From patchwork Mon Nov 27 19:30:48 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Haines X-Patchwork-Id: 10080305 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7376B6056A for ; Tue, 28 Nov 2017 13:25:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 641A42886D for ; Tue, 28 Nov 2017 13:25:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 57997288E7; Tue, 28 Nov 2017 13:25:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from UCOL19PA11.eemsg.mail.mil (ucol19pa11.eemsg.mail.mil [214.24.24.84]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BB0E52886D for ; Tue, 28 Nov 2017 13:25:54 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.44,468,1505779200"; d="scan'208";a="388516911" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by UCOL19PA11.eemsg.mail.mil with ESMTP; 28 Nov 2017 13:25:53 +0000 X-IronPort-AV: E=Sophos;i="5.44,468,1505779200"; d="scan'208";a="6417173" IronPort-PHdr: =?us-ascii?q?9a23=3AR84usRE0vRWvkhcyd2lkuZ1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ7+r829bnLW6fgltlLVR4KTs6sC0LuG9fi4EUU7or+5+EgYd5JNUxJXwe?= =?us-ascii?q?43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRp?= =?us-ascii?q?OOv1BpTSj8Oq3Oyu5pHfeQtFiT6+bL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+?= =?us-ascii?q?RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPC?= =?us-ascii?q?TQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjus9adrTALjhj?= =?us-ascii?q?kBOTA37WrbjtV8gL9HrB6koRF03ozab5yPNPdmfq3TY90US2lGUMhMTyxMAJ6w?= =?us-ascii?q?YoURAOoaJutUs5XxqkESoRakGQWgGOXiwSJIiH/s2q061vwsHx3H3AM8H9IBqm?= =?us-ascii?q?7Uo8joP6kQS++1za/IwivYb/hL3jr98onIfQwhof6WR7J/bNLexlU3GAPFlFqQ?= =?us-ascii?q?qIrlMC2O1ukWqGeb8+tgVeSzi2E5sQFxpCagxts2hobVgYIVz0nJ+CNky4g2Pd?= =?us-ascii?q?21UFN3bNGrHZdKtyyWKpF6Tt0tTm12oio216UKtJ2mcCQQ1ZgqyQDTZ+aIfoWK?= =?us-ascii?q?+B7vSeicLDd+iXl4YrywnQyy/lKlyuDkU8m010tFoTRdn9nXs3ANywTT6s+aSv?= =?us-ascii?q?th5kuh2SiA1wTU6uxcPUA7j7DbK588wr4rjJYTrUTCETP2mEXxlqOWcFkr+vO0?= =?us-ascii?q?5Oj9Z7Xmp5ucO5d1igH4LKsuhtSyDfk3PwUBRWSW+fmw2Kf98UD2XrlGlOA6nr?= =?us-ascii?q?HcsJ/AJMQboqC5AxVS0oYm8xu/FCmp0NAZnXkBMVJEdwuLgJPuO1HTJvD3Eemw?= =?us-ascii?q?g0+3nTd3x/HJIr3hApLXInjFi7fuZ6xx60FbyAot1dxf/Y5bCqkdIPLvXU/8rN?= =?us-ascii?q?7YDhg/MwOu3+bnCM9y1oUFVGKNBa+ZNqbSvkWT5uIzPeaMfpQVtCz6K/g/6P7k?= =?us-ascii?q?lWU5lkMFfam1wZsXb2i1HvZkI0qDfXXsgcwBEWAMvgo/Uuznk1OCUTpOZ3e9RK?= =?us-ascii?q?08+zc7CJ67DYvZQYCtmrOB1j+hHpJKfmBGFkyMEXDweoWcRfgDczydIslgkjwY?= =?us-ascii?q?UrisUI4h2g+wuwDk0bZnKfDU+iIAv5L5yNd1//HTlQ019TFsEsud1GeNT2dpkW?= =?us-ascii?q?wWQz823btyrlZjxVeZ1qh0mftYFcZc5/lRSAc1KYbcz/BmC9D1Qg/OY8uJR0y8?= =?us-ascii?q?Qti9HT4xSdcxzMMUbEZmB9WulBbD0DS2A7UNjbyEGIQ08r7A33j2P8t9ynDG1L?= =?us-ascii?q?U/gFkiXMRPMHOphrJl9wnTHIPJlF2ZmLisdaQZxiHN9WODwnGJvEBXSgJwVr/F?= =?us-ascii?q?XX8HbEvMsdv5/l/CT6OpCbk/MgpAyMmCKq1RZ93siVVKXfbjONLEb2K3gWiwHx?= =?us-ascii?q?WIxrKSbIX0YWkd2jvSCFQcmQAJ4XmGLRQ+Bjumo2/GAj1uFFbvY0by/ulks367?= =?us-ascii?q?QFE7wByNb017zbW14gQVhfueS/wNwr0EpD0tqzJuHFayx9jWEcaPpxJ9fKVAZt?= =?us-ascii?q?Mw+FlH1XjDuAx7IpOgLrtii0UbcwRvvkPizg53C4tbkcQwq3Mq1gVyI7qC0Fxd?= =?us-ascii?q?bzOYwYzwOrrPJ2nx5h+vaKnW2kzF3daV4KgP6/M4q0j5sAGuDEoi/G1t08NJ3H?= =?us-ascii?q?uE+pXKEA0SXIrrXUkq7Rh6pq/VYjMm6ozOyXJsNLO4sjjY29ImHOEl0Aqvf89D?= =?us-ascii?q?MKOYEw//C9EVCNKqKOM0gFipchIFPOdJ+a4vI8ymduWJ2Ki3POZhhj2ql2JH75?= =?us-ascii?q?5h0kiU7SpzVvbI34oZw/GfxgaHTSrzg0q6v8D4nIBFaiseHmyhxij4HIRRfLF9?= =?us-ascii?q?fZ4XCWeyJM263s5+h5D3W35f716jG0gL2NSveRqVYV392Bdf1UINrXyhhyS40y?= =?us-ascii?q?R+kys1oaqHwCzO3+PieQIJO2FRQGlikUnjIZKvj90BQkincRIpmwC45Ub/3aRb?= =?us-ascii?q?o75/L2bLS0dSYyf2N31iUre3treaf85A9Y4nsSRNX+S4el2VVrn9ox4G3Cz5BG?= =?us-ascii?q?te2Co3dze0tZXlhxZ6kn6SLG5vrHrFfsF93Qnf5N3ASv5N2ToGXjN0hiXXBli7?= =?us-ascii?q?Odmp8s6Zl5PCsuC4TW2hTJpTfTPszYOauyux/XdqDgGnn/Cvht3nFhA30Sv619?= =?us-ascii?q?lxSSXEtQ38bZfv16S7N+JnY0ZpCUTn68piG4F+lIowi40L2XQAgJWa42YHm3/p?= =?us-ascii?q?MdpHwaL+cGYNRTkTzt7P5wjl3EljIWyTx43lUXWczNBsZ8KnYmwKwSIx9cdKCL?= =?us-ascii?q?2b7LZchyt6vkK4rR7NYfh6hjodyuUh6HgBg+wSuwoi0COdAqsUHUZGISzgjROI?= =?us-ascii?q?78qxrK9PfmagbaCw1FZindCmFLyCuhtTWGv9epg8BS9/9MN/ME7S333p8YzkZc?= =?us-ascii?q?LQYswJth2PiRvAlO9VKI8rlvUWmyVnN2X9vWcqy+EllxBu24+1vJSfIWV34K25?= =?us-ascii?q?GgJYNiHyZ84L5DHti7tRk92I34CpA5phGi8HXJ32QvK0CDgSr+joNx6SED0grX?= =?us-ascii?q?eWAaLfEhWC6EditH/AD5GrN22XJXUAw9VtXh+dKFZYgAAOUzUwhoQ5GRyyxMz9?= =?us-ascii?q?bEd54Sgc5l34qxtI1O1lLBz/UmDRpAemdDg0VISfLBpR7gFH+UjZK8qe4fxvHy?= =?us-ascii?q?tA5J2usBSNKnCHZwRPFWwJVFaLB1b/Prmp4NnN6OaYCfSjIPvJe7WBs/ReV+2P?= =?us-ascii?q?xZKtzIRp4yqMOt+IPnl4AP0xwlBDUmxhG8TFhzUPTDQalzjXY8+Vvhu8/zd4rs?= =?us-ascii?q?S48PXrQw/g/5eAC75IPdVo4RC2jr+JN/SMiyZhNTZYypQMyGfGyLgFwlEdljpu?= =?us-ascii?q?eCOrEbQcsi7NV7ndlbVLAB4ecS9zM9FI760k1AlXJcHbks/11qJ/jvMtDVdFT0?= =?us-ascii?q?bumtmxZcERLWG9NUnHBF2XNLSIJD3Lxdv4YaWgRr1RlupUswe8uTGBE0/sJj6D?= =?us-ascii?q?jSXmVwizMeFQiyGWJAdRt5q6fhZpCGjjV87magahPN9skzI53ac4hmjUOm4YMD?= =?us-ascii?q?h8dV5Nr7KL4CxEgvR/AXFB7mF/IeiKgSmZ8/LYKpEQsfdxBSR0je1a6mwgy7RJ?= =?us-ascii?q?9CFEWOB1mCzKo95oolGmlu2PxSR8UBdVsDlEmpiLvUJ4NaXe7JlAVm7O/AgR4m?= =?us-ascii?q?WIFxQKu9xlB8X0tKBRxdjPk6TzJSxf/N3K5sQcBtLbKMSdPHomKxrpFybeDBEZ?= =?us-ascii?q?Qj6zKWHfm0tdnemI+X2atJc6tIbjlYEJSr9DSlM1EPYaBV5kHNwGO5h3WTwlna?= =?us-ascii?q?ScjM4S6nq0tAPRS9lCvpDbSvKSBu3iKCqejblBfRcI27T4LIUNOY39wENicF56?= =?us-ascii?q?k5rJG0fLQd9NpShhYRMur0VW7HhyVGsz1Fz5agm1+n8cCea0ngIqigt5eekt8i?= =?us-ascii?q?nj7E0zJlfRpyswl1Ixmcn/jjCXaz7xL6awUZtQCyXqq0g7Kon7TBptbQ2ugUxk?= =?us-ascii?q?My/JR6hPgLt7a29kkhXctodPGfNHVqJEYQUQyuyQZ/UmyVRcsDuoxE9d6evDF5?= =?us-ascii?q?RiiBMgcYSwoHJYxwJjcNk1KLTNK6VT0FhQh7+BvjSz2+8r2g8ePUEN8W2JeCEW?= =?us-ascii?q?pEMIK6MmJyu0/u1s8wCCnSVMeHQUXfowvv1q7l89O/iHzy/4175DLVqxOPKZL6?= =?us-ascii?q?KYvGjNjsGIQlUt1k8SkElF57d22985c0WIT0Av0KeRFxMROMrZNw5Va8tS9H7O?= =?us-ascii?q?fSeBqujC3ZV1P4ChGe/yVu+OqLwYgkS6EwY1B44M9NgOHoGw0EHEKsfqNKMKxg?= =?us-ascii?q?ko5ATsIlWFEOlFdQmVkDgZucG/zZ523Y5bJj0HB2VyLzm37K7NpgA2mPqDQMs2?= =?us-ascii?q?YnACU4sYN3I2Xcq6mzJZv3VAFzS4z+MZyQiY4DDnvCjQCifzb8Z7bveOeRxsEM?= =?us-ascii?q?22+Sk486Wuk1HX9pTeKH3kOtt6v9/O6eUap5GBC/xOVrRyqEbclJNeR3CzXW7P?= =?us-ascii?q?DMS5J57uZIkwddb0EGq1UkSjizIpSMf8JM2iIbaOgQzzX4lbrZeb0y45Nc+mDD?= =?us-ascii?q?4eARdxq/sE5KJmag0Je4A7bgLwtwQiK6y/Jx+V0s+oQ2asNTRWT/5fzeGhZ7JP?= =?us-ascii?q?1iQic/W0xWcnQJwh0+a39ksNS40QgRHF2favfY9eXjbvGnZFYQXAuTI5l3R9Nu?= =?us-ascii?q?Y12uow3BHIvkMAPD2QaONpb2hEv9U9BVyMO3V2FnQ3SEOcjYbZ5Q6sxb8S9TNH?= =?us-ascii?q?n9lIye1FrGT+vpjHbTK2QqOrs5LVvDE7YNg6ua1+K5LjLdWCtJPfmDzfQ53Qsg?= =?us-ascii?q?yKUC66C/palMJfIDhdQPVSn2EqJ9AGs5Jb6UUtTsc+O6BPCK40q7GkczZrES4S?= =?us-ascii?q?zS4cV4OBxjMCgfyx27rEmRiObpsuKhsEsI9NgtEFSS55fjsepLO/V4XRj2KET3?= =?us-ascii?q?IEIB0Q7QtS+AIAl4lwfu/+7YvGVpBMzSJZo/ZzUivWC5Zo7EH3SmeIjljkUP+h?= =?us-ascii?q?ifCm3RpOzPLw1dkWQAZ/CU9Zx+lMjEspJrZ3K60evoPRtz+IckT6vHnzx+S6Pl?= =?us-ascii?q?lRztbUd0b5DIrDumrwSCoc+WcbRYVX0nHQCYwSkxZlaKYsvFhDOpqmelv45zA+?= =?us-ascii?q?xIRkBLi4VcGqx1Y5tnkKXSGqHMRdC+t+qlLYRCVlY4y3qJXiI5hSXmhQ+JiGpl?= =?us-ascii?q?dFjEltNjW2xYBaK85T/j4GRCJPrimFvNuuVM1D3td7D58WLddloXj9HL5LNYOM?= =?us-ascii?q?rHIoorzv0mHW+zQiv1eg3jmzHLW4T+1B9W0EBgopP3ieqlUoD+Y08GfS9U7Cv0?= =?us-ascii?q?tp8OhFHbiAk19xoCpjEZ9THDpJ026qL0hrRnlcr+paMLjVc9BbQ/QqfhCvNQAx?= =?us-ascii?q?GeIk0kCU80x5hmv2Yyt3tgRG4S/dRBU0WTMTgrjzhT0UstunNiMCS5JUcTUhaD?= =?us-ascii?q?/IKxiFli9KvBZQcV1qVosdAtZC5bEUw5VY8dbFSUmxNy4JRhpiORwk0fBHj05M?= =?us-ascii?q?rF2YeTzBDQqvbfvPqgZ3fduLo8G0MPT05xxHioT6sOAi66oMWXummRG3Qd/Eq4?= =?us-ascii?q?/wrNqKtlGBdK3gKe2zfWfBTCTQjRC3nbokE4PK8DbNPwVGMJR61H4kYYT7CWHR?= =?us-ascii?q?IxRGJqUbJ05FWqBmc9lGpfpaZ8B8cqYT5aBtHg6HRg/oGIG3qflJNFLTRTDAIC?= =?us-ascii?q?Wd7uywu5jc4KfbSef+esyM3GrITLhvPphk8zX7Hanl0ZNG8Ersxvht7l96SUTB?= =?us-ascii?q?My2ZrtTuPBkL5M65dkvmpJIpAyjbAJJtkHrp2kFAdtYYQyyw/5Qe05NV8nHwSf?= =?us-ascii?q?h30kLrqu1d66Fk6ZUr47Bu0cq0J73dKfJUsU99BRibGxtl+44xAGdlQWBReegR?= =?us-ascii?q?JO3XfasHkcDks/r3GLAP6B2J5+xZbsPKJ07cmsm+DjGcTQJLnAIapDEHMASTzP?= =?us-ascii?q?+FlLVyScq/ouj5wE0t6UCkLhEa1LBt+ZuE+q2Qqe/VbhvRyKMJWq30ScLzsLss?= =?us-ascii?q?oUKS5fsrlLIUfGx6fRGnGvAHVsEB3mfg0bwqzSU0HsPFG7Lt4/9DV3Q8nj76mp?= =?us-ascii?q?B9GVsWGukOErqQ4YRehHo4lPDFNt0LaKBNhHyDFRm+Er8N0XSr8TeYIHF5ghHS?= =?us-ascii?q?1BH9WWaz7FjwrS9kTivD0czukk9UVratA0ddQTapOEF/sDOVPwror8D7uaIr40?= =?us-ascii?q?EqKmbkrs6ClHO9OLNLGM3yPNicITIxpF8Xl5AxSMKg1p0cGdqnOtgR6Gt+bvzc?= =?us-ascii?q?62y1jyBBv71Lh43E4sGa4v/XB2Wvj7WGq7WRwzBV0nk4vFAl5d+6Kv7D/MaKTO?= =?us-ascii?q?q012kPUyhzoQzBXwS6qrbDtVAbJVSL0FvXmIwNJtxWxng41lro5ec5QtIz9Rle?= =?us-ascii?q?Fp7aaPMfoTD+Iyf7wVGCbN0pTCaeziFXHlXvEVZiAqQ833jwvM3Rn3fK51IoXp?= =?us-ascii?q?Vwd1DghRFvF4U3M14t50QXwisNFggNcxObAKizBUv7KYsEVE4DaQmI3bWhYqc4?= =?us-ascii?q?x1Fzza+v5O7daux8HakNOuxejgGQhlhbHIwZsakETLJ7YV9d+7bdphL+BIj/Q/?= =?us-ascii?q?jmiX0wOOWpQsBA788Zs2Et4gChSBe79JhD7rkbiJGUdqFeepjDptp871p96T4J?= =?us-ascii?q?aCNNnAB1jwmlXuAEuODj/t/bvYKn6um0TqYiWfkX9xgvCmR6jpvwnE4sodHN2O?= =?us-ascii?q?dBUY3Zk4L//x5RI3SSoobVzwF8KfYSK4KsZLtg+GsIJy4CJ3IJOtqabOI87DFp?= =?us-ascii?q?MDXS4VxCH8wNaMgcPMXTgwBVilfmVKtV9sXFBl+SE51zeNww72rr1DA19oMxUu?= =?us-ascii?q?Dh6DCqIpDf60tCP+hZgCVtk9LCo/MVweHJBSgS7nSYZAJ5wiSYy5mCE/zw5/mD?= =?us-ascii?q?yMnIV1MaGS47S4hdKyaZ+Qy8X+a7iZrnXAWV6s/1nZI/e1mdRnO0nKsftKZDD/?= =?us-ascii?q?RMiiLh3jhRDor1ne6as8Kw6GtLsV1KCIRz7RrFGKVZJJl0JRT4ls22RkdhByr/?= =?us-ascii?q?ecfUdgEtuOqX3eoM/eR+N1Xkao8fPx0Eyqj26XxLQQtyULT2pEqWXfoNZNt6T/?= =?us-ascii?q?PJtnFV6Zx6JK8JJ1WdoIHqoSpJqFAxGw8lcrgwriZVdkPWhg1aR770uKIcigsb?= =?us-ascii?q?SdN5u1FDGWy+OGI6/DfGW75ajK+PB/wJ6DmTSLIBU1lwOCNkXxy1wIlue6eunf?= =?us-ascii?q?1fvWNGmiR9ofY03DxiQBuxojbsp6UL2TIh5L60rjMBtmJZTu+GiSfHFU1DzOgW?= =?us-ascii?q?jacbE3vi61y8YXkbbIv15LlnJNjg+pc67nQ6YBUjYzcGUvq6ByH3laOIDZSFsM?= =?us-ascii?q?hAix6VpMXOcbizIDAONrQ8zBLuXGR90gnCkxZr7mQLRi+s7Nk6K4WhIcwl3Dan?= =?us-ascii?q?GXDHdFYQ5aNEqM7xtV8ITOs1blNs22dj3dKERi0KQszABWA1ghIiaWpabJJJ8Q?= =?us-ascii?q?UaGLUwgjaUoqlG+RkZbyzKHYSj5ondhtzI2X06Tdd22mLWuLOKiY4w3H1igdN0?= =?us-ascii?q?4TaEuG4OeOzAT89sHn/z259RyePgY/Wts/gHR5V9xbWgUf8CN8yj9nWs2JVuRE?= =?us-ascii?q?Cp3LMeH0C2MOUb3LfUTz+lSXGEWeSMa2WNkS45MlTz5Ra0MFI6c8JKr04hMuvY?= =?us-ascii?q?mJFQjQrhUal7Ri+Iv1/U0HQjMf8GdwIxoIqnfAgKQ/AKauiEIegh2uY+CEcNb3?= =?us-ascii?q?DVASt2EfG5vkC3kIh9JXpg/V3wYf7x/QD+LNuSBh4EHJberp5w//y6W22ANWZk?= =?us-ascii?q?zB1zJ0l06/zfGk8wtuBGdZaRmsLch9Nh0e4Kb/1tKzEyusYPmoJ/7omZyMKKfg?= =?us-ascii?q?vNwZbyJNHVpP+YDubBz0QrfGFVTL4ZYQLz54UnMd81QbrTHaFWvR4EH6g1XIQh?= =?us-ascii?q?N3vt9KFzNA5zcBTeZLezgsbxve+Le51Up2PW7lI3MSfctB0DyuCuQQx9cZ+qm2?= =?us-ascii?q?34IIosSTJZs91tFhxmEZNNG8MFqAqnGYSUmKCgi9Kq/UN1oeoKvrTxCvzQ09S5?= =?us-ascii?q?xYpxVYBA5UOXJDbRGLVrgkN9g+SpjPfA14X+BMLhdN4fSuh0XHTFar7HH4W4LD?= =?us-ascii?q?KCIMT8dFBa8+3U7LUsSRiVZSbkT4KapSakM7Ni+kx9xYtmOKLVwSAh4q/zxtT/?= =?us-ascii?q?fSdYqz2loHrPM4FQqBTOBOrDT1dPQuad2HhqELdRbobu8uoKd9s4z5zU5wh18S?= =?us-ascii?q?QHy8aOPrKgsl6J30V3aJbWBFXm1jx/WoQQJhm7d0w2jjz3sHPYVE5dJcitM8Ul?= =?us-ascii?q?oN+UCBH2rx1rmGotb3RNLWHfRd6QP2UA88iiZQuW+RhNAspFlOmyLx1r/pauQP?= =?us-ascii?q?Vlb80W0d6hs68KxJMwcyw=3D?= X-IPAS-Result: =?us-ascii?q?A2CSAgCIYx1a/wHyM5BdGwEBAQEDAQEBCQEBAYMQKQNmbie?= =?us-ascii?q?PE44ignuNBYpyMAOKJEMUAQEBAQEBAQEBAWoogjgkgksCJBkBOAECAwkCBUMIA?= =?us-ascii?q?wFaEgWITYE3AQMVAwGpPDqDCgWBAoRQgkQECIM8gTZTgz6CdYMhiCwFii4Mhz+?= =?us-ascii?q?Bco5eh3ONDYMGkFaXeTYigVEyGiNPgikJgXlBDxyBZ3eIHyyCGQEBAQ?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 28 Nov 2017 13:25:51 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id vASDPoWW020668; Tue, 28 Nov 2017 08:25:50 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id vAS3njoO013469 for ; Mon, 27 Nov 2017 22:49:45 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id vAS3ngc4009481; Mon, 27 Nov 2017 22:49:42 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1CxAgCq2xxafyQYGNZcHAEBAQQBAQoBA?= =?us-ascii?q?YMQKWluJ48TjiCCe40BiG6CEQ8WhSCEdkEWAQEBAQEBAQEBEwEBCxaGKhkBOAE?= =?us-ascii?q?VgSkSiFKBNwEDFQMBqHU6gwoFgQKES4IeJgQIgzqBNlGDPoJ1gyGIKQWKKwyHP?= =?us-ascii?q?4Fyjl6Hco0NgwWQVpd0JgWBfTIaI06CKQmBeUEPHIFnd4ddLIIZAQEB?= X-IPAS-Result: =?us-ascii?q?A1CxAgCq2xxafyQYGNZcHAEBAQQBAQoBAYMQKWluJ48TjiC?= =?us-ascii?q?Ce40BiG6CEQ8WhSCEdkEWAQEBAQEBAQEBEwEBCxaGKhkBOAEVgSkSiFKBNwEDF?= =?us-ascii?q?QMBqHU6gwoFgQKES4IeJgQIgzqBNlGDPoJ1gyGIKQWKKwyHP4Fyjl6Hco0NgwW?= =?us-ascii?q?QVpd0JgWBfTIaI06CKQmBeUEPHIFnd4ddLIIZAQEB?= X-IronPort-AV: E=Sophos;i="5.44,466,1505793600"; d="scan'208";a="128174" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 27 Nov 2017 22:49:41 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3A12XxoBUOZZbEdgJv2rk29KyQ/RXV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYbRaBt8tkgFKBZ4jH8fUM07OQ7/i4Hz1RqsjY+Fk5M7V0Hycfjs?= =?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aFRrwLxd6?= =?us-ascii?q?KfroEYDOkcu3y/qy+5rOaAlUmTaxe7x/IAmqoQnLssQbhYRuJ6csxhDUvnZGZu?= =?us-ascii?q?NayH9yK1mOhRj8/MCw/JBi8yRUpf0s8tNLXLv5caolU7FWFSwqPG8p6sLlsxnD?= =?us-ascii?q?VhaP6WAHUmoKiBpIAhPK4w/8U5zsryb1rOt92C2dPc3rUbA5XCmp4ql3RBP0ji?= =?us-ascii?q?oMKjg0+3zVhMNtlqJWuA+vqRxhzYDaY4+bM+Fzcr/Bcd4AWWZMRNpdWzBHD4ih?= =?us-ascii?q?b4UPFe0BPeNAoofhplsBsRu+ChO2BOzy1zRGhGX53aw80+s/CgHNwQstH8gPsH?= =?us-ascii?q?vIrNX6Lr0SXv2tw6bU1TrDb+lZ2Tb76IfWaRAsuuqDXa5xccrX1UkgCRnFjlOO?= =?us-ascii?q?poz5JT+ayuMNs22C4udmSOmhiHYnphlvrjSyycogkJfFi40Pxlza+ih12og4KN?= =?us-ascii?q?ygREN4fNKoCoZcui+EO4dsTc4vQXtktDs0x7AGv5OwYTIEx449xxHFbvyKa4iI?= =?us-ascii?q?7QznVOaWOTp4mW5qeLW7hxqv9UWg0vfzWtW03VpQsCVKjNzMtmsC1xDJ78iIUP?= =?us-ascii?q?p9/kO71TaK1gDT7vlIIUEylaXFN54s2qA8moccvEjZACP7l1/6gLGZe0k+9OWl?= =?us-ascii?q?6vzrYrD8qZ+dM490hBv+MqMrmsGnG+Q4MxQBX2iB9uSmybLs5VH2T61KjvIsk6?= =?us-ascii?q?nZto7VJd8Aq6GiHw9V04Aj6wqhADe81tQXg2UHIEhZdxKAiojlI0vOL+zgDfej?= =?us-ascii?q?n1Ssly9mx+vbMb36GZjNMnjCn6vhfbZ68UJczhEzwspF65JbDbEBPur5WlXtu9?= =?us-ascii?q?zAEh85Lwu0zv78CNpj0oMeWGSPArKWMa7JrV+J5v4gI+mLZIMPvjb9MOIq6+Th?= =?us-ascii?q?jX8+h19ONZWuiIAabHG+A+ROP1SSYX2qhMwIV2gNoE52SuH2hFCceSBcamz0XK?= =?us-ascii?q?8m4Dw/ToW8AsOLQoGrnazExyynBrVIaW1cTFOBC3Hlc8ODQfhIICaTJNJx1ycJ?= =?us-ascii?q?XqW7SpMwkBSpuBL+xpJ5IefOvC4Vr5Tu0J5y/eKAuws18GlODs+d2nuBB0F9n2?= =?us-ascii?q?UFXHdixqF0oUVnxmCI5qhxgvpVDvRZ+/JPTgogM5PAied9DoahCUr6Yt6VRQP+?= =?us-ascii?q?EZ2dCjYrQ4dpzg=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CyAgDj2xxafyQYGNZcHAEBAQQBAQoBA?= =?us-ascii?q?YMQKWluJ48TjiCCe40BiG6CEQ8WhSCEdkEWAQEBAQEBAQEBARIBAQsWXYI4IoJ?= =?us-ascii?q?zGQE4ARWBKRKIUoE3AQMVAwGobTqDCgWBAoRLgh4mBAiDOoE2UYM+gnWDIYUJD?= =?us-ascii?q?IMUBYorDIc/gXKOXodyjQ2DBZBWl3QmBYF9MhojToIpCYF5QQ8cgWd3h10sghk?= =?us-ascii?q?BAQE?= X-IPAS-Result: =?us-ascii?q?A0CyAgDj2xxafyQYGNZcHAEBAQQBAQoBAYMQKWluJ48TjiC?= =?us-ascii?q?Ce40BiG6CEQ8WhSCEdkEWAQEBAQEBAQEBARIBAQsWXYI4IoJzGQE4ARWBKRKIU?= =?us-ascii?q?oE3AQMVAwGobTqDCgWBAoRLgh4mBAiDOoE2UYM+gnWDIYUJDIMUBYorDIc/gXK?= =?us-ascii?q?OXodyjQ2DBZBWl3QmBYF9MhojToIpCYF5QQ8cgWd3h10sghkBAQE?= X-IronPort-AV: E=Sophos;i="5.44,466,1505779200"; d="scan'208";a="6182093" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol19pa05.eemsg.mail.mil ([214.24.24.36]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 28 Nov 2017 03:49:40 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;56a19fd1-aad8-47ee-a65e-13b4302338aa Authentication-Results: ucol19pa04.eemsg.mail.mil; dkim=permerror (key too small) header.i=@btinternet.com X-EEMSG-check-008: 302302919|UCOL19PA04_EEMSG_MP2.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 65.20.0.211 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0DUAQDumBxah9MAFEFdg0GCAI86pwmCEQ+FNoU3FgIBAQEBAQEBEwEBAQoLCQgoL4VmATgBFYEpiGSBNwEYBKk7gwoFgQKES4JEBAiDOoE2hwSIKgyDFAWKK4dLgXKOXodyjQ2DBZBWl3QmDYF1MhojToULgXOIXSyCGQEBAQ X-IPAS-Result: A0DUAQDumBxah9MAFEFdg0GCAI86pwmCEQ+FNoU3FgIBAQEBAQEBEwEBAQoLCQgoL4VmATgBFYEpiGSBNwEYBKk7gwoFgQKES4JEBAiDOoE2hwSIKgyDFAWKK4dLgXKOXodyjQ2DBZBWl3QmDYF1MhojToULgXOIXSyCGQEBAQ Received: from rgout0305.bt.lon5.cpcloud.co.uk (HELO rgout03.bt.lon5.cpcloud.co.uk) ([65.20.0.211]) by ucol19pa04.eemsg.mail.mil with ESMTP; 27 Nov 2017 19:31:02 +0000 X-OWM-Source-IP: 81.132.47.135 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-Junkmail-Premium-Raw: score=8/50, refid=2.7.2:2017.11.27.190016:17:8.510, ip=, rules=__HAS_FROM, __FRAUD_WEBMAIL_FROM, __TO_MALFORMED_2, __TO_NO_NAME, __HAS_CC_HDR, __MULTIPLE_RCPTS_CC_X2, __CC_NAME, __CC_NAME_DIFF_FROM_ACC, __SUBJ_ALPHA_END, __HAS_MSGID, __SANE_MSGID, __HAS_X_MAILER, __FROM_DOMAIN_IN_ANY_CC1, __ANY_URI, __FRAUD_BODY_WEBMAIL, __URI_NO_WWW, __LINES_OF_YELLING, __NO_HTML_TAG_RAW, BODY_SIZE_10000_PLUS, __MIME_TEXT_P1, __MIME_TEXT_ONLY, LINES_OF_YELLING_3, __URI_NS, HTML_00_01, HTML_00_10, __FRAUD_WEBMAIL, __FROM_DOMAIN_IN_RCPT, __CC_REAL_NAMES, MULTIPLE_RCPTS, __PHISH_SPEAR_STRUCTURE_1, __MIME_TEXT_P, NO_URI_HTTPS Received: from localhost.localdomain (81.132.47.135) by rgout03.bt.lon5.cpcloud.co.uk (9.0.019.13-1) (authenticated as richard_c_haines@btinternet.com) id 58A82A5C1DF78256; Mon, 27 Nov 2017 19:30:55 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btinternet.com; s=btcpcloud; t=1511811066; bh=s3HICsS24Qe6LB3FgxARNcjPKdPsHL8Y647ewr+jYOY=; h=From:To:Cc:Subject:Date:Message-Id:X-Mailer; b=UPgwptAEiqjryBODn7VuOHYFnQg1KP89MMi6cBB5EnV7qhgxX+ues3gftFJUMt8Ur7G/hQDzmndthkeZ8AJtjpY2AAwkDMESuCzNz61swi/Rw1hAWTvIotBnPkbrLeA8ItWB+PJuWSGF+rJP99r0YPWB4OB6aUwP2gwjUBfI/P0= X-EEMSG-check-009: 444-444 From: Richard Haines To: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-sctp@vger.kernel.org, linux-security-module@vger.kernel.org Date: Mon, 27 Nov 2017 19:30:48 +0000 Message-Id: <20171127193048.2615-1-richard_c_haines@btinternet.com> X-Mailer: git-send-email 2.14.3 X-Mailman-Approved-At: Tue, 28 Nov 2017 08:24:06 -0500 Subject: [PATCH 1/4] security: Add support for SCTP security hooks X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: marcelo.leitner@gmail.com, nhorman@tuxdriver.com, vyasevich@gmail.com, sds@tycho.nsa.gov Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP The SCTP security hooks are explained in: Documentation/security/LSM-sctp.rst Signed-off-by: Richard Haines --- Documentation/security/LSM-sctp.rst | 194 ++++++++++++++++++++++++++++++++++++ include/linux/lsm_hooks.h | 35 +++++++ include/linux/security.h | 25 +++++ security/security.c | 22 ++++ 4 files changed, 276 insertions(+) create mode 100644 Documentation/security/LSM-sctp.rst diff --git a/Documentation/security/LSM-sctp.rst b/Documentation/security/LSM-sctp.rst new file mode 100644 index 0000000..6137367 --- /dev/null +++ b/Documentation/security/LSM-sctp.rst @@ -0,0 +1,194 @@ +SCTP LSM Support +================ + +For security module support, three sctp specific hooks have been implemented:: + + security_sctp_assoc_request() + security_sctp_bind_connect() + security_sctp_sk_clone() + +Also the following security hook has been utilised:: + + security_inet_conn_established() + +The usage of these hooks are described below with the SELinux implementation +described in ``Documentation/security/SELinux-sctp.rst`` + + +security_sctp_assoc_request() +----------------------------- +This new hook passes the ``@ep`` and ``@chunk->skb`` (the association INIT +packet) to the security module. Returns 0 on success, error on failure. +:: + + @ep - pointer to sctp endpoint structure. + @skb - pointer to skbuff of association packet. + +The security module performs the following operations: + IF this is the first association on ``@ep->base.sk``, then set the peer + sid to that in ``@skb``. This will ensure there is only one peer sid + assigned to ``@ep->base.sk`` that may support multiple associations. + + ELSE validate the ``@ep->base.sk peer_sid`` against the ``@skb peer sid`` + to determine whether the association should be allowed or denied. + + Set the sctp ``@ep sid`` to socket's sid (from ``ep->base.sk``) with + MLS portion taken from ``@skb peer sid``. This will be used by SCTP + TCP style sockets and peeled off connections as they cause a new socket + to be generated. + + If IP security options are configured (CIPSO/CALIPSO), then the ip + options are set on the socket. + + +security_sctp_bind_connect() +----------------------------- +This new hook passes one or more ipv4/ipv6 addresses to the security module +for validation based on the ``@optname`` that will result in either a bind or +connect service as shown in the permission check tables below. +Returns 0 on success, error on failure. +:: + + @sk - Pointer to sock structure. + @optname - Name of the option to validate. + @address - One or more ipv4 / ipv6 addresses. + @addrlen - The total length of address(s). This is calculated on each + ipv4 or ipv6 address using sizeof(struct sockaddr_in) or + sizeof(struct sockaddr_in6). + + ------------------------------------------------------------------ + | BIND Type Checks | + | @optname | @address contains | + |----------------------------|-----------------------------------| + | SCTP_SOCKOPT_BINDX_ADD | One or more ipv4 / ipv6 addresses | + | SCTP_PRIMARY_ADDR | Single ipv4 or ipv6 address | + | SCTP_SET_PEER_PRIMARY_ADDR | Single ipv4 or ipv6 address | + ------------------------------------------------------------------ + + ------------------------------------------------------------------ + | CONNECT Type Checks | + | @optname | @address contains | + |----------------------------|-----------------------------------| + | SCTP_SOCKOPT_CONNECTX | One or more ipv4 / ipv6 addresses | + | SCTP_PARAM_ADD_IP | One or more ipv4 / ipv6 addresses | + | SCTP_SENDMSG_CONNECT | Single ipv4 or ipv6 address | + | SCTP_PARAM_SET_PRIMARY | Single ipv4 or ipv6 address | + ------------------------------------------------------------------ + +A summary of the ``@optname`` entries is as follows:: + + SCTP_SOCKOPT_BINDX_ADD - Allows additional bind addresses to be + associated after (optionally) calling + bind(3). + sctp_bindx(3) adds a set of bind + addresses on a socket. + + SCTP_SOCKOPT_CONNECTX - Allows the allocation of multiple + addresses for reaching a peer + (multi-homed). + sctp_connectx(3) initiates a connection + on an SCTP socket using multiple + destination addresses. + + SCTP_SENDMSG_CONNECT - Initiate a connection that is generated by a + sendmsg(2) or sctp_sendmsg(3) on a new asociation. + + SCTP_PRIMARY_ADDR - Set local primary address. + + SCTP_SET_PEER_PRIMARY_ADDR - Request peer sets address as + association primary. + + SCTP_PARAM_ADD_IP - These are used when Dynamic Address + SCTP_PARAM_SET_PRIMARY - Reconfiguration is enabled as explained below. + + +To support Dynamic Address Reconfiguration the following parameters must be +enabled on both endpoints (or use the appropriate **setsockopt**\(2)):: + + /proc/sys/net/sctp/addip_enable + /proc/sys/net/sctp/addip_noauth_enable + +then the following *_PARAM_*'s are sent to the peer in an +ASCONF chunk when the corresponding ``@optname``'s are present:: + + @optname ASCONF Parameter + ---------- ------------------ + SCTP_SOCKOPT_BINDX_ADD -> SCTP_PARAM_ADD_IP + SCTP_SET_PEER_PRIMARY_ADDR -> SCTP_PARAM_SET_PRIMARY + + +security_sctp_sk_clone() +------------------------- +This new hook is called whenever a new socket is created by **accept**\(2) +(i.e. a TCP style socket) or when a socket is 'peeled off' e.g userspace +calls **sctp_peeloff**\(3). ``security_sctp_sk_clone()`` will set the new +sockets sid and peer sid to that contained in the ``@ep sid`` and +``@ep peer sid`` respectively. +:: + + @ep - pointer to old sctp endpoint structure. + @sk - pointer to old sock structure. + @sk - pointer to new sock structure. + + +security_inet_conn_established() +--------------------------------- +This hook has been added to the receive COOKIE ACK processing where it sets +the connection's peer sid to that in ``@skb``:: + + @sk - pointer to sock structure. + @skb - pointer to skbuff of the COOKIE ACK packet. + + +Security Hooks used for Association Establishment +================================================= +The following diagram shows the use of ``security_sctp_connect_bind()``, +``security_sctp_assoc_request()``, ``security_inet_conn_established()`` when +establishing an association. +:: + + SCTP endpoint "A" SCTP endpoint "Z" + ================= ================= + sctp_sf_do_prm_asoc() + Association setup can be initiated + by a connect(2), sctp_connectx(3), + sendmsg(2) or sctp_sendmsg(3). + These will result in a call to + security_sctp_bind_connect() to + initiate an association to + SCTP peer endpoint "Z". + INIT ---------------------------------------------> + sctp_sf_do_5_1B_init() + Respond to an INIT chunk. + SCTP peer endpoint "A" is + asking for an association. Call + security_sctp_assoc_request() + to set the peer label if first + association. + If not first association, check + whether allowed, IF so send: + <----------------------------------------------- INIT ACK + | ELSE audit event and silently + | discard the packet. + | + COOKIE ECHO ------------------------------------------> + | + | + | + <------------------------------------------- COOKIE ACK + | | + sctp_sf_do_5_1E_ca | + Call security_inet_conn_established() | + to set the correct peer sid. | + | | + | If SCTP_SOCKET_TCP or peeled off + | socket security_sctp_sk_clone() is + | called to clone the new socket. + | | + ESTABLISHED ESTABLISHED + | | + ------------------------------------------------------------------ + | Association Established | + ------------------------------------------------------------------ + + diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 3a90feb..81019f3 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -913,6 +913,32 @@ * associated with the TUN device's security structure. * @security pointer to the TUN devices's security structure. * + * Security hooks for SCTP + * + * @sctp_assoc_request: + * If first association, then set the peer sid to that in @skb. If + * @sctp_cid is from an INIT chunk, then set the sctp endpoint sid to + * socket's sid (ep->base.sk) with MLS portion taken from peer sid. + * @ep pointer to sctp endpoint structure. + * @skb pointer to skbuff of association packet. + * Return 0 on success, error on failure. + * @sctp_bind_connect: + * Validiate permissions required for each address associated with sock + * @sk. Depending on @optname, the addresses will be treated as either + * for a connect or bind service. The @addrlen is calculated on each + * ipv4 and ipv6 address using sizeof(struct sockaddr_in) or + * sizeof(struct sockaddr_in6). + * @sk pointer to sock structure. + * @optname name of the option to validate. + * @address list containing one or more ipv4/ipv6 addresses. + * @addrlen total length of address(s). + * Return 0 on success, error on failure. + * @sctp_sk_clone: + * Sets the new child socket's sid to the old endpoint sid. + * @ep pointer to old sctp endpoint structure. + * @sk pointer to old sock structure. + * @sk pointer to new sock structure. + * * Security hooks for Infiniband * * @ib_pkey_access: @@ -1640,6 +1666,12 @@ union security_list_options { int (*tun_dev_attach_queue)(void *security); int (*tun_dev_attach)(struct sock *sk, void *security); int (*tun_dev_open)(void *security); + int (*sctp_assoc_request)(struct sctp_endpoint *ep, + struct sk_buff *skb); + int (*sctp_bind_connect)(struct sock *sk, int optname, + struct sockaddr *address, int addrlen); + void (*sctp_sk_clone)(struct sctp_endpoint *ep, struct sock *sk, + struct sock *newsk); #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_INFINIBAND @@ -1880,6 +1912,9 @@ struct security_hook_heads { struct list_head tun_dev_attach_queue; struct list_head tun_dev_attach; struct list_head tun_dev_open; + struct list_head sctp_assoc_request; + struct list_head sctp_bind_connect; + struct list_head sctp_sk_clone; #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_INFINIBAND struct list_head ib_pkey_access; diff --git a/include/linux/security.h b/include/linux/security.h index 834b355..9aaf9da 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -114,6 +114,7 @@ struct xfrm_policy; struct xfrm_state; struct xfrm_user_sec_ctx; struct seq_file; +struct sctp_endpoint; #ifdef CONFIG_MMU extern unsigned long mmap_min_addr; @@ -1240,6 +1241,11 @@ int security_tun_dev_create(void); int security_tun_dev_attach_queue(void *security); int security_tun_dev_attach(struct sock *sk, void *security); int security_tun_dev_open(void *security); +int security_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb); +int security_sctp_bind_connect(struct sock *sk, int optname, + struct sockaddr *address, int addrlen); +void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk, + struct sock *newsk); #else /* CONFIG_SECURITY_NETWORK */ static inline int security_unix_stream_connect(struct sock *sock, @@ -1432,6 +1438,25 @@ static inline int security_tun_dev_open(void *security) { return 0; } + +static inline int security_sctp_assoc_request(struct sctp_endpoint *ep, + struct sk_buff *skb) +{ + return 0; +} + +static inline int security_sctp_bind_connect(struct sock *sk, int optname, + struct sockaddr *address, + int addrlen) +{ + return 0; +} + +static inline void security_sctp_sk_clone(struct sctp_endpoint *ep, + struct sock *sk, + struct sock *newsk) +{ +} #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_INFINIBAND diff --git a/security/security.c b/security/security.c index 3013237..a729f86 100644 --- a/security/security.c +++ b/security/security.c @@ -1482,6 +1482,7 @@ void security_inet_conn_established(struct sock *sk, { call_void_hook(inet_conn_established, sk, skb); } +EXPORT_SYMBOL(security_inet_conn_established); int security_secmark_relabel_packet(u32 secid) { @@ -1537,6 +1538,27 @@ int security_tun_dev_open(void *security) } EXPORT_SYMBOL(security_tun_dev_open); +int security_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb) +{ + return call_int_hook(sctp_assoc_request, 0, ep, skb); +} +EXPORT_SYMBOL(security_sctp_assoc_request); + +int security_sctp_bind_connect(struct sock *sk, int optname, + struct sockaddr *address, int addrlen) +{ + return call_int_hook(sctp_bind_connect, 0, sk, optname, + address, addrlen); +} +EXPORT_SYMBOL(security_sctp_bind_connect); + +void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk, + struct sock *newsk) +{ + call_void_hook(sctp_sk_clone, ep, sk, newsk); +} +EXPORT_SYMBOL(security_sctp_sk_clone); + #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_INFINIBAND