From: Piotr Sawicki 
Date: Thu, 19 Jul 2018 09:47:31 +0000 (+0200)
Subject: Smack: Inform peer that IPv6 traffic has been blocked
X-Git-Tag: v4.19-rc1~126^2^2
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=d66a8acbda926fa2398ae930f50787e8663bce96;p=users%2Fwilly%2Flinux.git
Smack: Inform peer that IPv6 traffic has been blocked
In this patch we're sending an ICMPv6 message to a peer to
immediately inform it that making a connection is not possible.
In case of TCP connections, without this change, the peer
will be waiting until a connection timeout is exceeded.
Signed-off-by: Piotr Sawicki 
Signed-off-by: Casey Schaufler 
---
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index aff8397e8c7e..91750205a5de 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -28,6 +28,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -4009,6 +4010,9 @@ access_check:
 #ifdef SMACK_IPV6_PORT_LABELING
 		rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
 #endif /* SMACK_IPV6_PORT_LABELING */
+		if (rc != 0)
+			icmpv6_send(skb, ICMPV6_DEST_UNREACH,
+					ICMPV6_ADM_PROHIBITED, 0);
 		break;
 #endif /* CONFIG_IPV6 */
 	}