From: Richard Haines <richard_c_haines@btinternet.com>
To: Neil Horman <nhorman@tuxdriver.com>, Xin Long <lucien.xin@gmail.com>
Cc: selinux@tycho.nsa.gov, network dev <netdev@vger.kernel.org>,
linux-sctp@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [RFC PATCH 3/5] sctp: Add LSM hooks
Date: Fri, 20 Oct 2017 13:04:55 +0100 [thread overview]
Message-ID: <1508501095.8370.7.camel@btinternet.com> (raw)
In-Reply-To: <20171020111637.GA14713@neilslaptop.think-freely.org>
On Fri, 2017-10-20 at 07:16 -0400, Neil Horman wrote:
> On Wed, Oct 18, 2017 at 11:05:09PM +0800, Xin Long wrote:
> > On Tue, Oct 17, 2017 at 9:58 PM, Richard Haines
> > <richard_c_haines@btinternet.com> wrote:
> > > Add security hooks to allow security modules to exercise access
> > > control
> > > over SCTP.
> > >
> > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> > > ---
> > > include/net/sctp/structs.h | 10 ++++++++
> > > include/uapi/linux/sctp.h | 1 +
> > > net/sctp/sm_make_chunk.c | 12 +++++++++
> > > net/sctp/sm_statefuns.c | 14 ++++++++++-
> > > net/sctp/socket.c | 61
> > > +++++++++++++++++++++++++++++++++++++++++++++-
> > > 5 files changed, 96 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/include/net/sctp/structs.h
> > > b/include/net/sctp/structs.h
> > > index 7767577..6e72e3e 100644
> > > --- a/include/net/sctp/structs.h
> > > +++ b/include/net/sctp/structs.h
> > > @@ -1270,6 +1270,16 @@ struct sctp_endpoint {
> > > reconf_enable:1;
> > >
> > > __u8 strreset_enable;
> > > +
> > > + /* Security identifiers from incoming (INIT). These are
> > > set by
> > > + * security_sctp_assoc_request(). These will only be used
> > > by
> > > + * SCTP TCP type sockets and peeled off connections as
> > > they
> > > + * cause a new socket to be generated.
> > > security_sctp_sk_clone()
> > > + * will then plug these into the new socket.
> > > + */
> > > +
> > > + u32 secid;
> > > + u32 peer_secid;
> > > };
> > >
> > > /* Recover the outter endpoint structure. */
> > > diff --git a/include/uapi/linux/sctp.h
> > > b/include/uapi/linux/sctp.h
> > > index 6217ff8..c04812f 100644
> > > --- a/include/uapi/linux/sctp.h
> > > +++ b/include/uapi/linux/sctp.h
> > > @@ -122,6 +122,7 @@ typedef __s32 sctp_assoc_t;
> > > #define SCTP_RESET_ASSOC 120
> > > #define SCTP_ADD_STREAMS 121
> > > #define SCTP_SOCKOPT_PEELOFF_FLAGS 122
> > > +#define SCTP_SENDMSG_CONNECT 123
> > >
> > > /* PR-SCTP policies */
> > > #define SCTP_PR_SCTP_NONE 0x0000
> > > diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
> > > index 6110447..ca4705b 100644
> > > --- a/net/sctp/sm_make_chunk.c
> > > +++ b/net/sctp/sm_make_chunk.c
> > > @@ -3059,6 +3059,12 @@ static __be16
> > > sctp_process_asconf_param(struct sctp_association *asoc,
> > > if (af->is_any(&addr))
> > > memcpy(&addr, &asconf->source,
> > > sizeof(addr));
> > >
> > > + if (security_sctp_bind_connect(asoc->ep->base.sk,
> > > + SCTP_PARAM_ADD_IP,
> > > + (struct sockaddr
> > > *)&addr,
> > > + af->sockaddr_len))
> > > + return SCTP_ERROR_REQ_REFUSED;
> > > +
> > > /* ADDIP 4.3 D9) If an endpoint receives an ADD
> > > IP address
> > > * request and does not have the local resources
> > > to add this
> > > * new address to the association, it MUST return
> > > an Error
> > > @@ -3125,6 +3131,12 @@ static __be16
> > > sctp_process_asconf_param(struct sctp_association *asoc,
> > > if (af->is_any(&addr))
> > > memcpy(&addr.v4, sctp_source(asconf),
> > > sizeof(addr));
> > >
> > > + if (security_sctp_bind_connect(asoc->ep->base.sk,
> > > + SCTP_PARAM_SET_PRI
> > > MARY,
> > > + (struct sockaddr
> > > *)&addr,
> > > + af->sockaddr_len))
> > > + return SCTP_ERROR_REQ_REFUSED;
> > > +
> > > peer = sctp_assoc_lookup_paddr(asoc, &addr);
> > > if (!peer)
> > > return SCTP_ERROR_DNS_FAILED;
> > > diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
> > > index b2a74c3..4ba5805 100644
> > > --- a/net/sctp/sm_statefuns.c
> > > +++ b/net/sctp/sm_statefuns.c
> > > @@ -314,6 +314,11 @@ sctp_disposition_t
> > > sctp_sf_do_5_1B_init(struct net *net,
> > > sctp_unrecognized_param_t *unk_param;
> > > int len;
> > >
> > > + /* Update socket peer label if first association. */
> > > + if (security_sctp_assoc_request((struct sctp_endpoint
> > > *)ep,
> > > + chunk->skb,
> > > SCTP_CID_INIT))
> > > + return sctp_sf_pdiscard(net, ep, asoc, type, arg,
> > > commands);
> > > +
> > > /* 6.10 Bundling
> > > * An endpoint MUST NOT bundle INIT, INIT ACK or
> > > * SHUTDOWN COMPLETE with any other chunks.
> > > @@ -446,7 +451,6 @@ sctp_disposition_t
> > > sctp_sf_do_5_1B_init(struct net *net,
> > > }
> > >
> > > sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC,
> > > SCTP_ASOC(new_asoc));
> > > -
> > > sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
> > > SCTP_CHUNK(repl));
> > >
> > > /*
> > > @@ -507,6 +511,11 @@ sctp_disposition_t
> > > sctp_sf_do_5_1C_ack(struct net *net,
> > > struct sctp_chunk *err_chunk;
> > > struct sctp_packet *packet;
> > >
> > > + /* Update socket peer label if first association. */
> > > + if (security_sctp_assoc_request((struct sctp_endpoint
> > > *)ep,
> > > + chunk->skb,
> > > SCTP_CID_INIT_ACK))
> > > + return sctp_sf_pdiscard(net, ep, asoc, type, arg,
> > > commands);
> > > +
> >
> > Just thinking security_sctp_assoc_request hook should also be in
> > sctp_sf_do_unexpected_init() and sctp_sf_do_5_2_4_dupcook() ?
>
> I agree, i think if this hook is gating on the creation of a new
> association,
> they should be in all the locations where that happens
> Neil
Thanks for the comments. I've just added the hook as requested for my
next update, however I have not managed to trigger these areas using
the lksctp-tools tests. Can you suggest any suitable tools for testing
these scenarios.
Thanks
Richard
>
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-
> > sctp" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp"
> in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Richard Haines <richard_c_haines@btinternet.com>
To: linux-security-module@vger.kernel.org
Subject: Re: [RFC PATCH 3/5] sctp: Add LSM hooks
Date: Fri, 20 Oct 2017 12:04:55 +0000 [thread overview]
Message-ID: <1508501095.8370.7.camel@btinternet.com> (raw)
In-Reply-To: <20171020111637.GA14713@neilslaptop.think-freely.org>
On Fri, 2017-10-20 at 07:16 -0400, Neil Horman wrote:
> On Wed, Oct 18, 2017 at 11:05:09PM +0800, Xin Long wrote:
> > On Tue, Oct 17, 2017 at 9:58 PM, Richard Haines
> > <richard_c_haines@btinternet.com> wrote:
> > > Add security hooks to allow security modules to exercise access
> > > control
> > > over SCTP.
> > >
> > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> > > ---
> > > include/net/sctp/structs.h | 10 ++++++++
> > > include/uapi/linux/sctp.h | 1 +
> > > net/sctp/sm_make_chunk.c | 12 +++++++++
> > > net/sctp/sm_statefuns.c | 14 ++++++++++-
> > > net/sctp/socket.c | 61
> > > +++++++++++++++++++++++++++++++++++++++++++++-
> > > 5 files changed, 96 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/include/net/sctp/structs.h
> > > b/include/net/sctp/structs.h
> > > index 7767577..6e72e3e 100644
> > > --- a/include/net/sctp/structs.h
> > > +++ b/include/net/sctp/structs.h
> > > @@ -1270,6 +1270,16 @@ struct sctp_endpoint {
> > > reconf_enable:1;
> > >
> > > __u8 strreset_enable;
> > > +
> > > + /* Security identifiers from incoming (INIT). These are
> > > set by
> > > + * security_sctp_assoc_request(). These will only be used
> > > by
> > > + * SCTP TCP type sockets and peeled off connections as
> > > they
> > > + * cause a new socket to be generated.
> > > security_sctp_sk_clone()
> > > + * will then plug these into the new socket.
> > > + */
> > > +
> > > + u32 secid;
> > > + u32 peer_secid;
> > > };
> > >
> > > /* Recover the outter endpoint structure. */
> > > diff --git a/include/uapi/linux/sctp.h
> > > b/include/uapi/linux/sctp.h
> > > index 6217ff8..c04812f 100644
> > > --- a/include/uapi/linux/sctp.h
> > > +++ b/include/uapi/linux/sctp.h
> > > @@ -122,6 +122,7 @@ typedef __s32 sctp_assoc_t;
> > > #define SCTP_RESET_ASSOC 120
> > > #define SCTP_ADD_STREAMS 121
> > > #define SCTP_SOCKOPT_PEELOFF_FLAGS 122
> > > +#define SCTP_SENDMSG_CONNECT 123
> > >
> > > /* PR-SCTP policies */
> > > #define SCTP_PR_SCTP_NONE 0x0000
> > > diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
> > > index 6110447..ca4705b 100644
> > > --- a/net/sctp/sm_make_chunk.c
> > > +++ b/net/sctp/sm_make_chunk.c
> > > @@ -3059,6 +3059,12 @@ static __be16
> > > sctp_process_asconf_param(struct sctp_association *asoc,
> > > if (af->is_any(&addr))
> > > memcpy(&addr, &asconf->source,
> > > sizeof(addr));
> > >
> > > + if (security_sctp_bind_connect(asoc->ep->base.sk,
> > > + SCTP_PARAM_ADD_IP,
> > > + (struct sockaddr
> > > *)&addr,
> > > + af->sockaddr_len))
> > > + return SCTP_ERROR_REQ_REFUSED;
> > > +
> > > /* ADDIP 4.3 D9) If an endpoint receives an ADD
> > > IP address
> > > * request and does not have the local resources
> > > to add this
> > > * new address to the association, it MUST return
> > > an Error
> > > @@ -3125,6 +3131,12 @@ static __be16
> > > sctp_process_asconf_param(struct sctp_association *asoc,
> > > if (af->is_any(&addr))
> > > memcpy(&addr.v4, sctp_source(asconf),
> > > sizeof(addr));
> > >
> > > + if (security_sctp_bind_connect(asoc->ep->base.sk,
> > > + SCTP_PARAM_SET_PRI
> > > MARY,
> > > + (struct sockaddr
> > > *)&addr,
> > > + af->sockaddr_len))
> > > + return SCTP_ERROR_REQ_REFUSED;
> > > +
> > > peer = sctp_assoc_lookup_paddr(asoc, &addr);
> > > if (!peer)
> > > return SCTP_ERROR_DNS_FAILED;
> > > diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
> > > index b2a74c3..4ba5805 100644
> > > --- a/net/sctp/sm_statefuns.c
> > > +++ b/net/sctp/sm_statefuns.c
> > > @@ -314,6 +314,11 @@ sctp_disposition_t
> > > sctp_sf_do_5_1B_init(struct net *net,
> > > sctp_unrecognized_param_t *unk_param;
> > > int len;
> > >
> > > + /* Update socket peer label if first association. */
> > > + if (security_sctp_assoc_request((struct sctp_endpoint
> > > *)ep,
> > > + chunk->skb,
> > > SCTP_CID_INIT))
> > > + return sctp_sf_pdiscard(net, ep, asoc, type, arg,
> > > commands);
> > > +
> > > /* 6.10 Bundling
> > > * An endpoint MUST NOT bundle INIT, INIT ACK or
> > > * SHUTDOWN COMPLETE with any other chunks.
> > > @@ -446,7 +451,6 @@ sctp_disposition_t
> > > sctp_sf_do_5_1B_init(struct net *net,
> > > }
> > >
> > > sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC,
> > > SCTP_ASOC(new_asoc));
> > > -
> > > sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
> > > SCTP_CHUNK(repl));
> > >
> > > /*
> > > @@ -507,6 +511,11 @@ sctp_disposition_t
> > > sctp_sf_do_5_1C_ack(struct net *net,
> > > struct sctp_chunk *err_chunk;
> > > struct sctp_packet *packet;
> > >
> > > + /* Update socket peer label if first association. */
> > > + if (security_sctp_assoc_request((struct sctp_endpoint
> > > *)ep,
> > > + chunk->skb,
> > > SCTP_CID_INIT_ACK))
> > > + return sctp_sf_pdiscard(net, ep, asoc, type, arg,
> > > commands);
> > > +
> >
> > Just thinking security_sctp_assoc_request hook should also be in
> > sctp_sf_do_unexpected_init() and sctp_sf_do_5_2_4_dupcook() ?
>
> I agree, i think if this hook is gating on the creation of a new
> association,
> they should be in all the locations where that happens
> Neil
Thanks for the comments. I've just added the hook as requested for my
next update, however I have not managed to trigger these areas using
the lksctp-tools tests. Can you suggest any suitable tools for testing
these scenarios.
Thanks
Richard
>
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-
> > sctp" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp"
> in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: richard_c_haines@btinternet.com (Richard Haines)
To: linux-security-module@vger.kernel.org
Subject: [RFC PATCH 3/5] sctp: Add LSM hooks
Date: Fri, 20 Oct 2017 13:04:55 +0100 [thread overview]
Message-ID: <1508501095.8370.7.camel@btinternet.com> (raw)
In-Reply-To: <20171020111637.GA14713@neilslaptop.think-freely.org>
On Fri, 2017-10-20 at 07:16 -0400, Neil Horman wrote:
> On Wed, Oct 18, 2017 at 11:05:09PM +0800, Xin Long wrote:
> > On Tue, Oct 17, 2017 at 9:58 PM, Richard Haines
> > <richard_c_haines@btinternet.com> wrote:
> > > Add security hooks to allow security modules to exercise access
> > > control
> > > over SCTP.
> > >
> > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> > > ---
> > > include/net/sctp/structs.h | 10 ++++++++
> > > include/uapi/linux/sctp.h | 1 +
> > > net/sctp/sm_make_chunk.c | 12 +++++++++
> > > net/sctp/sm_statefuns.c | 14 ++++++++++-
> > > net/sctp/socket.c | 61
> > > +++++++++++++++++++++++++++++++++++++++++++++-
> > > 5 files changed, 96 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/include/net/sctp/structs.h
> > > b/include/net/sctp/structs.h
> > > index 7767577..6e72e3e 100644
> > > --- a/include/net/sctp/structs.h
> > > +++ b/include/net/sctp/structs.h
> > > @@ -1270,6 +1270,16 @@ struct sctp_endpoint {
> > > reconf_enable:1;
> > >
> > > __u8 strreset_enable;
> > > +
> > > + /* Security identifiers from incoming (INIT). These are
> > > set by
> > > + * security_sctp_assoc_request(). These will only be used
> > > by
> > > + * SCTP TCP type sockets and peeled off connections as
> > > they
> > > + * cause a new socket to be generated.
> > > security_sctp_sk_clone()
> > > + * will then plug these into the new socket.
> > > + */
> > > +
> > > + u32 secid;
> > > + u32 peer_secid;
> > > };
> > >
> > > /* Recover the outter endpoint structure. */
> > > diff --git a/include/uapi/linux/sctp.h
> > > b/include/uapi/linux/sctp.h
> > > index 6217ff8..c04812f 100644
> > > --- a/include/uapi/linux/sctp.h
> > > +++ b/include/uapi/linux/sctp.h
> > > @@ -122,6 +122,7 @@ typedef __s32 sctp_assoc_t;
> > > #define SCTP_RESET_ASSOC 120
> > > #define SCTP_ADD_STREAMS 121
> > > #define SCTP_SOCKOPT_PEELOFF_FLAGS 122
> > > +#define SCTP_SENDMSG_CONNECT 123
> > >
> > > /* PR-SCTP policies */
> > > #define SCTP_PR_SCTP_NONE 0x0000
> > > diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
> > > index 6110447..ca4705b 100644
> > > --- a/net/sctp/sm_make_chunk.c
> > > +++ b/net/sctp/sm_make_chunk.c
> > > @@ -3059,6 +3059,12 @@ static __be16
> > > sctp_process_asconf_param(struct sctp_association *asoc,
> > > if (af->is_any(&addr))
> > > memcpy(&addr, &asconf->source,
> > > sizeof(addr));
> > >
> > > + if (security_sctp_bind_connect(asoc->ep->base.sk,
> > > + SCTP_PARAM_ADD_IP,
> > > + (struct sockaddr
> > > *)&addr,
> > > + af->sockaddr_len))
> > > + return SCTP_ERROR_REQ_REFUSED;
> > > +
> > > /* ADDIP 4.3 D9) If an endpoint receives an ADD
> > > IP address
> > > * request and does not have the local resources
> > > to add this
> > > * new address to the association, it MUST return
> > > an Error
> > > @@ -3125,6 +3131,12 @@ static __be16
> > > sctp_process_asconf_param(struct sctp_association *asoc,
> > > if (af->is_any(&addr))
> > > memcpy(&addr.v4, sctp_source(asconf),
> > > sizeof(addr));
> > >
> > > + if (security_sctp_bind_connect(asoc->ep->base.sk,
> > > + SCTP_PARAM_SET_PRI
> > > MARY,
> > > + (struct sockaddr
> > > *)&addr,
> > > + af->sockaddr_len))
> > > + return SCTP_ERROR_REQ_REFUSED;
> > > +
> > > peer = sctp_assoc_lookup_paddr(asoc, &addr);
> > > if (!peer)
> > > return SCTP_ERROR_DNS_FAILED;
> > > diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
> > > index b2a74c3..4ba5805 100644
> > > --- a/net/sctp/sm_statefuns.c
> > > +++ b/net/sctp/sm_statefuns.c
> > > @@ -314,6 +314,11 @@ sctp_disposition_t
> > > sctp_sf_do_5_1B_init(struct net *net,
> > > sctp_unrecognized_param_t *unk_param;
> > > int len;
> > >
> > > + /* Update socket peer label if first association. */
> > > + if (security_sctp_assoc_request((struct sctp_endpoint
> > > *)ep,
> > > + chunk->skb,
> > > SCTP_CID_INIT))
> > > + return sctp_sf_pdiscard(net, ep, asoc, type, arg,
> > > commands);
> > > +
> > > /* 6.10 Bundling
> > > * An endpoint MUST NOT bundle INIT, INIT ACK or
> > > * SHUTDOWN COMPLETE with any other chunks.
> > > @@ -446,7 +451,6 @@ sctp_disposition_t
> > > sctp_sf_do_5_1B_init(struct net *net,
> > > }
> > >
> > > sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC,
> > > SCTP_ASOC(new_asoc));
> > > -
> > > sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
> > > SCTP_CHUNK(repl));
> > >
> > > /*
> > > @@ -507,6 +511,11 @@ sctp_disposition_t
> > > sctp_sf_do_5_1C_ack(struct net *net,
> > > struct sctp_chunk *err_chunk;
> > > struct sctp_packet *packet;
> > >
> > > + /* Update socket peer label if first association. */
> > > + if (security_sctp_assoc_request((struct sctp_endpoint
> > > *)ep,
> > > + chunk->skb,
> > > SCTP_CID_INIT_ACK))
> > > + return sctp_sf_pdiscard(net, ep, asoc, type, arg,
> > > commands);
> > > +
> >
> > Just thinking security_sctp_assoc_request hook should also be in
> > sctp_sf_do_unexpected_init() and sctp_sf_do_5_2_4_dupcook() ?
>
> I agree, i think if this hook is gating on the creation of a new
> association,
> they should be in all the locations where that happens
> Neil
Thanks for the comments. I've just added the hook as requested for my
next update, however I have not managed to trigger these areas using
the lksctp-tools tests. Can you suggest any suitable tools for testing
these scenarios.
Thanks
Richard
>
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-
> > sctp" in
> > the body of a message to majordomo at vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp"
> in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-10-20 12:04 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-17 13:58 [RFC PATCH 3/5] sctp: Add LSM hooks Richard Haines
2017-10-17 13:58 ` Richard Haines
2017-10-17 13:58 ` Richard Haines
2017-10-18 15:05 ` Xin Long
2017-10-18 15:05 ` Xin Long
2017-10-18 15:05 ` Xin Long
2017-10-20 11:16 ` Neil Horman
2017-10-20 11:16 ` Neil Horman
2017-10-20 11:16 ` Neil Horman
2017-10-20 12:04 ` Richard Haines [this message]
2017-10-20 12:04 ` Richard Haines
2017-10-20 12:04 ` Richard Haines
2017-10-20 13:14 ` Xin Long
2017-10-20 13:14 ` Xin Long
2017-10-20 13:14 ` Xin Long
2017-10-24 20:27 ` Richard Haines
2017-10-24 20:27 ` Richard Haines
2017-10-24 20:27 ` Richard Haines
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1508501095.8370.7.camel@btinternet.com \
--to=richard_c_haines@btinternet.com \
--cc=linux-sctp@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lucien.xin@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.