diff options
| author | David S. Miller <davem@davemloft.net> | 2017-09-01 18:38:09 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-09-01 18:38:09 -0700 |
| commit | d49e3a9f5ec493270d53b7796be4da9a1a804ce3 (patch) | |
| tree | 3246975ceff2bcdde1849cdffb20df517fcb5186 /include | |
| parent | 6391c4f67ad1643a17b54376e381038b9e660a0f (diff) | |
| parent | c03fa9bcacd9ac04595cc13f34f3445f0a5ecf13 (diff) | |
Merge branch 'inet_diag-TCP-MD5'
Ivan Delalande says:
====================
inet_diag: report TCP MD5 signing keys and addresses
Allow userspace to retrieve MD5 signature keys and addresses configured
on TCP sockets through inet_diag.
Thanks to Eric Dumazet and Stephen Hemminger for their useful
explanations and feedback.
v5: - memset the whole netlink payload after it has been nla_reserve-d
in tcp_diag_put_md5sig (a third memset had to be added for
tcpm_key so we might as well have just one for entire region).
- move the nla_total_size call from inet_sk_attr_size to the
idiag_get_aux_size defined by protocols as they could add multiple
netlink attributes,
- add check for net_admin in tcp_diag_get_aux_size.
v4: - add new struct tcp_diag_md5sig to report the data instead of
tcp_md5sig to avoid wasting 112 bytes on every tcpm_addr,
- memset tcpm_addr on IPv4 addresses to avoid leaks,
- style fix in inet_diag_dump_one_icsk.
v3: - rename inet_diag_*md5sig in tcp_diag.c to tcp_diag_* for
consistency,
- don't lock the socket in tcp_diag_put_md5sig,
- add checks on md5sig_count in tcp_diag_put_md5sig to not create
the netlink attribute if the list is empty, and to avoid overflows
or memory leaks if the list has changed in the meantime.
v2: - move changes to tcp_diag.c and extend inet_diag_handler to allow
protocols to provide additional data on INET_DIAG_INFO,
- lock socket before calling tcp_diag_put_md5sig.
I also have a patch for iproute2/ss to test this change, making it print
this new attribute. I'm planning to polish and send it if this series
gets applied.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/inet_diag.h | 7 | ||||
| -rw-r--r-- | include/uapi/linux/inet_diag.h | 1 | ||||
| -rw-r--r-- | include/uapi/linux/tcp.h | 9 |
3 files changed, 17 insertions, 0 deletions
diff --git a/include/linux/inet_diag.h b/include/linux/inet_diag.h index 65da430e260f..ee251c585854 100644 --- a/include/linux/inet_diag.h +++ b/include/linux/inet_diag.h @@ -25,6 +25,13 @@ struct inet_diag_handler { struct inet_diag_msg *r, void *info); + int (*idiag_get_aux)(struct sock *sk, + bool net_admin, + struct sk_buff *skb); + + size_t (*idiag_get_aux_size)(struct sock *sk, + bool net_admin); + int (*destroy)(struct sk_buff *in_skb, const struct inet_diag_req_v2 *req); diff --git a/include/uapi/linux/inet_diag.h b/include/uapi/linux/inet_diag.h index 678496897a68..f52ff62bfabe 100644 --- a/include/uapi/linux/inet_diag.h +++ b/include/uapi/linux/inet_diag.h @@ -143,6 +143,7 @@ enum { INET_DIAG_MARK, INET_DIAG_BBRINFO, INET_DIAG_CLASS_ID, + INET_DIAG_MD5SIG, __INET_DIAG_MAX, }; diff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h index 030e594bab45..15c25eccab2b 100644 --- a/include/uapi/linux/tcp.h +++ b/include/uapi/linux/tcp.h @@ -256,4 +256,13 @@ struct tcp_md5sig { __u8 tcpm_key[TCP_MD5SIG_MAXKEYLEN]; /* key (binary) */ }; +/* INET_DIAG_MD5SIG */ +struct tcp_diag_md5sig { + __u8 tcpm_family; + __u8 tcpm_prefixlen; + __u16 tcpm_keylen; + __be32 tcpm_addr[4]; + __u8 tcpm_key[TCP_MD5SIG_MAXKEYLEN]; +}; + #endif /* _UAPI_LINUX_TCP_H */ |