94Xkd8?= =?us-ascii?q?fIbd0JsB2UjwnPj/JOJZIsjfoFmzBnOXnnsX0+zO47kAZu0o2ks4iJLGVt5q25?= =?us-ascii?q?DQBCOj3zecwT5innjbxCkcaOw4CvApJhFy0VXJvuUP2lCywStfL6OAaOCjE8rG?= =?us-ascii?q?mUGabHFw+F9Ehmt27PE4ysN3yPPHkW18hiRB2GKUNDgQAUQDU7koc3Fg+wwszt?= =?us-ascii?q?akB55ioe5lTgsBtD1vpoNwXjUmfYvAqoaTc1SJyBIxdN6wFC4EnVMcKA4eJvAy?= =?us-ascii?q?FY/pqhrAmTJWCBYQRHE30JUFSeB1//Jrmu+cXA8++AC+qwNfTOZ6mOqetbV/qT?= =?us-ascii?q?y5KgzJZp/zGWNsqVJnliFfo72khdUn9lB8TVgTIPSzYYlyjVdc6UuA+8+jFrrs?= =?us-ascii?q?C46PnkRR7g5Y6IC7tULdVj5gu7gbmdOO6KhSZ4KDFY1pUWyX/O1rcfwEYYizty?= =?us-ascii?q?eDm1DbQAqSnNQbremq9NEREUdjhzO9FO76Ig2QlNItXWhcnp2b59lPI1DE1FVV?= =?us-ascii?q?P5kMGzecMKO329NE/ABEuTMrSGPyfEw9nvYa6nR71Qjf9UtwasuTaVEk/jOC6M?= =?us-ascii?q?lz/1WBCuK+5MiDuXPBtEuIGyahxtE3TsTMr6ah2nN996lSY5zqYzinPONG4cKi?= =?us-ascii?q?R8c1hXor2L8yxXnu9zG3df4XphLOmEnTuZ7ubDJ5kKsfprGDl0l/lA7HU00bRV?= =?us-ascii?q?8DpERPtzmCfIqd5uuV6mmPGVyjV7SBpOtipLhIWTsEVkOKXZ8p1AVmjf/B8W92?= =?us-ascii?q?qfFQ4Kp9x/Bt3ooaBQxcDFlLjvJzda79LU4cwcCtDPJ8KGP3ohNhzpFSXJAwQb?= =?us-ascii?q?VjGrNHvQh0pHnPGV7H2VoYAwqoLwl5oWVr9bSFs1G+sABURqBtMCPol4Uygjkb?= =?us-ascii?q?6DksEI43++owPQRMVepZ/HUf2TDe/oKDaDgrlOfwEIzq/gLYQPKo373FRvakV9?= =?us-ascii?q?nITPAUbQR9dNoyx/YQ8yu0pN6n9+QXMw20/+dgyt53oTGuKukR4tlgtye+It+y?= =?us-ascii?q?nw410vPFrFuDMwkFUtmdXimT2Rcj7xLaeoXYFRDyr0tlQxPY3gTgZwbA2ygVZk?= =?us-ascii?q?OyneS7JWlbtgenhhiBXAtptXBf5cUapEbQcWxf6Jffoo1U9RqiagxU9c+evKE5?= =?us-ascii?q?1ilBApcZ6ttX5A3RxsbMItL6zKOKVJ1kRQhr6JviKwzOA+3hQeKFgX/2OIZCEI?= =?us-ascii?q?uFcFOaInJyqy4+Ns7gKCmyNZeGcSV/smuPRq+V0hO+6Y1SLvz6ZDKlytN+yYN6?= =?us-ascii?q?6WpnLPldCJQlwtzUMFjFNK/aJs0cckfUuUTF4gw6eMFxQTNMrCNQFUY9BU9HfN?= =?us-ascii?q?YSaEqf/Nzo5tP4WhCuDoSveDtKITgkK+AgkpGYUN7sMaE5mj1kHYMN3rLLkfyR?= =?us-ascii?q?Ui/A7rPkmKDOxVeBKXlzcKu9q/w4Fz3YlcIDEdHGp8PD6r6bbQow8lnOCMXMwq?= =?us-ascii?q?YnsAWIsLKG42UtWgmyFFp3RAECW30uUBxQie7j/8oyPQDCX8b9tjf/qbeBJsCd?= =?us-ascii?q?Gs9jok6aS2j0DY8onGLWHgKdtiosPP6f8dp5ufEfxUSbh9vFvClIZAQnyrU2jP?= =?us-ascii?q?EdmzJ5fqcIQjdt30BWy8UlCmhTI1Ut39PNCzIaiUmQvoX5pbsJGH3DA/Ms+wDi?= =?us-ascii?q?oRFAl2p+wY/q1zeBMDbIQhYR7zrQs+Lay+LB2f0tW0TGanMSFWQOVHzeWme7xX?= =?us-ascii?q?yDIhbvW8yHshUp46z+638UoWRJ8Slx/Q2OytapVZXyXoBnNdfADPqjYjmGh6Ku?= =?us-ascii?q?Y+2OE/zw3UsVMEKTCEaPRpaHBYv9E7HV6dPXd2BXAkSFKHkYXD5Qqs37QT/yRD?= =?us-ascii?q?hdZUzfNKv2T+vpPFZzKsQqOro43PsyU8ddgmv7FxMYv7L8ucrpzehDvfQ4LLvw?= =?us-ascii?q?2ZSi61DeRalcZUICJZRvlIlmUlOc0JuYpB9UoxWN0xJ6ZKCKU2oLCldyZkBzYI?= =?us-ascii?q?zSAFT4OAwCACguCk1rrUjBufbJQiMB0BsJVDmNQdUDV7YiIAq6C9SYrajWiESn?= =?us-ascii?q?IEIA0L9wRD+BoAlpNsfuDi+IfISYVDyyRVo/1qTivLF59o91TgR2CYm1f4Tumu?= =?us-ascii?q?k+iu3QJP0f3sycMXWBhhBkhB3+xWjFcnKKlrK6kMuY7HqieIdUT+vG330uunKl?= =?us-ascii?q?5Rycnad1DjCYrFsm38UjYC9nIIX49Pz2rfFY8Tkwp/Z6YnvlJMIJqpekzm/Twr?= =?us-ascii?q?25xpH6WkVcCs31sqt2wGRzqsE9ZbCOFrq1PXWDxkY5C3s5rpIZNSTXFM+JeFsV?= =?us-ascii?q?dWjF1tMzKlyZpbM8xN/jkMXD1UrDWBoNeyTdZM1dVwD5ASPtd1o239F79cOJiN?= =?us-ascii?q?v302vaTiyn/D9DAmqli6wCi8FrSlQO1H520eAhsmJ2CApUk1Fecs9X3S8l/VuF?= =?us-ascii?q?Bu4+hbHqSPjVl2oDtlHJBOAShG2Gu4IFttV3lJrf9aKLjLfMNBWfUyYwGgOwAm?= =?us-ascii?q?H/48w0OJ5V10nWv+YyFqqgtV5j3SXwguWikRmbrihToeqsS7NjAAUJJIcS8tby?= =?us-ascii?q?HbJAKHgSpXpgpQa1l2W5AFBdZI46oU3YVI8cbeS0ugNC8IUQd+OQI/1PpQiVRM?= =?us-ascii?q?sF6EeSzHCwqna+rPuAVtfciNtM6pMOj5/ABfh4P9ru836qUDSGe6mQC2RdDeqJ?= =?us-ascii?q?H8ucOUukSSc6f3LvOzbWXHTDfSkRC6na0kAIXS/yjPLApbLIF3yWI/YZj9E2HE?= =?us-ascii?q?IAhGKrkAJ0pcSKB6c8lJrf5cZ894YqYG46ttCgiARhP1F4yltONGIUrLRTTCMy?= =?us-ascii?q?WB9fSyoZ7J7bPDV+fve9eBx2vDQ6JrJJd18yf7G7bt0Y9a5EX2xu1h9kRgSVjJ?= =?us-ascii?q?KyqBtsjuJhsX5Mm+cUvvppgpEinSAJd0jnXt2l1AeNANTCCx9pQX1o9Z6G3sRu?= =?us-ascii?q?1iykj8rvde97965okr+7pp09u7Jb/OKfRGtk9qGhqUCR9w9pUqG2h/Q3peYvEK?= =?us-ascii?q?JffUYKQZidzuq+HrGKwW8hKV/fdZZcHAJ0Hblcm1EiucRgBcnAcdtT4aKROR1/?= =?us-ascii?q?yflK9yR8alv+/51V8z7FWlMh4J1rZt5ZyD+qaSou/YcQfRx6AeWqf2XsPzsqgs?= =?us-ascii?q?u0SK6P0rib4Oe2h1Ywm5H+gYTcMS23nvwrsrzS02FcPPBbXg+ORMV3ghhDLvh4?= =?us-ascii?q?h9H0kKGvMTBbeL/4VenmIjluzcKNIXcr5NmnyOFR6iHb8O03ir5DWLIGN9mBHB?= =?us-ascii?q?zwnwQX+v7F/xtSJ4Ry/MwszikkpTU7m7H0ZSXyynOU9iqjyPJxbotMDquasp8E?= =?us-ascii?q?E2L3bku8yXmGumIrNXENX1JMaALiksuFIXkJoxS8Sq2YAcH9q9PNgR/29lY/vb?= =?us-ascii?q?6mOkiSlBrLlbh4vQ5cGV4PbXHWK6g62ctbqN2ChSymIkslEn9tCgKvbO6sWOQ/?= =?us-ascii?q?Sz0mYcTzxyuwXfUBGorbzbtUobOVSR0EfMmowFIM1W3WUi2kHh/ugjT8o59B9C?= =?us-ascii?q?GYbYe/MCuTfzNSP1wVeeed04TDWR3iBMHl3rDVl3BrQz1Hj3vMLTmnfa40coSZ?= =?us-ascii?q?Vod0z7mRx3CJ01Jlks6FgMzCsMCwoNaRGHDLGwH0vlMI8EWFMfZhSAwbe1ZL04?= =?us-ascii?q?3VBpwrOo/u/cd/ZwB60XNvZSlgSOhkRUGooKsa0CR7JxY0dd+7TLpgf+C4jmUf?= =?us-ascii?q?/mlWAzNfGsWcBV78QZt3ok4gaiSBut8o9D4KwHiJ+Udq5Fb5/MvNp/70t95j4A?= =?us-ascii?q?aDZNgB5hgBO9S+wco/rj4tfDupqy9umuTLotR/kQ9xUsCGRxlYHwj04/odHXzO?= =?us-ascii?q?pcTozViZjh/wBNOXGKpZ3a3wN6KeUQN4KhZKxg+GkfJygCO3IOOsKba/Yi7C9r?= =?us-ascii?q?LDXT4FtCDsQXZdwGOMrNmAZUilDmWbxI8srUBEWYCodpeMwy6Wr41iw1+4MmUu?= =?us-ascii?q?n88D+2OYzf71ZVMvNFjSVjiNXCpOwPzvrJEiQX4H6Zax9uwiOZ0JSNDvn9/OqW?= =?us-ascii?q?xNHTTVMGETY8U51BKzqa5QynWu21mY3mUgyI8c/zm4syel+fSHK3naQFtLtMEO?= =?us-ascii?q?FbhyX02zhRDIb1iOyPv9qr8mtXuUVNEJxv4h3dBKVfIpJ7NAz6lsmsRkh8ADHz?= =?us-ascii?q?d93UdhoqpeqZ2+YN4+R4N0vlZo8bIwkJy6z76XpLVARuTKP5vleDUeIXetRmVO?= =?us-ascii?q?vOrmpJ5oJ4N68PIF+dqYTrrjdWsl82BhQkaLstrjNHd0nOmxZVV7zzuL4ahQsW?= =?us-ascii?q?ScR5tlNUGWKsJGI+4CLKVaZLg6mfBvwV9i6eT6IUXEVuLCx+Xwm52JNwdLu1hf?= =?us-ascii?q?pHqH9JnjthoPg21DxrXBS8uSnrp6MDxz0g/LW4uS4auXxCSOWekjvHBU9FzPsU?= =?us-ascii?q?kacWE2zi5kCkYHkfcIvy56FqJdjh9Ykk+Hk/fRQjcDEFXeu+DyH8laWIDZKTsN?= =?us-ascii?q?hEnh6CpN3ObaOvLSgVLrk9zBPjR3t+0gjZhxto8nEEQjan7N8iOoq9P9wpxiy2?= =?us-ascii?q?FmjHbFwM+L9GsNPttV4XS+s7cUhuz3tl0sibXSANX8jPG2Epjgg4d2VLbo9M5Q?= =?us-ascii?q?UdF6kyjTaCprNG8R0MYDfIDoSl/ZHdncnW1nk5TNdq3nzZq7aEh5Mr1X1lns17?= =?us-ascii?q?7jSKuHsMbeDYVNVsAnfr3IdF1eP+f+mtsvwASIZ+xrWhSOUCMsi/9mSow5hqX0?= =?us-ascii?q?6lxqgEH1WnKuMDwa3bUyi9Q22CReuLa3SMnyo+MkPq4hmoKkM4ZdxSr085KOTC?= =?us-ascii?q?nYJclwz9XrNoXCWfu0HUwHYlMewEawI8oJ2ndBASTO4Ne+icIvAjwPk/CFsKcn?= =?us-ascii?q?/IEjJ6C+u3sV62gIh7IG5t4UTgbuTr9QDqKtySGgMLEYTCtJ5+5eS6Rn6dOX9n?= =?us-ascii?q?1BByOVN7+PvfF1QwsO9cdI2cncbRh9R9z+EFc/ZtMSsgut8cgI5j7pOU0MiSex?= =?us-ascii?q?HL0pnyPc3VouSfA/DHzUQlYGJaUr0Cbg7u+oU6OMI5W73UHbtEshQcBbQ6TIYn?= =?us-ascii?q?N2jv6KF+NBlzfRLJZLSonsnqofqGZoBap3/T8l09LSTRtgYdyvOqVwx7bpGrh3?= =?us-ascii?q?L0IJwqQDJOscFtWVNaG95UFscBqRe3K4KFk6G8zdmq8gV1vPFO+az9FvzHyvyn?= =?us-ascii?q?0IhrGZtX/0qGOHDWHqYvykBkiPmix+zLzoHZF8zvY5UHWfJ9T2qDbaXJWs27Kz?= =?us-ascii?q?STKofndkVb6b+Awfd8VRmMYC3RQaWLrmunOe9i7EF9zZZ3L9De1Dg807aO4tr5?= =?us-ascii?q?Z2hBqm+DpH+POYAXuEbLDuzXRR5jQs2F+WdjELY/Z5f18vsDK9ov3J6X5Awlvx?= =?us-ascii?q?pY187QGamqrkbW1gpbfJPdIVChxScwEbIHJBW5LFtk1XTUrnXbHGR0MtmvKc4r?= =?us-ascii?q?hs2cSBPq+R8iyikWemddFz+wFp+qMm8B1pf7PVWH?= X-IPAS-Result: =?us-ascii?q?A2BrAwDRjYxa/wHyM5BcGwEBAQEDAQEBCQEBAYMiLWZwKI8?= =?us-ascii?q?BjRODGZZdC4FpMAeIClgUAQIBAQEBAQECAWoogjgkgk8CJFIDAwkCNxEIAwFaE?= =?us-ascii?q?gWHfU2BPAEBARUDAQyuEzqEE2GECYJABYUOgigQgy+GGi0XAoEsLlaFPQWKZge?= =?us-ascii?q?JW49tCYgkjVmCLZInixaCcItVNiKBUSsIAhgIIQ86gTAaeYJUHIIGeI0dAQEB?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 20 Feb 2018 21:11:06 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w1KLAb4F021919; Tue, 20 Feb 2018 16:10:42 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w1KJIceb187440 for ; Tue, 20 Feb 2018 14:18:38 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w1KJIflr013578; Tue, 20 Feb 2018 14:18:41 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1C/AQDfc4xaly0bGNZcHgEGDIMiKmlwK?= =?us-ascii?q?I8BjRODGZZdggIphRyCblgUAQIBAQEBAQECEwEBAQEBBhgGhigZATgBFTJ3Eoh?= =?us-ascii?q?PgTsBAxUDAQyvBjqDDAWBAoRjB4ITAQEIHAQDBYUOgTZygz+GGi0XAoEsLlaFP?= =?us-ascii?q?QWKZgeJW49tCYgkjVmCLZInixaCcItVNoFzMxojT4JDgkUPEAyCBniNHQEBAQ?= X-IPAS-Result: =?us-ascii?q?A1C/AQDfc4xaly0bGNZcHgEGDIMiKmlwKI8BjRODGZZdggI?= =?us-ascii?q?phRyCblgUAQIBAQEBAQECEwEBAQEBBhgGhigZATgBFTJ3EohPgTsBAxUDAQyvB?= =?us-ascii?q?jqDDAWBAoRjB4ITAQEIHAQDBYUOgTZygz+GGi0XAoEsLlaFPQWKZgeJW49tCYg?= =?us-ascii?q?kjVmCLZInixaCcItVNoFzMxojT4JDgkUPEAyCBniNHQEBAQ?= X-IronPort-AV: E=Sophos;i="5.46,540,1511845200"; d="scan'208";a="205138" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 20 Feb 2018 14:18:40 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3Ak15sGB8ZwA4Kyv9uRHKM819IXTAuvvDOBiVQ1KB2?= =?us-ascii?q?1OMcTK2v8tzYMVDF4r011RmVBd6ds6oMotGVmpioYXYH75eFvSJKW713fDhBt/?= =?us-ascii?q?8rmRc9CtWOE0zxIa2iRSU7GMNfSA0tpCnjYgBaF8nkelLdvGC54yIMFRXjLwp1?= =?us-ascii?q?Ifn+FpLPg8it2O2+55Pebx9UiDahfLh/MAi4oQLNu8cMnIBsMLwxyhzHontJf+?= =?us-ascii?q?RZ22ZlLk+Nkhj/+8m94odt/zxftPw9+cFAV776f7kjQrxDEDsmKWE169b1uhTF?= =?us-ascii?q?UACC+2ETUmQSkhpPHgjF8BT3VYr/vyfmquZw3jSRMMvrRr42RDui9b9mRgLohi?= =?us-ascii?q?kZOTA382bZh9dsgK5Huh+tuwZyz5LIbIyTKfFwfrndfdQfRWdZQshRVjBOAoOm?= =?us-ascii?q?YIsVEuUKIORWoJP8p1sIsxS+HhSnCeT1yj9JmnD23bc10/48Hg7ewAMvB9IOv2?= =?us-ascii?q?7VrNXzKqgSSvu4w7LUzTXCafNWxSny6JLOch8/vfGAR65/cc3UyUQ2EQ7Ok1ue?= =?us-ascii?q?qYvgPzyP1+QNtXCW4PZ6WuK3kWEosAVxrSa1yscqlIbJmpoZyl/F9SVlwIY1OM?= =?us-ascii?q?a3RFRnbt6jFZtdsTyROYhuQs46XW1kpSk3xqcYtZO0ZiQG1pYqywTQZvGHa4SF?= =?us-ascii?q?4RPuWPyMLTp2i39pYqyziwqu/US6yeDxV8+520tQoCVfiNnDrHUN2gTT6seZTv?= =?us-ascii?q?t9+V+s1jiV2Q7d9OxJL145m7DHJpI9w7M8jIQcvlrGHi/tl0X6lqqWeV8l+uis?= =?us-ascii?q?8ejnZ7TmppuEO491jAHxLLgul9ShDeglPQUCRXaX9Oum2LH9/0D1WrpHg/0unq?= =?us-ascii?q?ncqp/aJMAbpqCjAw9S14Yu8wy/Dza639QYh3YHNk9KdwqbgIfxO1HBOvH4DfGh?= =?us-ascii?q?jFS3izpk3OzGPrznApXRMHfDirHhcqhh60JG1AUzytVf64pOCr4dOPLzRlPxtN?= =?us-ascii?q?vAAx8iLgO02P3qCMl914wCWWKPBbWVMKXJsVCS/O4vLO6MZJENsjbnN/cl/+Lu?= =?us-ascii?q?jWM+mVIFZqmmw58XaHG+HvR7LESUembsg9cdHmcKuQoyVurqiEaYXjJJaHayWL?= =?us-ascii?q?w8tXkHD9e9AIPCQJ29qKCQ1ye8WJtNbyZJDU7IWXHla4mJRd8SZy+IZMxsiDoJ?= =?us-ascii?q?Uf6mUYBlnRWvshLqjqFsMvL85CIVr9Tg2cJz6umVkgs9sXRwDsKAwySWQmpphG?= =?us-ascii?q?IUVnoz26xipUFV1FiOy+57juZeGNgV4OlGASkgMpuJ9e1xC9noVkrhd9aPRU3u?= =?us-ascii?q?Fs+nCjE4VN4GyOgOakd7Fs6KhAzC2TanGbkYi/qAA5liofGU5GT4O8sokyWO76?= =?us-ascii?q?ImlVRzGsY=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DAAQDfc4xaly0bGNZcHgEGDIMiKmlwK?= =?us-ascii?q?I8BjRODGZZdggIphRyCblgUAQIBAQEBAQECARIBAQEBAQYYBleCOCKCdxkBOAE?= =?us-ascii?q?VMncSiE+BOwEDFQMBDK8GOoMMBYEChGMHghMBAQgcBAMFhQ6BNnKDP4YaLRcCg?= =?us-ascii?q?SwuVoIbDIMWBYpmB4lbj20JiCSNWYItkieLFoJwi1U2gXMzGiNPgkOCRQ8QDII?= =?us-ascii?q?GeI0dAQEB?= X-IPAS-Result: =?us-ascii?q?A0DAAQDfc4xaly0bGNZcHgEGDIMiKmlwKI8BjRODGZZdggI?= =?us-ascii?q?phRyCblgUAQIBAQEBAQECARIBAQEBAQYYBleCOCKCdxkBOAEVMncSiE+BOwEDF?= =?us-ascii?q?QMBDK8GOoMMBYEChGMHghMBAQgcBAMFhQ6BNnKDP4YaLRcCgSwuVoIbDIMWBYp?= =?us-ascii?q?mB4lbj20JiCSNWYItkieLFoJwi1U2gXMzGiNPgkOCRQ8QDIIGeI0dAQEB?= X-IronPort-AV: E=Sophos;i="5.46,540,1511827200"; d="scan'208";a="9574555" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa06.eemsg.mail.mil ([214.24.27.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 20 Feb 2018 19:18:39 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;d874d647-da0a-4ead-a708-7fbbba2f9450 Received: from localhost.localdomain (localhost [127.0.0.1]) by UPDCF3IC15.oob.disa.mil (Postfix) with SMTP id 3zm9MJ5122z3GDwF; Tue, 20 Feb 2018 19:16:12 +0000 (UTC) Received: from UPBD19PA13.eemsg.mil (unknown [192.168.18.15]) by UPDCF3IC15.oob.disa.mil (Postfix) with ESMTP id 3zm9MJ3HtQz3GDwC; Tue, 20 Feb 2018 19:16:12 +0000 (UTC) X-EEMSG-check-008: 131999324|UPBD19PA13_EEMSG_MP13.csd.disa.mil X-EEMSG-check-001: false X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 65.20.0.211 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AdAQByc4xah9MAFEFcHQEBBQELAYMigRNwKI8BkCyWXYICDxqFHINGFAECAQEBAQEBAhMBAQEKCwkIKC+FURkBOAEVMncSiE+BOwEDFQQMrwQ6gwwFgQKEYweCEwElBAMFhQ6BNoQxhhotFwKBLC5WghsMgxYFimYHiVuPbQmIJI1Zgi2SJ4sWgnCLVTaBczMaI0+CQ4IEQQ8QDIIGeI0dAQEB X-IPAS-Result: A0AdAQByc4xah9MAFEFcHQEBBQELAYMigRNwKI8BkCyWXYICDxqFHINGFAECAQEBAQEBAhMBAQEKCwkIKC+FURkBOAEVMncSiE+BOwEDFQQMrwQ6gwwFgQKEYweCEwElBAMFhQ6BNoQxhhotFwKBLC5WghsMgxYFimYHiVuPbQmIJI1Zgi2SJ4sWgnCLVTaBczMaI0+CQ4IEQQ8QDIIGeI0dAQEB Received: from rgout0305.bt.lon5.cpcloud.co.uk (HELO rgout03.bt.lon5.cpcloud.co.uk) ([65.20.0.211]) by upbd19pa13.eemsg.mail.mil with ESMTP; 20 Feb 2018 19:16:11 +0000 X-OWM-Source-IP: 86.134.200.86 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-Junkmail-Premium-Raw: score=8/50, refid=2.7.2:2018.2.12.93316:17:8.707, ip=, rules=NO_URI_FOUND, NO_CTA_URI_FOUND, NO_MESSAGE_ID, NO_URI_HTTPS, TO_MALFORMED Received: from localhost.localdomain (86.134.200.86) by rgout03.bt.lon5.cpcloud.co.uk (9.0.019.21-1) (authenticated as richard_c_haines@btinternet.com) id 5A5E1A2E0C08DD05; Tue, 20 Feb 2018 19:16:09 +0000 X-EEMSG-check-009: 444-444 To: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-sctp@vger.kernel.org, linux-security-module@vger.kernel.org Date: Tue, 20 Feb 2018 19:15:27 +0000 Message-Id: <20180220191527.14307-1-richard_c_haines@btinternet.com> X-Mailer: git-send-email 2.14.3 X-Mailman-Approved-At: Tue, 20 Feb 2018 16:10:33 -0500 Subject: [PATCH V7 2/4] sctp: Add ip option support X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: From: Richard Haines via Selinux Reply-To: Richard Haines Cc: marcelo.leitner@gmail.com, nhorman@tuxdriver.com, vyasevich@gmail.com, sds@tycho.nsa.gov Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Add ip option support to allow LSM security modules to utilise CIPSO/IPv4 and CALIPSO/IPv6 services. Signed-off-by: Richard Haines Acked-by: Neil Horman Acked-by: Marcelo Ricardo Leitner --- All SCTP lksctp-tools/src/func_tests run correctly in enforcing mode. All "./sctp-tests run" obtained from: https://github.com/sctp/sctp-tests pass. V7 Changes: 1) Log when copy ip options fail for IPv4 and IPv6 2) Correct sctp_setsockopt_maxseg() function. Note that the lksctp-tools func_tests do not test with struct sctp_assoc_value. Just used simple test and okay. 3) Move calculation of overheads to sctp_packet_config(). NOTE: Initially in sctp_packet_reset() I set packet->size and packet->overhead to zero (as it is a reset). This was okay for all the lksctp-tools function tests, however when running "sctp-tests" ndatshched tests it causes these to fail with an st_s.log entry of: sid: 3, expected: 3 sid: 3, expected: 3 unexpected sid packet !!! sid: 1, expected: 3 I then found sctp_packet_transmit() relies on setting "packet->size = packet->overhead;" to reset size to the current overhead after sending packets, hence the comment in sctp_packet_reset() include/net/sctp/sctp.h | 4 +++- include/net/sctp/structs.h | 2 ++ net/sctp/chunk.c | 10 +++++++--- net/sctp/ipv6.c | 45 ++++++++++++++++++++++++++++++++++++++------- net/sctp/output.c | 34 +++++++++++++++++++++------------- net/sctp/protocol.c | 38 ++++++++++++++++++++++++++++++++++++++ net/sctp/socket.c | 11 ++++++++--- 7 files changed, 117 insertions(+), 27 deletions(-) diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h index f7ae6b0..25c5c87 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h @@ -441,9 +441,11 @@ static inline int sctp_list_single_entry(struct list_head *head) static inline int sctp_frag_point(const struct sctp_association *asoc, int pmtu) { struct sctp_sock *sp = sctp_sk(asoc->base.sk); + struct sctp_af *af = sp->pf->af; int frag = pmtu; - frag -= sp->pf->af->net_header_len; + frag -= af->ip_options_len(asoc->base.sk); + frag -= af->net_header_len; frag -= sizeof(struct sctphdr) + sctp_datachk_len(&asoc->stream); if (asoc->user_frag) diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index 03e92dd..ead5fce 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h @@ -491,6 +491,7 @@ struct sctp_af { void (*ecn_capable)(struct sock *sk); __u16 net_header_len; int sockaddr_len; + int (*ip_options_len)(struct sock *sk); sa_family_t sa_family; struct list_head list; }; @@ -515,6 +516,7 @@ struct sctp_pf { int (*addr_to_user)(struct sctp_sock *sk, union sctp_addr *addr); void (*to_sk_saddr)(union sctp_addr *, struct sock *sk); void (*to_sk_daddr)(union sctp_addr *, struct sock *sk); + void (*copy_ip_options)(struct sock *sk, struct sock *newsk); struct sctp_af *af; }; diff --git a/net/sctp/chunk.c b/net/sctp/chunk.c index 991a530..d726d21 100644 --- a/net/sctp/chunk.c +++ b/net/sctp/chunk.c @@ -171,6 +171,8 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc, struct list_head *pos, *temp; struct sctp_chunk *chunk; struct sctp_datamsg *msg; + struct sctp_sock *sp; + struct sctp_af *af; int err; msg = sctp_datamsg_new(GFP_KERNEL); @@ -189,9 +191,11 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc, /* This is the biggest possible DATA chunk that can fit into * the packet */ - max_data = asoc->pathmtu - - sctp_sk(asoc->base.sk)->pf->af->net_header_len - - sizeof(struct sctphdr) - sctp_datachk_len(&asoc->stream); + sp = sctp_sk(asoc->base.sk); + af = sp->pf->af; + max_data = asoc->pathmtu - af->net_header_len - + sizeof(struct sctphdr) - sctp_datachk_len(&asoc->stream) - + af->ip_options_len(asoc->base.sk); max_data = SCTP_TRUNC4(max_data); /* If the the peer requested that we authenticate DATA chunks diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index e35d4f7..30a05a8 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -427,6 +427,41 @@ static void sctp_v6_copy_addrlist(struct list_head *addrlist, rcu_read_unlock(); } +/* Copy over any ip options */ +static void sctp_v6_copy_ip_options(struct sock *sk, struct sock *newsk) +{ + struct ipv6_pinfo *newnp, *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + + newnp = inet6_sk(newsk); + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) { + opt = ipv6_dup_options(newsk, opt); + if (!opt) + pr_err("%s: Failed to copy ip options\n", __func__); + } + RCU_INIT_POINTER(newnp->opt, opt); + rcu_read_unlock(); +} + +/* Account for the IP options */ +static int sctp_v6_ip_options_len(struct sock *sk) +{ + struct ipv6_pinfo *np = inet6_sk(sk); + struct ipv6_txoptions *opt; + int len = 0; + + rcu_read_lock(); + opt = rcu_dereference(np->opt); + if (opt) + len = opt->opt_flen + opt->opt_nflen; + + rcu_read_unlock(); + return len; +} + /* Initialize a sockaddr_storage from in incoming skb. */ static void sctp_v6_from_skb(union sctp_addr *addr, struct sk_buff *skb, int is_saddr) @@ -666,7 +701,6 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk, struct sock *newsk; struct ipv6_pinfo *newnp, *np = inet6_sk(sk); struct sctp6_sock *newsctp6sk; - struct ipv6_txoptions *opt; newsk = sk_alloc(sock_net(sk), PF_INET6, GFP_KERNEL, sk->sk_prot, kern); if (!newsk) @@ -689,12 +723,7 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk, newnp->ipv6_ac_list = NULL; newnp->ipv6_fl_list = NULL; - rcu_read_lock(); - opt = rcu_dereference(np->opt); - if (opt) - opt = ipv6_dup_options(newsk, opt); - RCU_INIT_POINTER(newnp->opt, opt); - rcu_read_unlock(); + sctp_v6_copy_ip_options(sk, newsk); /* Initialize sk's sport, dport, rcv_saddr and daddr for getsockname() * and getpeername(). @@ -1041,6 +1070,7 @@ static struct sctp_af sctp_af_inet6 = { .ecn_capable = sctp_v6_ecn_capable, .net_header_len = sizeof(struct ipv6hdr), .sockaddr_len = sizeof(struct sockaddr_in6), + .ip_options_len = sctp_v6_ip_options_len, #ifdef CONFIG_COMPAT .compat_setsockopt = compat_ipv6_setsockopt, .compat_getsockopt = compat_ipv6_getsockopt, @@ -1059,6 +1089,7 @@ static struct sctp_pf sctp_pf_inet6 = { .addr_to_user = sctp_v6_addr_to_user, .to_sk_saddr = sctp_v6_to_sk_saddr, .to_sk_daddr = sctp_v6_to_sk_daddr, + .copy_ip_options = sctp_v6_copy_ip_options, .af = &sctp_af_inet6, }; diff --git a/net/sctp/output.c b/net/sctp/output.c index 01a26ee..a58d13c 100644 --- a/net/sctp/output.c +++ b/net/sctp/output.c @@ -69,7 +69,11 @@ static enum sctp_xmit sctp_packet_will_fit(struct sctp_packet *packet, static void sctp_packet_reset(struct sctp_packet *packet) { + /* sctp_packet_transmit() relies on this to reset size to the + * current overhead after sending packets. + */ packet->size = packet->overhead; + packet->has_cookie_echo = 0; packet->has_sack = 0; packet->has_data = 0; @@ -87,6 +91,7 @@ void sctp_packet_config(struct sctp_packet *packet, __u32 vtag, struct sctp_transport *tp = packet->transport; struct sctp_association *asoc = tp->asoc; struct sock *sk; + size_t overhead = sizeof(struct ipv6hdr) + sizeof(struct sctphdr); pr_debug("%s: packet:%p vtag:0x%x\n", __func__, packet, vtag); packet->vtag = vtag; @@ -95,10 +100,22 @@ void sctp_packet_config(struct sctp_packet *packet, __u32 vtag, if (!sctp_packet_empty(packet)) return; - /* set packet max_size with pathmtu */ + /* set packet max_size with pathmtu, then calculate overhead */ packet->max_size = tp->pathmtu; - if (!asoc) + if (asoc) { + struct sctp_sock *sp = sctp_sk(asoc->base.sk); + struct sctp_af *af = sp->pf->af; + + overhead = af->net_header_len + + af->ip_options_len(asoc->base.sk); + overhead += sizeof(struct sctphdr); + packet->overhead = overhead; + packet->size = overhead; + } else { + packet->overhead = overhead; + packet->size = overhead; return; + } /* update dst or transport pathmtu if in need */ sk = asoc->base.sk; @@ -140,23 +157,14 @@ void sctp_packet_init(struct sctp_packet *packet, struct sctp_transport *transport, __u16 sport, __u16 dport) { - struct sctp_association *asoc = transport->asoc; - size_t overhead; - pr_debug("%s: packet:%p transport:%p\n", __func__, packet, transport); packet->transport = transport; packet->source_port = sport; packet->destination_port = dport; INIT_LIST_HEAD(&packet->chunk_list); - if (asoc) { - struct sctp_sock *sp = sctp_sk(asoc->base.sk); - overhead = sp->pf->af->net_header_len; - } else { - overhead = sizeof(struct ipv6hdr); - } - overhead += sizeof(struct sctphdr); - packet->overhead = overhead; + /* The overhead will be calculated by sctp_packet_config() */ + packet->overhead = 0; sctp_packet_reset(packet); packet->vtag = 0; } diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index 91813e6..01c4d77 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -237,6 +237,40 @@ int sctp_copy_local_addr_list(struct net *net, struct sctp_bind_addr *bp, return error; } +/* Copy over any ip options */ +static void sctp_v4_copy_ip_options(struct sock *sk, struct sock *newsk) +{ + struct inet_sock *newinet, *inet = inet_sk(sk); + struct ip_options_rcu *inet_opt, *newopt = NULL; + + newinet = inet_sk(newsk); + + rcu_read_lock(); + inet_opt = rcu_dereference(inet->inet_opt); + if (inet_opt) { + newopt = sock_kmalloc(newsk, sizeof(*inet_opt) + + inet_opt->opt.optlen, GFP_ATOMIC); + if (newopt) + memcpy(newopt, inet_opt, sizeof(*inet_opt) + + inet_opt->opt.optlen); + else + pr_err("%s: Failed to copy ip options\n", __func__); + } + RCU_INIT_POINTER(newinet->inet_opt, newopt); + rcu_read_unlock(); +} + +/* Account for the IP options */ +static int sctp_v4_ip_options_len(struct sock *sk) +{ + struct inet_sock *inet = inet_sk(sk); + + if (inet->inet_opt) + return inet->inet_opt->opt.optlen; + else + return 0; +} + /* Initialize a sctp_addr from in incoming skb. */ static void sctp_v4_from_skb(union sctp_addr *addr, struct sk_buff *skb, int is_saddr) @@ -588,6 +622,8 @@ static struct sock *sctp_v4_create_accept_sk(struct sock *sk, sctp_copy_sock(newsk, sk, asoc); sock_reset_flag(newsk, SOCK_ZAPPED); + sctp_v4_copy_ip_options(sk, newsk); + newinet = inet_sk(newsk); newinet->inet_daddr = asoc->peer.primary_addr.v4.sin_addr.s_addr; @@ -1006,6 +1042,7 @@ static struct sctp_pf sctp_pf_inet = { .addr_to_user = sctp_v4_addr_to_user, .to_sk_saddr = sctp_v4_to_sk_saddr, .to_sk_daddr = sctp_v4_to_sk_daddr, + .copy_ip_options = sctp_v4_copy_ip_options, .af = &sctp_af_inet }; @@ -1090,6 +1127,7 @@ static struct sctp_af sctp_af_inet = { .ecn_capable = sctp_v4_ecn_capable, .net_header_len = sizeof(struct iphdr), .sockaddr_len = sizeof(struct sockaddr_in), + .ip_options_len = sctp_v4_ip_options_len, #ifdef CONFIG_COMPAT .compat_setsockopt = compat_ip_setsockopt, .compat_getsockopt = compat_ip_getsockopt, diff --git a/net/sctp/socket.c b/net/sctp/socket.c index bf271f8..eb55c63 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3138,6 +3138,7 @@ static int sctp_setsockopt_mappedv4(struct sock *sk, char __user *optval, unsign static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned int optlen) { struct sctp_sock *sp = sctp_sk(sk); + struct sctp_af *af = sp->pf->af; struct sctp_assoc_value params; struct sctp_association *asoc; int val; @@ -3162,7 +3163,8 @@ static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned if (val) { int min_len, max_len; - min_len = SCTP_DEFAULT_MINSEGMENT - sp->pf->af->net_header_len; + min_len = SCTP_DEFAULT_MINSEGMENT - af->net_header_len; + min_len -= af->ip_options_len(sk); min_len -= sizeof(struct sctphdr) + sizeof(struct sctp_data_chunk); @@ -3175,7 +3177,8 @@ static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned asoc = sctp_id2assoc(sk, params.assoc_id); if (asoc) { if (val == 0) { - val = asoc->pathmtu - sp->pf->af->net_header_len; + val = asoc->pathmtu - af->net_header_len; + val -= af->ip_options_len(sk); val -= sizeof(struct sctphdr) + sctp_datachk_len(&asoc->stream); } @@ -5087,9 +5090,11 @@ int sctp_do_peeloff(struct sock *sk, sctp_assoc_t id, struct socket **sockp) sctp_copy_sock(sock->sk, sk, asoc); /* Make peeled-off sockets more like 1-1 accepted sockets. - * Set the daddr and initialize id to something more random + * Set the daddr and initialize id to something more random and also + * copy over any ip options. */ sp->pf->to_sk_daddr(&asoc->peer.primary_addr, sk); + sp->pf->copy_ip_options(sk, sock->sk); /* Populate the fields of the newsk from the oldsk and migrate the * asoc to the newsk.