leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Smack: Inform peer that IPv6 traffic has been blocked

Browse Source 
In this patch we're sending an ICMPv6 message to a peer to
immediately inform it that making a connection is not possible.
In case of TCP connections, without this change, the peer
will be waiting until a connection timeout is exceeded.

Signed-off-by: Piotr Sawicki <p.sawicki2@partner.samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
This commit is contained in:
Piotr Sawicki 2018-07-19 11:47:31 +02:00 committed by Casey Schaufler
parent a07ef95164
commit d66a8acbda
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
security/smack/smack_lsm.c
View File

@ -28,6 +28,7 @@
#include <linux/tcp.h> #include <linux/tcp.h>
#include <linux/udp.h> #include <linux/udp.h>
#include <linux/dccp.h> #include <linux/dccp.h>
#include <linux/icmpv6.h>
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/mutex.h> #include <linux/mutex.h>
#include <linux/pipe_fs_i.h> #include <linux/pipe_fs_i.h>
@ -4009,6 +4010,9 @@ access_check:
#ifdef SMACK_IPV6_PORT_LABELING #ifdef SMACK_IPV6_PORT_LABELING
rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING); rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
#endif /* SMACK_IPV6_PORT_LABELING */ #endif /* SMACK_IPV6_PORT_LABELING */
if (rc != 0)
icmpv6_send(skb, ICMPV6_DEST_UNREACH,
ICMPV6_ADM_PROHIBITED, 0);
break; break;
#endif /* CONFIG_IPV6 */ #endif /* CONFIG_IPV6 */
} }