From patchwork Fri Dec 22 13:05:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marcelo Ricardo Leitner X-Patchwork-Id: 10140535 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D41BD601A1 for ; Tue, 2 Jan 2018 13:28:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C7C32203B9 for ; Tue, 2 Jan 2018 13:28:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BC29C285D9; Tue, 2 Jan 2018 13:28:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from UCOL19PA11.eemsg.mail.mil (ucol19pa11.eemsg.mail.mil [214.24.24.84]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7E99D203B9 for ; Tue, 2 Jan 2018 13:27:58 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.45,497,1508803200"; d="scan'208";a="412067845" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by UCOL19PA11.eemsg.mail.mil with ESMTP; 02 Jan 2018 13:26:25 +0000 X-IronPort-AV: E=Sophos;i="5.45,497,1508803200"; d="scan'208";a="7610813" IronPort-PHdr: =?us-ascii?q?9a23=3AGBm3Nx3ch8jnyS0osmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?se8eKP7xwZ3uMQTl6Ol3ixeRBMOHs6sC07KempujcFRI2YyGvnEGfc4EfD4+ou?= =?us-ascii?q?JSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgpp?= =?us-ascii?q?POT1HZPZg9iq2+yo9JDffxhEiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+?= =?us-ascii?q?RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLd?= =?us-ascii?q?QgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9Qr4uWTSm8qxlVhnmhi?= =?us-ascii?q?kaPDI96W3bl9B8gKddrRm8pRJw3pTUbZmVOvRgcK3TftQUSmhPXshMTyxMAJ6w?= =?us-ascii?q?YoURAOoaJutUs5XxqkESoRakGQWgGOXiwSJIiH/s2q061vwsHwbc0ww6A90Brn?= =?us-ascii?q?DUrNLoP6kOUOC60LPHzS/eYPNRxDzz7pbHchE9ofGKQ71wa9faxE4qFwzflFWf?= =?us-ascii?q?tZLqPzeS1ugXt2iU8etgVf6pi2E5sQF8uTevxsI2hYnIgoIZ0EzL9SJ8wIssI9?= =?us-ascii?q?CzVU11Yca8HZdNuCyXOJF6T8M/T21ypio3xaMKtYSmcCQS1pgr2wLTZ+GCfoSV?= =?us-ascii?q?/B7uV+mcLDJ2hH55Zb6yiRO//lKvx+3yUsS51VZHoTRbndXQs30Cyxze6saJSv?= =?us-ascii?q?Z48EeuxziC2g/W5+5fL0A5m6XWJpg8ybAqjJUTq17MHirulUXzi6+Za1sr9/Cz?= =?us-ascii?q?6+TifrXmvpicN5Joig3mMqQhhMi/AeMgPwgSRWeb4+W81KD4/UHjXLVLjuE5kq?= =?us-ascii?q?nesJzAI8QUurW5DBNP3oYm6ha/Cy+q0NUenXYZMFJIYA+LgofmNl3UIP30EO2z?= =?us-ascii?q?j0qjnTt13fzKI6XtApDXIXjClLfhc6x960lZyAcr1tBQ+ZZUCrAHIPLuVU79rc?= =?us-ascii?q?fXDhgkMwyy3+noFs5925gCWWOPHqCZMKTSvUWO5uI0OeaAfoAVuDHjK/Q9/f7h?= =?us-ascii?q?kWc5mUMBfamuxZYXane4HvJ8LEWFYXrjmNEBHHwIvgo5SuzqjUeNUSVPZ3msRa?= =?us-ascii?q?I8/Ss3CIW8DYfMXoqtmqCO3D+nHp1KYWBLElKMEXXyeIqYWPcMcyWSIslgkjwa?= =?us-ascii?q?TrWhRYsh1QyhtQDh1rpnKPbU+jACuZLkzth16PXZlQsu+jxsE8Sdz2aNQnl6n2?= =?us-ascii?q?MJQz822b5woVZmx1eNz6d3nvtYFcZJ6PNRSAc6MpzcwPJmBNDuQA7Bec2JSFm+?= =?us-ascii?q?SNW8HT4xVs4xw8MJY0tlBtqtkhXD3y2sA78JirCGH4I0/bzG33jwJsd9zHDG2L?= =?us-ascii?q?Mnj1Y4XstFLXemibJn9wjPG47JlF2UmLu2dasGxi7A73uMzW2LvE5ESgFwSrnF?= =?us-ascii?q?UWoZZkTIsdTz/lnCQKO2CbQ7LgtBztaPK6tLa93ui1VLX/LjONDHb2KwnWe8Hx?= =?us-ascii?q?CIyamWbIrpemUdwjvSBFICkw8N4XaMLRI+CTu5o2LCEDxuEkriY0328eZkrnO0?= =?us-ascii?q?Uk40zxqRYk1kz7q1+wcZheeSSvMIxL4Evz0hqzpsFlanw93WE8aApxZmfKhEYt?= =?us-ascii?q?My+lRH1WXEtwFmPZyvNaNihlkDcwhtuEPuzRp3AJ1akcc2tHMq0BZyKaWA3Vxb?= =?us-ascii?q?ajyYx5HwNaPNKmTp5h+gd6vW1kvZ0NaM9acF8O44pEn7vAG1Ckoi9G1q08NI3H?= =?us-ascii?q?SB/ZjKAw8SUJ3rXkYx6Rd6u6nQYjMh6IPMyX1sLa60vyfZ29InHuslzQ2gf8tE?= =?us-ascii?q?PaOfEg/yFMMbB820J+wsgVSpaAwLPPxK/q4uI8ymb+eG2LKsPOt4kjOpl2BH4J?= =?us-ascii?q?xj3UKW7CpxUfDI0Igfw/6DwwuHUi3wjFC7ssD4gYpEfy0dHnKjySj4A45cfqty?= =?us-ascii?q?fYcPCWeqPcK33c5ziITzVH5C816vHVQG2NWmeRCKdVzywRVQ1VgLoXyggSa40T?= =?us-ascii?q?10nC01rqqYxizC2fjtdBoAOm5NS2lvllPsIYmyj98ARkioaBIllBy/5Ub136Jb?= =?us-ascii?q?vrhwL3HPQUdUeCj7N2ViUqqrtrqeesJP840nsSFWUOS6fFCbRaXwowAC0yPiGW?= =?us-ascii?q?texSw0dyqwtpX/gRN6lHqXLGxvo3rBZcFw2RDf6cTGRf5W2joGQDd3iSPLCVi7?= =?us-ascii?q?Mdik5s6Ul4rfveClTW6hUYdTcSbzx4OaqCS7/XFqAQG4n/2rmd3oDw460TTg2t?= =?us-ascii?q?lpSyrIqg38Yo/12KSmK+5neVNoBFDk4cpgBo5+ipcwhI0X2XUCnpWa52cHkWPt?= =?us-ascii?q?PtVDw63+amYNSiARw9PO/Qjlw1NsLmiSx47jTXWdxdZhZ8OmbWwI1CI96NpKCK?= =?us-ascii?q?iK47Bemyt6vEa4pxrLYfdhhjcd1ecu6HkCjuEXvgoi0z6QAq4UHUZFPSzgjRKI?= =?us-ascii?q?4M6irK9PfmagbaCw1FZindCmFLyCuhtTWGv9epo5ASBw79l/MVLV3H398I7kfs?= =?us-ascii?q?PcbdUJth2bix3AlfRaKIotlvoWgipqIWz9smcjy+4nihxu2Iq3vIaZJGpw+6K5?= =?us-ascii?q?GARXNiXvZ8MU+DHik7pRntqM04CoBJVhFS0BXIH0QvKwDDISqfPnOh6LEDImrn?= =?us-ascii?q?ebHaTQHROD6Eh8tX3CCJarOG+LJHkC0dptXgGdK1JFjAASQjo6goYzFhq2y8z5?= =?us-ascii?q?bEd5+jcR60biqhdWxONkLRz/XX3bpAevajY5U4KQIwZT7g1Y4EfVK8Oe5PppHy?= =?us-ascii?q?5E5p2hsBCNKmuDagRGF2EGRFGLB0v5Mbmo+dnA9POYC/GkIPTSZLWCs+teV+2H?= =?us-ascii?q?xZi3yItp4y6MNtmTPnllF/A73FBDUmphG8TBgDgPRS0XlzjWb86Hqhe8+yt3od?= =?us-ascii?q?q58Pv3WQLg/4+PB6FVMdV19BC8mb2DOPKIhCZlNTZY0YsBxWfWx7cEwlESjSBu?= =?us-ascii?q?dyWqEbkbtC7CUrzflbFNAx4ccSNzO9NC77gg0QlVJc7bltT126ZjgfEuDFtFUV?= =?us-ascii?q?3hmtq1ZcwROW29L03IC1qROLSdOzLLx8D3YaWhSbxfl+hbqx2xuSyGE0/4JDiC?= =?us-ascii?q?mSPmVwy0MeFLiiGXJhteuJuychx1E2jsUMrmagGnMN9wlTA52rw0hnzNNW4aKj?= =?us-ascii?q?Vzbl1CoaaR7SxChPVzAWtB7mBqLeOcgSaW8/HYKooKsftsGil7je1a724ky7RL?= =?us-ascii?q?9yxEQ+R1lzXUrt5ruV6mk+2PxSFgUBtBsDpLg5iLvUp6M6XD6pZAQWrE/A4K7W?= =?us-ascii?q?iIFxQKoN5lBsf1u6BXy9nAiqTzJyxY89LT48QcBNPZJ96AMHokLRXmAiXUDBcf?= =?us-ascii?q?QT6tK27fm1RXkOuO+X2Nspg6tp/slYINSr5bUFw6COgXCkFiHNwMLpd4QC8kka?= =?us-ascii?q?KbjM4P4HqxsgPdRMNEsZDbTviSG+ngKC6FjblYYBsF2bX4IpoJOY3/wEFiaV56?= =?us-ascii?q?nJ/WG0XKW9BNuS5hbg4urEVL7nd+UnU521j5ZQO1/H8TCfm0kwYsigRgeuQi6i?= =?us-ascii?q?3j400rKVrKvyY/i0gxmc/4jjCWfj7xNL2wUp9WCibusUg+LI/7SR5vbQKuhUxk?= =?us-ascii?q?KCvER7VJgrR9cmBrjgnctoZRFv5YTK1JewUfyu+NZ/Uvy1hcrT+nxUBf7+vfFZ?= =?us-ascii?q?RijBcqcYKrr39Yxg1sdsA1Ja3NK6pS1VVfnLiOvjWv1uE/2w8ROVoC8H6IeC4J?= =?us-ascii?q?pEwJNqMqJyy28exw8QaCgSdMeHAQV/o2pfJn7kc9O+Oazy3+1b5CK0exOveQL6?= =?us-ascii?q?OfpmjMj8mIQkk/1kkQjUlK4aB20ds/c0qTT00v16WeFxAINcrENAFUYNFf+2TU?= =?us-ascii?q?fSaLrerC24l1P5mnGuDuU+COqL4egli4EwYxA4QM8sMBE4Gw0EHZKMfnK6IFyR?= =?us-ascii?q?Ut5QnwOVqFDfRIdwiQnzsdpcGw0oN315FHJj4BGWV9LTm35rHPqwAwhPqDXcs5?= =?us-ascii?q?bWkCUYsBNnM2Xsq6myhDsHlbFza30/gWyA6b4z/yuyTcFj/8YMR/ZP2MfxNjFM?= =?us-ascii?q?m2+Skj86ixkVPY6YvRJ2fhONt4p9DP9/0Vp4ycC/xOV7l8s13Qm45CR3ylS2TP?= =?us-ascii?q?C8K6J4Dsa4kwatz5Enm6UkG+izIxS8f+ItOtI7OVjg72XolUsZOU3DY5Oc+6DD?= =?us-ascii?q?EeFA96p/sf66JkeQ0Df507bAbytwQ4NqywPAeY0tKqQ2a2MTVYVuRRw/+marJQ?= =?us-ascii?q?1Ccjcui6yH48QZ4g1Om37VQBRJcUgRHC3fyjfZVRUTDvGnxBfAXCvTA5mHJ7Nu?= =?us-ascii?q?Y12egy2w/IsUMGPDCVauNpbG1Ev9czBVOWIHV2BWo4R0OSjYXZ+A6s2qoe/y1D?= =?us-ascii?q?kNZIyedFqmTxvofDYDKwX6ymsZvUvzA8Ytgmoq1xNI3jLdGFtJ7FnzzQUoffvR?= =?us-ascii?q?OfXC69DfpalcBaIDhET/lQhWElJcsGtJJE6UUrTMc+JKJACLUtprCsZjppFiAT?= =?us-ascii?q?wjUfV4yc2DwChfq81KbBlhuKdpQtLgAEuo1YgtQBSy52fj8epKi7WorMjW+EV2?= =?us-ascii?q?4LLB0Q7QlX5QIAl45wfvz+74bSSp9D1SJWqepuUiTXDplo60f7SmaOjFj5TvWh?= =?us-ascii?q?j/Km3QZMw/LpzNYbRAR/CEhGyuZRjksnNrd3K6wKsY7Ltj+HbkT6vW33xOuhPl?= =?us-ascii?q?lRxtXed0fkA4rdqWr8Tioc9GUIRY9IzXHSDogSnxZ8aKkwvllMJp6pelrm7Tw+?= =?us-ascii?q?24tpB6W4Vdysx1s9rXYJXT2qHMBFC+57q1/YRSNqY4izqJr7P5VdXHVQ9Ieaq1?= =?us-ascii?q?dDn0VnKzS5xoZEK8FR/j4MWyBCoTeavNSsU8BMxNF5D4QSLddlp3fyBr5LNIKX?= =?us-ascii?q?o3Ioprzl0mXZ9CwksFem2DWzHLe1T/5E8GIDGwUmPWCep1IzAOsr92fd7krCsk?= =?us-ascii?q?to/+tBALiAk1lxqi5nHp9SHjZJyWylL1NrQXZdveVVNLjZfs5BT/Q8fhKgJxs+?= =?us-ascii?q?Ffs60EOT5kF0gW31YypsuQtG4yrdRRU7VTEJgrfxnj0TstunNiEHRJJIdzohcz?= =?us-ascii?q?zIKwacmSBJohlTdV1lW5cEDdlb4b0b25Vb/tbaQ0a2NS4FRABiNh4/0fdHjU5D?= =?us-ascii?q?q1mYdjrAAgq0bvvPqRp3fdqLrMG1Mvv5+htHipn9v+A87akDQGemmQK1S9DEs4?= =?us-ascii?q?D8rsGKtleJdKrgL+28e2HOQybRgh2rmLckC4XK/zLJPwpFKpl6zn4kbob9CWLR?= =?us-ascii?q?OhRGPa0bLVJBVa9mcdVGvvxaZ8h8daYL46BtHBWHRgjrGIO1svlLNVPTRSnaLy?= =?us-ascii?q?Wd8+ywvYPT4qbbSej7fMCMwGzHQ61vNJdg9Tb7A6vq0ZNZ+kfu2Pdi7EV6SVbc?= =?us-ascii?q?MyCGsdvuOBgG5NW4eUvkpZ0pGinaAJFun3rx3ktAbdYYQzW28JQEz5NU8HDwSe?= =?us-ascii?q?Zj30jytu1S8qNo6Ygx47Bn08e7P7zSKehAsU96HheUGhhq9o8zD2RlQGBReOAR?= =?us-ascii?q?Iu/LfasFlcDut/z3F6sP5R2T+uxWddzHJ0XblcmkED2cSBtEnAAaqT4BNQac0v?= =?us-ascii?q?GImqBuRcaiv+j51Von40KiIR4e0LBt+YCE97KUq+DNaxve06MEWrTqR8P0tbks?= =?us-ascii?q?oF+d5fw6m74IZmx1YheoHPIbVsED2mfq1boqwj40E8PfA7Lg/+ZOV3YinjLlm5?= =?us-ascii?q?1wBFsWFe0JErqM54RRhH84m/beNt0UbK9NhnqPGQSjEr8Yxn6h8zGXL3V9ghHS?= =?us-ascii?q?zxHwRnu+7F33rS99WibMysnsk0pLWbmtBEdSWSWpNVV+sDyRIArirMD3trgt7E?= =?us-ascii?q?EqLmzks8qAlGqgObxNBcLwOMeRITIqq1ILkpI+Wsaj2YcBGdqyON0R6m1xbuPC?= =?us-ascii?q?62O3lC9Mu7xIh4vF4sCb4PrXH3igj7GCq7qX2TBYzmM1sk046t+9KP7B/cCKQ+?= =?us-ascii?q?6v12YLVShzoQzBXwS6qrbDtVAbJVSL0FvXmIwNJtxZxWM31l366+gjTtMz8x9e?= =?us-ascii?q?FoXZa/MZuz/zPDr0wVCCY9M4TSSeyyFYHk7pHll4Fqk833jwvMHTmXfT5VIoXI?= =?us-ascii?q?9weFLjhRBtCIU4M00t4kANwiUfCQgNdQybDLawCETqN4QET1YMaQiH3LWhfqc3?= =?us-ascii?q?3FFzza2v5ODJcOx8HLABNvBDgQ6ShFJbAI4ZsbUCQLJgfF9Q7KHXqRbkC4j7WP?= =?us-ascii?q?jmkn08NearTcBe8MAZsWYi4wmkShqk95hD9bYah4qSeq5Cf5fMoNh271176j4X?= =?us-ascii?q?aixNnB9/ggulXuAevu/s/sPWv4av6uaqUKYtRvsY9wIoB2tgk5TwgEovodbN1+?= =?us-ascii?q?dTUofVk5jw8BhRI36Wv4bXyxx8Ke0IK4K3c7Zv6W4KJy0fJ30UO9qZdeU84iFq?= =?us-ascii?q?MDXJ5FxCGdkAZdUGM8rRgQpUkFHmWKlP9srHHV+VE4hzeNwz72rs0Tw77JQyXO?= =?us-ascii?q?Dh6D+wOJDe4EpAP/xGjCp2ktLNuvIZwf3ICCgY+XOZcQR6wjuey5mRDPb95eeM?= =?us-ascii?q?yNbUV1MABCI5T4ddJD6f+QO6R+u1lZPpUhiX6s/ym58+akOQRmKrk6QBr6lMEP?= =?us-ascii?q?RMiiPl0ThCDor1ne6as8Kw6GtLsV1KCIdz7QPfF6VZJZh7PQn4mdSqRkh7HSvz?= =?us-ascii?q?YsbUdgAhuOCO3OcD//1+N1fiZY8cOh8Eyaz16XRbTgtqU7P3sEyWXeQPa9t6Uv?= =?us-ascii?q?/EqG5a6Z54Ia8VIFedvIDqritPqF0uDw8pbLgwrzJEeUnKmA1YQL30uLkGigsd?= =?us-ascii?q?TdF1o0lMFnysOGgm/TrISbxVjLWNCPwS6jiTTKwOUkVwMiN5RxO12YludKWykP?= =?us-ascii?q?BCs2NGgjl9r+Yw3zxhXhu8tjXmp7gR1jI45LG4qDIBtGRZTuWflifFEklDzPUW?= =?us-ascii?q?gqcfFXni7UawYH8dY4vu+LNnP9jv9ZE943QjZhUuZygGXeWjCyHziKOFGY6Pv8?= =?us-ascii?q?hfhB6KvsXBc7mzITIUNrsj1RLpX2J93RTGnBZ07GsLRS2t48Q6K4W7JcYo3TGo?= =?us-ascii?q?GWzcdFYQ/qNJrtX+ukMRQOsxc1Nhz31p0tKbSS0VWMzPB2E1gxA8aWVDdJJM8w?= =?us-ascii?q?UaFqcvgjaMsKlL5QQUYDDTEoS+5Ibfgd3I2X4mTddxx2LWoKKFiokt0H1/lNN+?= =?us-ascii?q?9jSOt2gKd+zET89sBWD+1olBxuz6ZvWtqv4IRZBnybSgVf8CN9es+XGy2Jp0QE?= =?us-ascii?q?Olwa4eH1WhOu8Z2rjbSzulSXGfWemTfWmMhyw5Mk/u6ha2NVA3bcZKr1MnMuTc?= =?us-ascii?q?nJJckBfhUbxsTCWKuVDb1HAjMf8ddw8uv4enfxIFQfUJZ+iYP+cu2+E+CFoQYH?= =?us-ascii?q?/VByt5FfG5vUSrnIdlJ3Vq+V/6bvj18gD6LNuSHQEJEYrbrp535Py7SXuNOXth?= =?us-ascii?q?zB1pIEl07PzSF1Urue9adJadh9/Qh8500eQdbfdiLTU9usIPmoJk8YSU1d2Ffg?= =?us-ascii?q?3RzpbzI9HVpeOVA+Pez0QsZG5aVrsZYQXo54Q1JNI5XKfTHbRBtxQGGac6WIAh?= =?us-ascii?q?N3v29KxsLgN8aA3RZLOvjcTxu+KLYIdUp3/R7lItIyfcuwEDxuayTQNlc5Cgn2?= =?us-ascii?q?/yL4woRjJds91tDQNrHIlKG8MHtQqnGZ+UmLqght+34Ux6vvEFsavqBvDNztS5?= =?us-ascii?q?0J17X4JG6kyTIDbRGK5rj1x+juS8h/fPzpj8BMD5dNMaSud7WG/Fa77BHoW5MD?= =?us-ascii?q?6OPNzze1IVu4Kbhal0VhSXeTDRQ7uNtCriMu5tp0o81MgweufPwDEzx6/U1cG0?= =?us-ascii?q?ZGxBoCqn63mTO98X6F3MGPybRBlIUdKb/2t/W64ad4358KEJK9NmiNyd5RRjqS?= =?us-ascii?q?9P29afIrSw60rL1l9/eLrFI0bznSU0Q48HJFK4K0R/r3XeryH4CG5XI8yjYfNs?= =?us-ascii?q?i9+PAhulw0RwhWcgfCYVH2PyTtqVPi4f1sOiYgCQ3A1OBtcH2eWwfBhr5eWJVe?= =?us-ascii?q?B0N8Adyq2Rv7IdnIMscnnC?= X-IPAS-Result: =?us-ascii?q?A2DLAQAliEta/wHyM5BdGgEBAQEBAgEBAQEIAQEBAYJsJik?= =?us-ascii?q?DZnQnjit0jiSBWid9jTOIeoIHGBgDiVI/GAEBAQEBAQEBAQFqKII4JIJIAwMBA?= =?us-ascii?q?iQZARsdAQIBAgkBAQUQCikIAwEdAhEBBQEcBxIFiFeBOQEDFQECpTpAjX0YBQE?= =?us-ascii?q?cgwsFg1sKGScNWYIXAQseAgYSg3qBNlyBVoFpNYJDgyFFh2oBBIpDDIdPgXKOf?= =?us-ascii?q?z2IA4g0hH6CfIkMh3WNYoh0BgIJCBQlgRcfOYFPMhojUjKBdwmCPA8cgX9ghjc?= =?us-ascii?q?sghwBAQE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 02 Jan 2018 13:26:16 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w02DQEHG013036; Tue, 2 Jan 2018 08:26:14 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id vBMDBTDN136506 for ; Fri, 22 Dec 2017 08:11:29 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id vBMDBTS1029201; Fri, 22 Dec 2017 08:11:29 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1AlBQByAz1afyIaGNZdHAEBAQQBAQoBA?= =?us-ascii?q?YJsJilpdCePHo4egVonfY0xiHqCFQobhSAChE5AFwEBAQEBAQEBARMBAQsWhgE?= =?us-ascii?q?DAycZARsdAQMMBhAKMSECEQEFARwHEohcgTkBAxUBAphmQI19GAUBHIMLBYNfC?= =?us-ascii?q?hknDVmCNQEBAQEBBQEBAQEcAgYSg3mBNlyBVoFpNYJDgyFFh2oBBIpCDIdPgXK?= =?us-ascii?q?OfT2IAYgwhH6CfIkLh3ONX4hzBgIJCBQkgRcgAYIGMhojUTKBdwmCPA8cgX9gh?= =?us-ascii?q?zgsghwBAQE?= X-IPAS-Result: =?us-ascii?q?A1AlBQByAz1afyIaGNZdHAEBAQQBAQoBAYJsJilpdCePHo4?= =?us-ascii?q?egVonfY0xiHqCFQobhSAChE5AFwEBAQEBAQEBARMBAQsWhgEDAycZARsdAQMMB?= =?us-ascii?q?hAKMSECEQEFARwHEohcgTkBAxUBAphmQI19GAUBHIMLBYNfChknDVmCNQEBAQE?= =?us-ascii?q?BBQEBAQEcAgYSg3mBNlyBVoFpNYJDgyFFh2oBBIpCDIdPgXKOfT2IAYgwhH6Cf?= =?us-ascii?q?IkLh3ONX4hzBgIJCBQkgRcgAYIGMhojUTKBdwmCPA8cgX9ghzgsghwBAQE?= X-IronPort-AV: E=Sophos;i="5.45,441,1508817600"; d="scan'208";a="158132" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 22 Dec 2017 08:11:28 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AHVsNgR8/T8w4Cv9uRHKM819IXTAuvvDOBiVQ1KB2?= =?us-ascii?q?1OMcTK2v8tzYMVDF4r011RmVBdydt6IP17SempujcFRI2YyGvnEGfc4EfD4+ou?= =?us-ascii?q?JSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgpp?= =?us-ascii?q?POT1HZPZg9iq2+yo9JDffxhEiCCybL5xIxm7ogTcvdQKjIV/Lao81gHHqWZSde?= =?us-ascii?q?RMwmNoK1OTnxLi6cq14ZVu7Sdete8/+sBZSan1cLg2QrJeDDQ9LmA6/9brugXZ?= =?us-ascii?q?TQuO/XQTTGMbmQdVDgff7RH6WpDxsjbmtud4xSKXM9H6QawyVD+/6apgVR3mhz?= =?us-ascii?q?odNzMh7W/ZitJ+gqxYrhympRN/zZXZbJ2JOPdkYq/QZ88WSXZHU81MVyJBGIS8?= =?us-ascii?q?b44XAuQGJ+lYtZXyqEUKrRu5GAKiGOLvxSNSiX/swKI61PkqHwfY0wwhA9IOtm?= =?us-ascii?q?rbrM/oP6oVVOC61rPIwindYPNS3jfx8ozIfQ4gofGQW7J/b9DRxFIgFwPAlFqQ?= =?us-ascii?q?qIjlMymJ2eQKtmiW9uxtXv+shW4/swx9vCWjy8g2hoXXiY8Z0E7I+CRjzIs7Kt?= =?us-ascii?q?C0UFB3bcK4HJdNsiyWKpV6T8AtTmxttiY21qAKtJC+cScQx5knyRrSZvmHfoeW?= =?us-ascii?q?/B3vSOOcLit4iXJrdrKyghiy/laux+DzU8S7y1hKoyRKn9TKq3sDzQbc6tKdRf?= =?us-ascii?q?t45kqh2SiA1wTU6uxcL086iKrVJoM8zrM0jJQerVjPEy/slErokqCWc14k+uey?= =?us-ascii?q?5+TieLrmp5ucO5VxigH/NqQigs2/AeImPQgSR2WX5/mw2bL58UHnT7hGlOM6n6?= =?us-ascii?q?jDvJ3UKskXvqu5DBVU0oYn5Ra/FTCm0NEAkHkCNl1FYg6IgJbtO1HJOvz4Cemw?= =?us-ascii?q?g1WwkDdt2f/GJKbsAprILnfZkbfheaxx5FJbyAo21dxf/Y5bCqkdIPLvXU/8rM?= =?us-ascii?q?fYAQIiMwGv3+bmCMly1oMZWW6VBK+ZK7ndvUWH5uIoPemGfJUVtyrlK/g5+/7u?= =?us-ascii?q?imc0mUQDcqmt3JsXbm24H/t9LkWFYXvjntcBEWAQsgo4V+zlkkeOUTFUZ3asDO?= =?us-ascii?q?oA4WQgBYanC5rTbpy8i7yGmiGgF9tZYX4CQlaBDXvlaa2aVPoWLiGfOMlslnoD?= =?us-ascii?q?T7flA4sg0wy+8RTx16JPMOXZ4GsbuIjl2dwz4Pfc0Vk29DppH4GG3mqQVWBojy?= =?us-ascii?q?YNQDMr2K1Xv0Nw0BGA3LJ+jvgeEsZctN1TVQJvEJfGxOF+DJjIWwnIZNuOAHKr?= =?us-ascii?q?Q8mgDCt5Gtc42dQDZ0E7H9ijkhbOxQKlBrYUk/qAA5liofGU5GT4O8sokyWO76?= =?us-ascii?q?ImlVRzGsY=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ChAgCrAz1afyIaGNZdHQEBBQELAYJsJ?= =?us-ascii?q?ilpdCePHo94J32NMYh6ghUKG4UgAoUOFwEBAQEBAQEBAQESAQELFl2COCKCSgM?= =?us-ascii?q?DJxkBGx0BAwwGEAoxIQIRAQUBHAcSiFyBOQEDFQECmGZAjX0YBQEcgwsFg18KG?= =?us-ascii?q?ScNWYI1AQEBAQEFAQEBARwCBhKDeYE2gjKBaTWCQ4MhRYdqBYpCDIdPgXKOfT2?= =?us-ascii?q?IAYgwhH6CfIkLh3ONX4hzBgIJCBQkgRcgAYIGMhojUTKBdwmCPA8cgX9ghzgsg?= =?us-ascii?q?hwBAQE?= X-IPAS-Result: =?us-ascii?q?A0ChAgCrAz1afyIaGNZdHQEBBQELAYJsJilpdCePHo94J32?= =?us-ascii?q?NMYh6ghUKG4UgAoUOFwEBAQEBAQEBAQESAQELFl2COCKCSgMDJxkBGx0BAwwGE?= =?us-ascii?q?AoxIQIRAQUBHAcSiFyBOQEDFQECmGZAjX0YBQEcgwsFg18KGScNWYI1AQEBAQE?= =?us-ascii?q?FAQEBARwCBhKDeYE2gjKBaTWCQ4MhRYdqBYpCDIdPgXKOfT2IAYgwhH6CfIkLh?= =?us-ascii?q?3ONX4hzBgIJCBQkgRcgAYIGMhojUTKBdwmCPA8cgX9ghzgsghwBAQE?= X-IronPort-AV: E=Sophos;i="5.45,441,1508803200"; d="scan'208";a="7059312" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from uphb19pa02.eemsg.mail.mil (HELO USFB19PA05.eemsg.mail.mil) ([214.24.26.34]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 22 Dec 2017 13:11:26 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;fbba07cc-8fd1-41b0-ba96-e80b5574e884 Authentication-Results: USFB19PA09.eemsg.mail.mil; dkim=pass (signature verified) header.i=@gmail.com X-EEMSG-check-008: 19074555|USFB19PA09_EEMSG_MP5.csd.disa.mil X-EEMSG-SBRS: 2.7 X-EEMSG-ORIG-IP: 209.85.220.194 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0A6AgBZAj1af8LcVdFdHAEBAQQBAQoBAYJsJoESgRudPIFaJ32NMYh6ghUKG4UgAoROQBcBAQEBAQEBAQETAQEJCwsIJjGFJAMDJxkBGx0BAwwGEAoxIQIRAQUBHAcSiFyBOQEDFQGYbUCNfRgFARyDCwWDXwoZJw1ZgjUBAQEBAQUBAQEBHAIGCQEIg3mBNlyBVoFpNYJDgyFFh2oFikIMh0+Bco59PYgBiDCEfoJ8iQuHc41fiHMGAgkIFCSBFyEDggMyGiNRMoF3CYI8DxyBf2CHOCyCHAEBAQ X-IPAS-Result: A0A6AgBZAj1af8LcVdFdHAEBAQQBAQoBAYJsJoESgRudPIFaJ32NMYh6ghUKG4UgAoROQBcBAQEBAQEBAQETAQEJCwsIJjGFJAMDJxkBGx0BAwwGEAoxIQIRAQUBHAcSiFyBOQEDFQGYbUCNfRgFARyDCwWDXwoZJw1ZgjUBAQEBAQUBAQEBHAIGCQEIg3mBNlyBVoFpNYJDgyFFh2oFikIMh0+Bco59PYgBiDCEfoJ8iQuHc41fiHMGAgkIFCSBFyEDggMyGiNRMoF3CYI8DxyBf2CHOCyCHAEBAQ Received: from mail-qk0-f194.google.com ([209.85.220.194]) by USFB19PA09.eemsg.mail.mil with ESMTP; 22 Dec 2017 13:10:41 +0000 Received: by mail-qk0-f194.google.com with SMTP id q14so21921386qke.7; Fri, 22 Dec 2017 05:10:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=TyumIBg2ksWKA1u0/9tRqM1EwHjWRqNX4aU9fMl3lOs=; b=ZRlDZahn8rfDRJu+zBIZ0x43Rp/E3h0vqmCY7R+3raD330h4d/a6I4buFuaFC4Tm9g pDsqcYAbp3bpaBxbDUXab1QqvJVILMBUxIdRfLhMhzQN+OoE+yEsSR88jp/UVRiuI0+B SWcCKl4nSmEW52lLScBu+mXZ/fawvA+N4E7oNHP+hEIToJaH/ajTvo3iw7/dIvVUbpbW DaVpAyvJuOfsp2g5uWxM025/6azkkv5oskV2hYChtZeMT/V2mXY94p35nZgeG9Dn5Gto raEbPS7BJ8l6rBBmgDmTivlRvAnEDT22LmuCmTiGkzhyCl/KIP0/5iBPysd0xKUjUlNC W+pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=TyumIBg2ksWKA1u0/9tRqM1EwHjWRqNX4aU9fMl3lOs=; b=a9eQ8xLrG0KgOc57jghwB6uCEp7H0jZdLoRt7KOSuxZAu10qcQ7SGJAabfe3UcTC6G /pqYSkL5yqAsM1mPptnp4FdUXCgYWJsOrfBdgBvyrrjS2I2w4VYlRwR2GLm7Wu5RTYIe dTwPIP3V2YXCn17kzDSRbFp/rmxPlFG0Lb1z9Isd752jdj85guKI2Ubao+B11r6undsP VuUERhHikG26Lmk5n6tgmb6SOfA5fWCXY2lsyWQjThBfEIUwWSgt4iCj15zFwNN4z7uI 2JvD0aToCd2+X4dbuFXg+Lk9pc92pPhm6qBDgaLckJhksgHHQEBK/nKZCfHp5tf3wVlN dkbg== X-Gm-Message-State: AKGB3mLfBs2fVU5gIWZib7g3ximT0Cymv+2a6Xlh8IrlCew0T05jH+h4 QjC9+MWW9FWbr4e+hBBi7aAeQXMC X-Google-Smtp-Source: ACJfBovDJhgEAOBAFXyza8PMIjcXYBNtWVJTsTaNgyt734tsNk4TJBpK4ILkzYreUs/frvBXFJGzgA== X-Received: by 10.55.169.139 with SMTP id s133mr7707590qke.355.1513947935470; Fri, 22 Dec 2017 05:05:35 -0800 (PST) Received: from localhost.localdomain.com ([2001:1284:f013:a4f9:5ee0:c5ff:fe34:bf34]) by smtp.gmail.com with ESMTPSA id v73sm3852525qkg.34.2017.12.22.05.05.32 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 22 Dec 2017 05:05:34 -0800 (PST) From: Marcelo Ricardo Leitner To: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-sctp@vger.kernel.org, linux-security-module@vger.kernel.org Date: Fri, 22 Dec 2017 11:05:16 -0200 Message-Id: <80e6a4fb06ec6b8f81577abd11827d75dd6689ce.1513940757.git.marcelo.leitner@gmail.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: References: X-Mailman-Approved-At: Tue, 02 Jan 2018 08:24:19 -0500 Subject: [PATCH v3 1/4] security: Add support for SCTP security hooks X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: marcelo.leitner@gmail.com, nhorman@tuxdriver.com, vyasevich@gmail.com, sds@tycho.nsa.gov Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Richard Haines The SCTP security hooks are explained in: Documentation/security/LSM-sctp.rst Signed-off-by: Richard Haines Acked-by: Marcelo Ricardo Leitner --- Documentation/security/LSM-sctp.rst | 194 ++++++++++++++++++++++++++++++++++++ include/linux/lsm_hooks.h | 35 +++++++ include/linux/security.h | 25 +++++ security/security.c | 22 ++++ 4 files changed, 276 insertions(+) create mode 100644 Documentation/security/LSM-sctp.rst diff --git a/Documentation/security/LSM-sctp.rst b/Documentation/security/LSM-sctp.rst new file mode 100644 index 0000000000000000000000000000000000000000..61373672ce9f63bbd52d953500f44cdf3427c3f0 --- /dev/null +++ b/Documentation/security/LSM-sctp.rst @@ -0,0 +1,194 @@ +SCTP LSM Support +================ + +For security module support, three sctp specific hooks have been implemented:: + + security_sctp_assoc_request() + security_sctp_bind_connect() + security_sctp_sk_clone() + +Also the following security hook has been utilised:: + + security_inet_conn_established() + +The usage of these hooks are described below with the SELinux implementation +described in ``Documentation/security/SELinux-sctp.rst`` + + +security_sctp_assoc_request() +----------------------------- +This new hook passes the ``@ep`` and ``@chunk->skb`` (the association INIT +packet) to the security module. Returns 0 on success, error on failure. +:: + + @ep - pointer to sctp endpoint structure. + @skb - pointer to skbuff of association packet. + +The security module performs the following operations: + IF this is the first association on ``@ep->base.sk``, then set the peer + sid to that in ``@skb``. This will ensure there is only one peer sid + assigned to ``@ep->base.sk`` that may support multiple associations. + + ELSE validate the ``@ep->base.sk peer_sid`` against the ``@skb peer sid`` + to determine whether the association should be allowed or denied. + + Set the sctp ``@ep sid`` to socket's sid (from ``ep->base.sk``) with + MLS portion taken from ``@skb peer sid``. This will be used by SCTP + TCP style sockets and peeled off connections as they cause a new socket + to be generated. + + If IP security options are configured (CIPSO/CALIPSO), then the ip + options are set on the socket. + + +security_sctp_bind_connect() +----------------------------- +This new hook passes one or more ipv4/ipv6 addresses to the security module +for validation based on the ``@optname`` that will result in either a bind or +connect service as shown in the permission check tables below. +Returns 0 on success, error on failure. +:: + + @sk - Pointer to sock structure. + @optname - Name of the option to validate. + @address - One or more ipv4 / ipv6 addresses. + @addrlen - The total length of address(s). This is calculated on each + ipv4 or ipv6 address using sizeof(struct sockaddr_in) or + sizeof(struct sockaddr_in6). + + ------------------------------------------------------------------ + | BIND Type Checks | + | @optname | @address contains | + |----------------------------|-----------------------------------| + | SCTP_SOCKOPT_BINDX_ADD | One or more ipv4 / ipv6 addresses | + | SCTP_PRIMARY_ADDR | Single ipv4 or ipv6 address | + | SCTP_SET_PEER_PRIMARY_ADDR | Single ipv4 or ipv6 address | + ------------------------------------------------------------------ + + ------------------------------------------------------------------ + | CONNECT Type Checks | + | @optname | @address contains | + |----------------------------|-----------------------------------| + | SCTP_SOCKOPT_CONNECTX | One or more ipv4 / ipv6 addresses | + | SCTP_PARAM_ADD_IP | One or more ipv4 / ipv6 addresses | + | SCTP_SENDMSG_CONNECT | Single ipv4 or ipv6 address | + | SCTP_PARAM_SET_PRIMARY | Single ipv4 or ipv6 address | + ------------------------------------------------------------------ + +A summary of the ``@optname`` entries is as follows:: + + SCTP_SOCKOPT_BINDX_ADD - Allows additional bind addresses to be + associated after (optionally) calling + bind(3). + sctp_bindx(3) adds a set of bind + addresses on a socket. + + SCTP_SOCKOPT_CONNECTX - Allows the allocation of multiple + addresses for reaching a peer + (multi-homed). + sctp_connectx(3) initiates a connection + on an SCTP socket using multiple + destination addresses. + + SCTP_SENDMSG_CONNECT - Initiate a connection that is generated by a + sendmsg(2) or sctp_sendmsg(3) on a new asociation. + + SCTP_PRIMARY_ADDR - Set local primary address. + + SCTP_SET_PEER_PRIMARY_ADDR - Request peer sets address as + association primary. + + SCTP_PARAM_ADD_IP - These are used when Dynamic Address + SCTP_PARAM_SET_PRIMARY - Reconfiguration is enabled as explained below. + + +To support Dynamic Address Reconfiguration the following parameters must be +enabled on both endpoints (or use the appropriate **setsockopt**\(2)):: + + /proc/sys/net/sctp/addip_enable + /proc/sys/net/sctp/addip_noauth_enable + +then the following *_PARAM_*'s are sent to the peer in an +ASCONF chunk when the corresponding ``@optname``'s are present:: + + @optname ASCONF Parameter + ---------- ------------------ + SCTP_SOCKOPT_BINDX_ADD -> SCTP_PARAM_ADD_IP + SCTP_SET_PEER_PRIMARY_ADDR -> SCTP_PARAM_SET_PRIMARY + + +security_sctp_sk_clone() +------------------------- +This new hook is called whenever a new socket is created by **accept**\(2) +(i.e. a TCP style socket) or when a socket is 'peeled off' e.g userspace +calls **sctp_peeloff**\(3). ``security_sctp_sk_clone()`` will set the new +sockets sid and peer sid to that contained in the ``@ep sid`` and +``@ep peer sid`` respectively. +:: + + @ep - pointer to old sctp endpoint structure. + @sk - pointer to old sock structure. + @sk - pointer to new sock structure. + + +security_inet_conn_established() +--------------------------------- +This hook has been added to the receive COOKIE ACK processing where it sets +the connection's peer sid to that in ``@skb``:: + + @sk - pointer to sock structure. + @skb - pointer to skbuff of the COOKIE ACK packet. + + +Security Hooks used for Association Establishment +================================================= +The following diagram shows the use of ``security_sctp_connect_bind()``, +``security_sctp_assoc_request()``, ``security_inet_conn_established()`` when +establishing an association. +:: + + SCTP endpoint "A" SCTP endpoint "Z" + ================= ================= + sctp_sf_do_prm_asoc() + Association setup can be initiated + by a connect(2), sctp_connectx(3), + sendmsg(2) or sctp_sendmsg(3). + These will result in a call to + security_sctp_bind_connect() to + initiate an association to + SCTP peer endpoint "Z". + INIT ---------------------------------------------> + sctp_sf_do_5_1B_init() + Respond to an INIT chunk. + SCTP peer endpoint "A" is + asking for an association. Call + security_sctp_assoc_request() + to set the peer label if first + association. + If not first association, check + whether allowed, IF so send: + <----------------------------------------------- INIT ACK + | ELSE audit event and silently + | discard the packet. + | + COOKIE ECHO ------------------------------------------> + | + | + | + <------------------------------------------- COOKIE ACK + | | + sctp_sf_do_5_1E_ca | + Call security_inet_conn_established() | + to set the correct peer sid. | + | | + | If SCTP_SOCKET_TCP or peeled off + | socket security_sctp_sk_clone() is + | called to clone the new socket. + | | + ESTABLISHED ESTABLISHED + | | + ------------------------------------------------------------------ + | Association Established | + ------------------------------------------------------------------ + + diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index c9258124e41757187cdb8b2f83c5901966345902..92ee9c6c604212ce38590bd2e5fcba55617b9c04 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -906,6 +906,32 @@ * associated with the TUN device's security structure. * @security pointer to the TUN devices's security structure. * + * Security hooks for SCTP + * + * @sctp_assoc_request: + * If first association, then set the peer sid to that in @skb. If + * @sctp_cid is from an INIT chunk, then set the sctp endpoint sid to + * socket's sid (ep->base.sk) with MLS portion taken from peer sid. + * @ep pointer to sctp endpoint structure. + * @skb pointer to skbuff of association packet. + * Return 0 on success, error on failure. + * @sctp_bind_connect: + * Validiate permissions required for each address associated with sock + * @sk. Depending on @optname, the addresses will be treated as either + * for a connect or bind service. The @addrlen is calculated on each + * ipv4 and ipv6 address using sizeof(struct sockaddr_in) or + * sizeof(struct sockaddr_in6). + * @sk pointer to sock structure. + * @optname name of the option to validate. + * @address list containing one or more ipv4/ipv6 addresses. + * @addrlen total length of address(s). + * Return 0 on success, error on failure. + * @sctp_sk_clone: + * Sets the new child socket's sid to the old endpoint sid. + * @ep pointer to old sctp endpoint structure. + * @sk pointer to old sock structure. + * @sk pointer to new sock structure. + * * Security hooks for Infiniband * * @ib_pkey_access: @@ -1631,6 +1657,12 @@ union security_list_options { int (*tun_dev_attach_queue)(void *security); int (*tun_dev_attach)(struct sock *sk, void *security); int (*tun_dev_open)(void *security); + int (*sctp_assoc_request)(struct sctp_endpoint *ep, + struct sk_buff *skb); + int (*sctp_bind_connect)(struct sock *sk, int optname, + struct sockaddr *address, int addrlen); + void (*sctp_sk_clone)(struct sctp_endpoint *ep, struct sock *sk, + struct sock *newsk); #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_INFINIBAND @@ -1869,6 +1901,9 @@ struct security_hook_heads { struct list_head tun_dev_attach_queue; struct list_head tun_dev_attach; struct list_head tun_dev_open; + struct list_head sctp_assoc_request; + struct list_head sctp_bind_connect; + struct list_head sctp_sk_clone; #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_INFINIBAND struct list_head ib_pkey_access; diff --git a/include/linux/security.h b/include/linux/security.h index ce6265960d6c430a90e1ad3c3749d0a438ecaca9..51f6cc2417f278674dfbd434587af805cb0c03d3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -115,6 +115,7 @@ struct xfrm_policy; struct xfrm_state; struct xfrm_user_sec_ctx; struct seq_file; +struct sctp_endpoint; #ifdef CONFIG_MMU extern unsigned long mmap_min_addr; @@ -1229,6 +1230,11 @@ int security_tun_dev_create(void); int security_tun_dev_attach_queue(void *security); int security_tun_dev_attach(struct sock *sk, void *security); int security_tun_dev_open(void *security); +int security_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb); +int security_sctp_bind_connect(struct sock *sk, int optname, + struct sockaddr *address, int addrlen); +void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk, + struct sock *newsk); #else /* CONFIG_SECURITY_NETWORK */ static inline int security_unix_stream_connect(struct sock *sock, @@ -1421,6 +1427,25 @@ static inline int security_tun_dev_open(void *security) { return 0; } + +static inline int security_sctp_assoc_request(struct sctp_endpoint *ep, + struct sk_buff *skb) +{ + return 0; +} + +static inline int security_sctp_bind_connect(struct sock *sk, int optname, + struct sockaddr *address, + int addrlen) +{ + return 0; +} + +static inline void security_sctp_sk_clone(struct sctp_endpoint *ep, + struct sock *sk, + struct sock *newsk) +{ +} #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_INFINIBAND diff --git a/security/security.c b/security/security.c index 4bf0f571b4ef94df1d3c44b7fed6b7b651c1924f..1400678f6b72b36123f2fa2b909f35d257a62cd4 100644 --- a/security/security.c +++ b/security/security.c @@ -1472,6 +1472,7 @@ void security_inet_conn_established(struct sock *sk, { call_void_hook(inet_conn_established, sk, skb); } +EXPORT_SYMBOL(security_inet_conn_established); int security_secmark_relabel_packet(u32 secid) { @@ -1527,6 +1528,27 @@ int security_tun_dev_open(void *security) } EXPORT_SYMBOL(security_tun_dev_open); +int security_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb) +{ + return call_int_hook(sctp_assoc_request, 0, ep, skb); +} +EXPORT_SYMBOL(security_sctp_assoc_request); + +int security_sctp_bind_connect(struct sock *sk, int optname, + struct sockaddr *address, int addrlen) +{ + return call_int_hook(sctp_bind_connect, 0, sk, optname, + address, addrlen); +} +EXPORT_SYMBOL(security_sctp_bind_connect); + +void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk, + struct sock *newsk) +{ + call_void_hook(sctp_sk_clone, ep, sk, newsk); +} +EXPORT_SYMBOL(security_sctp_sk_clone); + #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_INFINIBAND