From: marcelo.leitner@gmail.com (Marcelo Ricardo Leitner)
To: linux-security-module@vger.kernel.org
Subject: [PATCH V7 2/4] sctp: Add ip option support
Date: Fri, 23 Feb 2018 21:56:00 -0300 [thread overview]
Message-ID: <20180224005600.GG4375@localhost.localdomain> (raw)
In-Reply-To: <CAHC9VhT_1GQJPoOBN0ambF=F1+ZXhoYB3mMc8kzgCFOep+hsCg@mail.gmail.com>
On Fri, Feb 23, 2018 at 11:11:50AM -0500, Paul Moore wrote:
> On Thu, Feb 22, 2018 at 9:40 PM, Marcelo Ricardo Leitner
> <marcelo.leitner@gmail.com> wrote:
> > On Thu, Feb 22, 2018 at 06:08:05PM -0500, Paul Moore wrote:
> >> On Wed, Feb 21, 2018 at 3:45 PM, Paul Moore <paul@paul-moore.com> wrote:
> >> > On February 21, 2018 9:33:51 AM Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> wrote:
> >> >> On Tue, Feb 20, 2018 at 07:15:27PM +0000, Richard Haines wrote:
> >> >>> Add ip option support to allow LSM security modules to utilise CIPSO/IPv4
> >> >>> and CALIPSO/IPv6 services.
> >> >>>
> >> >>> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> >> >>
> >> >> LGTM too, thanks!
> >> >>
> >> >> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
> >> >
> >> > I agree, thanks everyone for all the work, review, and patience behind this patchset! I'll work on merging this into selinux/next and I'll send a note when it's done.
> >>
> >> I just merged the four patches (1,3,4 from the v6 patchset, 2 from the
> >> v7 patchset) in selinux/next and did a quick sanity test on the kernel
> >> (booted, no basic SELinux regressions). Additional testing help is
> >> always appreciated ...
> >
> > I'll try it early next week.
> >
> > Any ideas on when this is going to appear on Dave's net-next tree?
> > We have a lot of SCTP changes to be posted on this cycle and would be
> > nice if we could avoid merge conflicts.
>
> It's merged into the SELinux tree, next branch; see the links below.
> Last I checked DaveM doesn't pull the selinux/next into his net-next
> tree (that would be a little funny for historical reasons).
>
> Any idea on how bad the merge conflicts are?
I know about 5 patchsets that we are cooking. For 4 of them I think it
would be mostly fine, perhaps one conflict here and there. But the
other one is a refactoring on MTU handling and it touches lots of
places that 92c49e12646e4 ("sctp: Add ip option support") also
touched, like in the chunk below:
+++ b/include/net/sctp/sctp.h
@@ -441,9 +441,11 @@ static inline int sctp_list_single_entry(struct list_head *head)
static inline int sctp_frag_point(const struct sctp_association *asoc, int pmtu)
{
struct sctp_sock *sp = sctp_sk(asoc->base.sk);
+ struct sctp_af *af = sp->pf->af;
int frag = pmtu;
- frag -= sp->pf->af->net_header_len;
+ frag -= af->ip_options_len(asoc->base.sk);
+ frag -= af->net_header_len;
In the refactor I'm removing this function from here and adding a
similar, not quite the same but similar, in a .c file.
I post the mtu patchset as RFC next week so we can know better.
Marcelo
>
> >> * git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
> >> * https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
>
> --
> paul moore
> www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: linux-security-module@vger.kernel.org
Subject: Re: [PATCH V7 2/4] sctp: Add ip option support
Date: Sat, 24 Feb 2018 00:56:00 +0000 [thread overview]
Message-ID: <20180224005600.GG4375@localhost.localdomain> (raw)
In-Reply-To: <CAHC9VhT_1GQJPoOBN0ambF=F1+ZXhoYB3mMc8kzgCFOep+hsCg@mail.gmail.com>
On Fri, Feb 23, 2018 at 11:11:50AM -0500, Paul Moore wrote:
> On Thu, Feb 22, 2018 at 9:40 PM, Marcelo Ricardo Leitner
> <marcelo.leitner@gmail.com> wrote:
> > On Thu, Feb 22, 2018 at 06:08:05PM -0500, Paul Moore wrote:
> >> On Wed, Feb 21, 2018 at 3:45 PM, Paul Moore <paul@paul-moore.com> wrote:
> >> > On February 21, 2018 9:33:51 AM Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> wrote:
> >> >> On Tue, Feb 20, 2018 at 07:15:27PM +0000, Richard Haines wrote:
> >> >>> Add ip option support to allow LSM security modules to utilise CIPSO/IPv4
> >> >>> and CALIPSO/IPv6 services.
> >> >>>
> >> >>> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> >> >>
> >> >> LGTM too, thanks!
> >> >>
> >> >> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
> >> >
> >> > I agree, thanks everyone for all the work, review, and patience behind this patchset! I'll work on merging this into selinux/next and I'll send a note when it's done.
> >>
> >> I just merged the four patches (1,3,4 from the v6 patchset, 2 from the
> >> v7 patchset) in selinux/next and did a quick sanity test on the kernel
> >> (booted, no basic SELinux regressions). Additional testing help is
> >> always appreciated ...
> >
> > I'll try it early next week.
> >
> > Any ideas on when this is going to appear on Dave's net-next tree?
> > We have a lot of SCTP changes to be posted on this cycle and would be
> > nice if we could avoid merge conflicts.
>
> It's merged into the SELinux tree, next branch; see the links below.
> Last I checked DaveM doesn't pull the selinux/next into his net-next
> tree (that would be a little funny for historical reasons).
>
> Any idea on how bad the merge conflicts are?
I know about 5 patchsets that we are cooking. For 4 of them I think it
would be mostly fine, perhaps one conflict here and there. But the
other one is a refactoring on MTU handling and it touches lots of
places that 92c49e12646e4 ("sctp: Add ip option support") also
touched, like in the chunk below:
+++ b/include/net/sctp/sctp.h
@@ -441,9 +441,11 @@ static inline int sctp_list_single_entry(struct list_head *head)
static inline int sctp_frag_point(const struct sctp_association *asoc, int pmtu)
{
struct sctp_sock *sp = sctp_sk(asoc->base.sk);
+ struct sctp_af *af = sp->pf->af;
int frag = pmtu;
- frag -= sp->pf->af->net_header_len;
+ frag -= af->ip_options_len(asoc->base.sk);
+ frag -= af->net_header_len;
In the refactor I'm removing this function from here and adding a
similar, not quite the same but similar, in a .c file.
I post the mtu patchset as RFC next week so we can know better.
Marcelo
>
> >> * git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
> >> * https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
>
> --
> paul moore
> www.paul-moore.com
WARNING: multiple messages have this Message-ID (diff)
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: Paul Moore <paul@paul-moore.com>
Cc: Richard Haines <richard_c_haines@btinternet.com>,
selinux@tycho.nsa.gov, netdev@vger.kernel.org,
linux-sctp@vger.kernel.org,
linux-security-module@vger.kernel.org,
Vlad Yasevich <vyasevich@gmail.com>,
nhorman@tuxdriver.com, Stephen Smalley <sds@tycho.nsa.gov>,
Eric Paris <eparis@parisplace.org>,
casey@schaufler-ca.com, James Morris <jmorris@namei.org>
Subject: Re: [PATCH V7 2/4] sctp: Add ip option support
Date: Fri, 23 Feb 2018 21:56:00 -0300 [thread overview]
Message-ID: <20180224005600.GG4375@localhost.localdomain> (raw)
In-Reply-To: <CAHC9VhT_1GQJPoOBN0ambF=F1+ZXhoYB3mMc8kzgCFOep+hsCg@mail.gmail.com>
On Fri, Feb 23, 2018 at 11:11:50AM -0500, Paul Moore wrote:
> On Thu, Feb 22, 2018 at 9:40 PM, Marcelo Ricardo Leitner
> <marcelo.leitner@gmail.com> wrote:
> > On Thu, Feb 22, 2018 at 06:08:05PM -0500, Paul Moore wrote:
> >> On Wed, Feb 21, 2018 at 3:45 PM, Paul Moore <paul@paul-moore.com> wrote:
> >> > On February 21, 2018 9:33:51 AM Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> wrote:
> >> >> On Tue, Feb 20, 2018 at 07:15:27PM +0000, Richard Haines wrote:
> >> >>> Add ip option support to allow LSM security modules to utilise CIPSO/IPv4
> >> >>> and CALIPSO/IPv6 services.
> >> >>>
> >> >>> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> >> >>
> >> >> LGTM too, thanks!
> >> >>
> >> >> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
> >> >
> >> > I agree, thanks everyone for all the work, review, and patience behind this patchset! I'll work on merging this into selinux/next and I'll send a note when it's done.
> >>
> >> I just merged the four patches (1,3,4 from the v6 patchset, 2 from the
> >> v7 patchset) in selinux/next and did a quick sanity test on the kernel
> >> (booted, no basic SELinux regressions). Additional testing help is
> >> always appreciated ...
> >
> > I'll try it early next week.
> >
> > Any ideas on when this is going to appear on Dave's net-next tree?
> > We have a lot of SCTP changes to be posted on this cycle and would be
> > nice if we could avoid merge conflicts.
>
> It's merged into the SELinux tree, next branch; see the links below.
> Last I checked DaveM doesn't pull the selinux/next into his net-next
> tree (that would be a little funny for historical reasons).
>
> Any idea on how bad the merge conflicts are?
I know about 5 patchsets that we are cooking. For 4 of them I think it
would be mostly fine, perhaps one conflict here and there. But the
other one is a refactoring on MTU handling and it touches lots of
places that 92c49e12646e4 ("sctp: Add ip option support") also
touched, like in the chunk below:
+++ b/include/net/sctp/sctp.h
@@ -441,9 +441,11 @@ static inline int sctp_list_single_entry(struct list_head *head)
static inline int sctp_frag_point(const struct sctp_association *asoc, int pmtu)
{
struct sctp_sock *sp = sctp_sk(asoc->base.sk);
+ struct sctp_af *af = sp->pf->af;
int frag = pmtu;
- frag -= sp->pf->af->net_header_len;
+ frag -= af->ip_options_len(asoc->base.sk);
+ frag -= af->net_header_len;
In the refactor I'm removing this function from here and adding a
similar, not quite the same but similar, in a .c file.
I post the mtu patchset as RFC next week so we can know better.
Marcelo
>
> >> * git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
> >> * https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
>
> --
> paul moore
> www.paul-moore.com
WARNING: multiple messages have this Message-ID (diff)
From: Marcelo Ricardo Leitner <marcelo.leitner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org>
Cc: nhorman-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Vlad Yasevich <vyasevich-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-sctp-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org,
Stephen Smalley <sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
Subject: Re: [PATCH V7 2/4] sctp: Add ip option support
Date: Fri, 23 Feb 2018 21:56:00 -0300 [thread overview]
Message-ID: <20180224005600.GG4375@localhost.localdomain> (raw)
In-Reply-To: <CAHC9VhT_1GQJPoOBN0ambF=F1+ZXhoYB3mMc8kzgCFOep+hsCg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Fri, Feb 23, 2018 at 11:11:50AM -0500, Paul Moore wrote:
> On Thu, Feb 22, 2018 at 9:40 PM, Marcelo Ricardo Leitner
> <marcelo.leitner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > On Thu, Feb 22, 2018 at 06:08:05PM -0500, Paul Moore wrote:
> >> On Wed, Feb 21, 2018 at 3:45 PM, Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org> wrote:
> >> > On February 21, 2018 9:33:51 AM Marcelo Ricardo Leitner <marcelo.leitner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >> >> On Tue, Feb 20, 2018 at 07:15:27PM +0000, Richard Haines wrote:
> >> >>> Add ip option support to allow LSM security modules to utilise CIPSO/IPv4
> >> >>> and CALIPSO/IPv6 services.
> >> >>>
> >> >>> Signed-off-by: Richard Haines <richard_c_haines-FhtRXb7CoQBt1OO0OYaSVA@public.gmane.org>
> >> >>
> >> >> LGTM too, thanks!
> >> >>
> >> >> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> >> >
> >> > I agree, thanks everyone for all the work, review, and patience behind this patchset! I'll work on merging this into selinux/next and I'll send a note when it's done.
> >>
> >> I just merged the four patches (1,3,4 from the v6 patchset, 2 from the
> >> v7 patchset) in selinux/next and did a quick sanity test on the kernel
> >> (booted, no basic SELinux regressions). Additional testing help is
> >> always appreciated ...
> >
> > I'll try it early next week.
> >
> > Any ideas on when this is going to appear on Dave's net-next tree?
> > We have a lot of SCTP changes to be posted on this cycle and would be
> > nice if we could avoid merge conflicts.
>
> It's merged into the SELinux tree, next branch; see the links below.
> Last I checked DaveM doesn't pull the selinux/next into his net-next
> tree (that would be a little funny for historical reasons).
>
> Any idea on how bad the merge conflicts are?
I know about 5 patchsets that we are cooking. For 4 of them I think it
would be mostly fine, perhaps one conflict here and there. But the
other one is a refactoring on MTU handling and it touches lots of
places that 92c49e12646e4 ("sctp: Add ip option support") also
touched, like in the chunk below:
+++ b/include/net/sctp/sctp.h
@@ -441,9 +441,11 @@ static inline int sctp_list_single_entry(struct list_head *head)
static inline int sctp_frag_point(const struct sctp_association *asoc, int pmtu)
{
struct sctp_sock *sp = sctp_sk(asoc->base.sk);
+ struct sctp_af *af = sp->pf->af;
int frag = pmtu;
- frag -= sp->pf->af->net_header_len;
+ frag -= af->ip_options_len(asoc->base.sk);
+ frag -= af->net_header_len;
In the refactor I'm removing this function from here and adding a
similar, not quite the same but similar, in a .c file.
I post the mtu patchset as RFC next week so we can know better.
Marcelo
>
> >> * git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
> >> * https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
>
> --
> paul moore
> www.paul-moore.com
next prev parent reply other threads:[~2018-02-24 0:56 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-20 19:15 [PATCH V7 2/4] sctp: Add ip option support Richard Haines
2018-02-20 19:15 ` Richard Haines via Selinux
2018-02-20 19:15 ` Richard Haines
2018-02-20 19:15 ` Richard Haines
2018-02-21 3:44 ` Neil Horman
2018-02-21 3:44 ` Neil Horman
2018-02-21 3:44 ` Neil Horman
2018-02-21 3:44 ` Neil Horman
2018-02-21 14:33 ` Marcelo Ricardo Leitner
2018-02-21 14:33 ` Marcelo Ricardo Leitner
2018-02-21 14:33 ` Marcelo Ricardo Leitner
2018-02-21 14:33 ` Marcelo Ricardo Leitner
2018-02-21 20:45 ` Paul Moore
2018-02-21 20:45 ` Paul Moore
2018-02-21 20:45 ` Paul Moore
2018-02-21 20:45 ` Paul Moore
2018-02-22 23:08 ` Paul Moore
2018-02-22 23:08 ` Paul Moore
2018-02-22 23:08 ` Paul Moore
2018-02-22 23:08 ` Paul Moore
2018-02-23 2:40 ` Marcelo Ricardo Leitner
2018-02-23 2:40 ` Marcelo Ricardo Leitner
2018-02-23 2:40 ` Marcelo Ricardo Leitner
2018-02-23 2:40 ` Marcelo Ricardo Leitner
2018-02-23 16:11 ` Paul Moore
2018-02-23 16:11 ` Paul Moore
2018-02-23 16:11 ` Paul Moore
2018-02-23 16:11 ` Paul Moore
2018-02-24 0:56 ` Marcelo Ricardo Leitner [this message]
2018-02-24 0:56 ` Marcelo Ricardo Leitner
2018-02-24 0:56 ` Marcelo Ricardo Leitner
2018-02-24 0:56 ` Marcelo Ricardo Leitner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180224005600.GG4375@localhost.localdomain \
--to=marcelo.leitner@gmail.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.