From patchwork Sun Jun 24 05:22:00 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neal Cardwell X-Patchwork-Id: 166870 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 0618AB6F86 for ; Sun, 24 Jun 2012 15:22:19 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753407Ab2FXFWP (ORCPT ); Sun, 24 Jun 2012 01:22:15 -0400 Received: from mail-qc0-f202.google.com ([209.85.216.202]:63744 "EHLO mail-qc0-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751932Ab2FXFWO (ORCPT ); Sun, 24 Jun 2012 01:22:14 -0400 Received: by qcsu6 with SMTP id u6so40309qcs.1 for ; Sat, 23 Jun 2012 22:22:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer; bh=fRiF21FD/NqM7wZ2pD+dwy5J1rC8bHFHHMI1ukr4i98=; b=FIZLADeQHGqEueHHhZKjBpMRwtrW7MVxEuDy56nozCKRb7tBE7PGGHup4VvuESlQDH a7O7lXpwWtr72gvBUw/AmRt1jG6W5aCU3+4a3x9+vk+VS/nN0kOeCpCCcE+1T5FLDRrV n1kIzyoaMRmj7VrovuY99e4k1aEBYwl454VLGvabldGLjWqmGN2AAKKUgEHh+Juy6Jpv IcgcE+gu943XdTd9rdwc9pvKylYj8LfXclCSF7ECd7u0FIdTBPp5VzPg2mlV/hgNXUa8 EwLMX3G3q5SXQX5Ogp0jfjH4PL5ERh4Sv2T7b1ubvS1oZd6/uNX2aGdubQu6qgR2Hxj4 HgXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer:x-gm-message-state; bh=fRiF21FD/NqM7wZ2pD+dwy5J1rC8bHFHHMI1ukr4i98=; b=imq4pCD6p93ksyhUFSJgF8mj8y5z2PPy3pt4blE3LSTnR87M/hKNcNXRr1/IgBCA/p NWNaq8WqGnVZArV5snFyhEnJArqqUD2KDGl2VVyCyB0vcq3g3DZrHE5/Aa043I/OSgVG v6ySm3QzVXocthmww2zNcX8+FFqMTCRmq6Ypls5IlHH9tHQ5Pa3sHAI/3nGfICjpCvJt 3qztXOI2tNAr4dbvbm1r4LgOsHHTzvaapJ/77zq67kKkDDFHAi6yNz21SAcr69UXWdlW f3wgHa0ej7DflSp80AM+FknYpg4s9Wv6WfbzwnydUKgXmz0HcWy1zIePN6WzsTkD6g9n KA5Q== Received: by 10.236.191.40 with SMTP id f28mr14534603yhn.2.1340515333200; Sat, 23 Jun 2012 22:22:13 -0700 (PDT) Received: by 10.236.191.40 with SMTP id f28mr14534597yhn.2.1340515333155; Sat, 23 Jun 2012 22:22:13 -0700 (PDT) Received: from wpzn3.hot.corp.google.com (216-239-44-65.google.com [216.239.44.65]) by gmr-mx.google.com with ESMTPS id q35si21162959yhe.6.2012.06.23.22.22.13 (version=TLSv1/SSLv3 cipher=AES128-SHA); Sat, 23 Jun 2012 22:22:13 -0700 (PDT) Received: from coy.nyc.corp.google.com (coy.nyc.corp.google.com [172.26.105.221]) by wpzn3.hot.corp.google.com (Postfix) with ESMTP id 1C462100047; Sat, 23 Jun 2012 22:22:13 -0700 (PDT) Received: by coy.nyc.corp.google.com (Postfix, from userid 4318) id 98B8C1C04C4; Sun, 24 Jun 2012 01:22:12 -0400 (EDT) From: Neal Cardwell To: David Miller Cc: netdev@vger.kernel.org, Eric Dumazet , Tom Herbert , Neal Cardwell Subject: [PATCH 1/5] tcp: heed result of security_inet_conn_request() in tcp_v6_conn_request() Date: Sun, 24 Jun 2012 01:22:00 -0400 Message-Id: <1340515324-2152-1-git-send-email-ncardwell@google.com> X-Mailer: git-send-email 1.7.7.3 X-Gm-Message-State: ALoCoQmvVnomVliGA4O3ked0uyUlwvOKyBkvRJ1fQTwNfUxL7fXYXO0cQN9G3cOAxyPhyb5toTgBbrklu5xVrcjy3TjbGN9RQrtmc8vJzIMDx2dca2vQeUlroXbRVm/GgwyMemp0hCDuLuFC9ZNZZtYLmzSea5KAyFBNO9kFQUBJBZu+gAIqAnp4jqCTRXHFiSSeD2q5riI6 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org If security_inet_conn_request() returns non-zero then TCP/IPv6 should drop the request, just as in TCP/IPv4 and DCCP in both IPv4 and IPv6. Signed-off-by: Neal Cardwell Acked-by: Eric Dumazet --- net/ipv6/tcp_ipv6.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 3a9aec2..9df64a5 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1212,7 +1212,8 @@ have_isn: tcp_rsk(req)->snt_isn = isn; tcp_rsk(req)->snt_synack = tcp_time_stamp; - security_inet_conn_request(sk, skb, req); + if (security_inet_conn_request(sk, skb, req)) + goto drop_and_release; if (tcp_v6_send_synack(sk, req, (struct request_values *)&tmp_ext,