user/sven/linux.git/include/linux/sock_diag.h, branch v3.16.67 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.16.67 2014-04-24T17:44:53Z net: Move the permission check in sock_diag_put_filterinfo to packet_diag_dump 2014-04-24T17:44:53Z Eric W. Biederman ebiederm@xmission.com 2014-04-23T21:26:25Z urn:sha1:a53b72c83a4216f2eb883ed45a0cbce014b8e62d The permission check in sock_diag_put_filterinfo is wrong, and it is so removed from it's sources it is not clear why it is wrong. Move the computation into packet_diag_dump and pass a bool of the result into sock_diag_filterinfo. This does not yet correct the capability check but instead simply moves it to make it clear what is going on. Reported-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> net: Fix ns_capable check in sock_diag_put_filterinfo 2014-04-22T16:49:39Z Andrew Lutomirski luto@amacapital.net 2014-04-17T04:41:34Z urn:sha1:78541c1dc60b65ecfce5a6a096fc260219d6784e The caller needs capabilities on the namespace being queried, not on their own namespace. This is a security bug, although it likely has only a minor impact. Cc: stable@vger.kernel.org Signed-off-by: Andy Lutomirski <luto@amacapital.net> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> sock_diag: allow to dump bpf filters 2013-04-29T17:21:30Z Nicolas Dichtel nicolas.dichtel@6wind.com 2013-04-25T06:53:54Z urn:sha1:e8d9612c181b1a68ba5f71384629343466f1bd13 This patch allows to dump BPF filters attached to a socket with SO_ATTACH_FILTER. Note that we check CAP_SYS_ADMIN before allowing to dump this info. For now, only AF_PACKET sockets use this feature. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> UAPI: (Scripted) Disintegrate include/linux 2012-10-13T09:46:48Z David Howells dhowells@redhat.com 2012-10-13T09:46:48Z urn:sha1:607ca46e97a1b6594b29647d98a32d545c24bdff Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Michael Kerrisk <mtk.manpages@gmail.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Dave Jones <davej@redhat.com> net: make sock diag per-namespace 2012-07-17T05:31:34Z Andrey Vagin avagin@openvz.org 2012-07-16T04:28:49Z urn:sha1:51d7cccf07238f5236c5b9269231a30dd5f8e714 Before this patch sock_diag works for init_net only and dumps information about sockets from all namespaces. This patch expands sock_diag for all name-spaces. It creates a netlink kernel socket for each netns and filters data during dumping. v2: filter accoding with netns in all places remove an unused variable. Cc: "David S. Miller" <davem@davemloft.net> Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Cc: James Morris <jmorris@namei.org> Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org> Cc: Patrick McHardy <kaber@trash.net> Cc: Pavel Emelyanov <xemul@parallels.com> CC: Eric Dumazet <eric.dumazet@gmail.com> Cc: linux-kernel@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: Andrew Vagin <avagin@openvz.org> Acked-by: Pavel Emelyanov <xemul@parallels.com> Signed-off-by: David S. Miller <davem@davemloft.net> sock_diag: add SK_MEMINFO_BACKLOG 2012-06-04T15:27:40Z Eric Dumazet edumazet@google.com 2012-06-04T03:50:35Z urn:sha1:d594e987c6f5417cc63dd7e107a2a03a7eeee03f Adding socket backlog len in INET_DIAG_SKMEMINFO is really useful to diagnose various TCP problems. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> net: sock_diag_handler structs can be const 2012-04-26T00:46:59Z Shan Wei davidshan@tencent.com 2012-04-24T18:21:07Z urn:sha1:8dcf01fc009d12d01fd195ed95eaaee61178f21a read only, so change it to const. Signed-off-by: Shan Wei <davidshan@tencent.com> Acked-by: Pavel Emelyanov <xemul@parallels.com> Signed-off-by: David S. Miller <davem@davemloft.net> sock_diag: Introduce the meminfo nla core (v2) 2011-12-30T21:42:19Z Pavel Emelyanov xemul@parallels.com 2011-12-30T00:53:13Z urn:sha1:5d2e5f274f9e9a06fb934dd45260e2616a9992e6 Add a routine that dumps memory-related values of a socket. It's made as an array to make it possible to add more stuff here later without breaking compatibility. Since v1: The SK_MEMINFO_ constants are in userspace visible part of sock_diag.h, the rest is under __KERNEL__. Signed-off-by: Pavel Emelyanov <xemul@parallels.com> Signed-off-by: David S. Miller <davem@davemloft.net> sock_diag: Arrange sock_diag.h such that it is exportable to userspace 2011-12-30T21:42:18Z Pavel Emelyanov xemul@parallels.com 2011-12-30T00:52:21Z urn:sha1:e6fe2371bdd3713d0b227e9cd7f905e127ff81a0 Properly toss existing components around the ifdef __KERNEL__ and include the header into the header-y target. Signed-off-by: Pavel Emelyanov <xemul@parallels.com> Signed-off-by: David S. Miller <davem@davemloft.net> sock_diag: Generalize requests cookies managements 2011-12-16T18:48:27Z Pavel Emelyanov xemul@parallels.com 2011-12-15T02:43:44Z urn:sha1:f65c1b534b99aef1809b893387b295963821549f The sk address is used as a cookie between dump/get_exact calls. It will be required for unix socket sdumping, so move it from inet_diag to sock_diag. Signed-off-by: Pavel Emelyanov <xemul@parallels.com> Signed-off-by: David S. Miller <davem@davemloft.net>