Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/807339/?format=api
{ "id": 807339, "url": "http://patchwork.ozlabs.org/api/patches/807339/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/patch/20170829222954.24863-3-colona@arista.com/", "project": { "id": 7, "url": "http://patchwork.ozlabs.org/api/projects/7/?format=api", "name": "Linux network development", "link_name": "netdev", "list_id": "netdev.vger.kernel.org", "list_email": "netdev@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20170829222954.24863-3-colona@arista.com>", "list_archive_url": null, "date": "2017-08-29T22:29:54", "name": "[net-next,v3,2/2] tcp_diag: report TCP MD5 signing keys and addresses", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "dbb3a16184c2f813e3689ac0baf7ff1780885744", "submitter": { "id": 65664, "url": "http://patchwork.ozlabs.org/api/people/65664/?format=api", "name": "Ivan Delalande", "email": "colona@arista.com" }, "delegate": { "id": 34, "url": "http://patchwork.ozlabs.org/api/users/34/?format=api", "username": "davem", "first_name": "David", "last_name": "Miller", "email": "davem@davemloft.net" }, "mbox": "http://patchwork.ozlabs.org/project/netdev/patch/20170829222954.24863-3-colona@arista.com/mbox/", "series": [ { "id": 498, "url": "http://patchwork.ozlabs.org/api/series/498/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=498", "date": "2017-08-29T22:29:54", "name": "report TCP MD5 signing keys and addresses", "version": 3, "mbox": "http://patchwork.ozlabs.org/series/498/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/807339/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/807339/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<netdev-owner@vger.kernel.org>", "X-Original-To": "patchwork-incoming@ozlabs.org", "Delivered-To": "patchwork-incoming@ozlabs.org", "Authentication-Results": [ "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)", "ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=arista.com header.i=@arista.com\n\theader.b=\"n0bohDla\"; dkim-atps=neutral" ], "Received": [ "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xhjxg3fpkz9sNc\n\tfor <patchwork-incoming@ozlabs.org>;\n\tWed, 30 Aug 2017 08:29:59 +1000 (AEST)", "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751744AbdH2W35 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tTue, 29 Aug 2017 18:29:57 -0400", "from prod-mx.aristanetworks.com ([162.210.130.12]:25672 \"EHLO\n\tprod-mx.aristanetworks.com\" rhost-flags-OK-OK-OK-OK)\n\tby vger.kernel.org with ESMTP id S1751425AbdH2W3z (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Tue, 29 Aug 2017 18:29:55 -0400", "from prod-mx.aristanetworks.com (localhost [127.0.0.1])\n\tby prod-mx.aristanetworks.com (Postfix) with ESMTP id 1CCC995A7;\n\tTue, 29 Aug 2017 15:29:55 -0700 (PDT)", "from visor.sjc.aristanetworks.com\n\t(manila-157.sjc.aristanetworks.com [172.20.135.157])\n\tby prod-mx.aristanetworks.com (Postfix) with ESMTP id 103D295A4;\n\tTue, 29 Aug 2017 15:29:55 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com;\n\ts=AristaCom; t=1504045795;\n\tbh=9IiKUSca7j4h2Z9JUr2Ap8TUU/x5tCpWuZnmmb6DyrA=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References;\n\tb=n0bohDlaqFo64Gslf8TuASYXpYIDJznwxShefcimU156lrBcR8Z1SfesMwHmjFB5k\n\t7/JT4q06DI83auRiYFJcBLVPSBSczaW3Ul0V7GFaY9q4ZWe8KLosHpguQ8Y1bE61iD\n\tvqU7xgzUmnd1QE7K0qtUXnJfaYOPc2vYMEdzzlOQ=", "From": "Ivan Delalande <colona@arista.com>", "To": "David Miller <davem@davemloft.net>", "Cc": "Eric Dumazet <eric.dumazet@gmail.com>, netdev@vger.kernel.org,\n\tIvan Delalande <colona@arista.com>", "Subject": "[PATCH net-next v3 2/2] tcp_diag: report TCP MD5 signing keys and\n\taddresses", "Date": "Tue, 29 Aug 2017 15:29:54 -0700", "Message-Id": "<20170829222954.24863-3-colona@arista.com>", "X-Mailer": "git-send-email 2.14.1", "In-Reply-To": "<20170829222954.24863-1-colona@arista.com>", "References": "<20170829222954.24863-1-colona@arista.com>", "Sender": "netdev-owner@vger.kernel.org", "Precedence": "bulk", "List-ID": "<netdev.vger.kernel.org>", "X-Mailing-List": "netdev@vger.kernel.org" }, "content": "Report TCP MD5 (RFC2385) signing keys, addresses and address prefixes to\nprocesses with CAP_NET_ADMIN requesting INET_DIAG_INFO. Currently it is\nnot possible to retrieve these from the kernel once they have been\nconfigured on sockets.\n\nSigned-off-by: Ivan Delalande <colona@arista.com>\n---\n include/uapi/linux/inet_diag.h | 1 +\n net/ipv4/tcp_diag.c | 115 ++++++++++++++++++++++++++++++++++++++---\n 2 files changed, 110 insertions(+), 6 deletions(-)", "diff": "diff --git a/include/uapi/linux/inet_diag.h b/include/uapi/linux/inet_diag.h\nindex 678496897a68..f52ff62bfabe 100644\n--- a/include/uapi/linux/inet_diag.h\n+++ b/include/uapi/linux/inet_diag.h\n@@ -143,6 +143,7 @@ enum {\n \tINET_DIAG_MARK,\n \tINET_DIAG_BBRINFO,\n \tINET_DIAG_CLASS_ID,\n+\tINET_DIAG_MD5SIG,\n \t__INET_DIAG_MAX,\n };\n \ndiff --git a/net/ipv4/tcp_diag.c b/net/ipv4/tcp_diag.c\nindex a748c74aa8b7..f972f9f7eae4 100644\n--- a/net/ipv4/tcp_diag.c\n+++ b/net/ipv4/tcp_diag.c\n@@ -16,6 +16,7 @@\n \n #include <linux/tcp.h>\n \n+#include <net/netlink.h>\n #include <net/tcp.h>\n \n static void tcp_diag_get_info(struct sock *sk, struct inet_diag_msg *r,\n@@ -36,6 +37,106 @@ static void tcp_diag_get_info(struct sock *sk, struct inet_diag_msg *r,\n \t\ttcp_get_info(sk, info);\n }\n \n+#ifdef CONFIG_TCP_MD5SIG\n+static void inet_diag_md5sig_fill(struct tcp_md5sig *info,\n+\t\t\t\t const struct tcp_md5sig_key *key)\n+{\n+\t#if IS_ENABLED(CONFIG_IPV6)\n+\tif (key->family == AF_INET6) {\n+\t\tstruct sockaddr_in6 *sin6 =\n+\t\t\t(struct sockaddr_in6 *)&info->tcpm_addr;\n+\n+\t\tmemcpy(&sin6->sin6_addr, &key->addr.a6,\n+\t\t sizeof(struct in6_addr));\n+\t} else\n+\t#endif\n+\t{\n+\t\tstruct sockaddr_in *sin =\n+\t\t\t(struct sockaddr_in *)&info->tcpm_addr;\n+\n+\t\tmemcpy(&sin->sin_addr, &key->addr.a4, sizeof(struct in_addr));\n+\t}\n+\n+\tinfo->tcpm_addr.ss_family = key->family;\n+\tinfo->tcpm_prefixlen = key->prefixlen;\n+\tinfo->tcpm_keylen = key->keylen;\n+\tmemcpy(info->tcpm_key, key->key, key->keylen);\n+}\n+\n+static int inet_diag_put_md5sig(struct sk_buff *skb,\n+\t\t\t\tconst struct tcp_md5sig_info *md5sig)\n+{\n+\tconst struct tcp_md5sig_key *key;\n+\tstruct nlattr *attr;\n+\tstruct tcp_md5sig *info;\n+\tint md5sig_count = 0;\n+\n+\thlist_for_each_entry_rcu(key, &md5sig->head, node)\n+\t\tmd5sig_count++;\n+\tif (md5sig_count == 0)\n+\t\treturn 0;\n+\n+\tattr = nla_reserve(skb, INET_DIAG_MD5SIG,\n+\t\t\t md5sig_count * sizeof(struct tcp_md5sig));\n+\tif (!attr)\n+\t\treturn -EMSGSIZE;\n+\n+\tinfo = nla_data(attr);\n+\thlist_for_each_entry_rcu(key, &md5sig->head, node) {\n+\t\tinet_diag_md5sig_fill(info++, key);\n+\t\tif (--md5sig_count == 0)\n+\t\t\tbreak;\n+\t}\n+\tif (md5sig_count > 0)\n+\t\tmemset(info, 0, md5sig_count * sizeof(struct tcp_md5sig));\n+\n+\treturn 0;\n+}\n+#endif\n+\n+static int tcp_diag_get_aux(struct sock *sk, bool net_admin,\n+\t\t\t struct sk_buff *skb)\n+{\n+#ifdef CONFIG_TCP_MD5SIG\n+\tif (net_admin) {\n+\t\tstruct tcp_md5sig_info *md5sig;\n+\t\tint err = 0;\n+\n+\t\trcu_read_lock();\n+\t\tmd5sig = rcu_dereference(tcp_sk(sk)->md5sig_info);\n+\t\tif (md5sig)\n+\t\t\terr = inet_diag_put_md5sig(skb, md5sig);\n+\t\trcu_read_unlock();\n+\t\tif (err < 0)\n+\t\t\treturn err;\n+\t}\n+#endif\n+\n+\treturn 0;\n+}\n+\n+static size_t tcp_diag_get_aux_size(struct sock *sk, bool net_admin)\n+{\n+\tsize_t size = 0;\n+\n+#ifdef CONFIG_TCP_MD5SIG\n+\tif (sk_fullsock(sk)) {\n+\t\tconst struct tcp_md5sig_info *md5sig;\n+\t\tconst struct tcp_md5sig_key *key;\n+\n+\t\trcu_read_lock();\n+\t\tmd5sig = rcu_dereference(tcp_sk(sk)->md5sig_info);\n+\t\tif (md5sig) {\n+\t\t\thlist_for_each_entry_rcu(key, &md5sig->head, node)\n+\t\t\t\tsize += sizeof(struct tcp_md5sig);\n+\t\t}\n+\t\trcu_read_unlock();\n+\t}\n+#endif\n+\n+\treturn size;\n+}\n+\n static void tcp_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,\n \t\t\t const struct inet_diag_req_v2 *r, struct nlattr *bc)\n {\n@@ -68,13 +169,15 @@ static int tcp_diag_destroy(struct sk_buff *in_skb,\n #endif\n \n static const struct inet_diag_handler tcp_diag_handler = {\n-\t.dump\t\t = tcp_diag_dump,\n-\t.dump_one\t = tcp_diag_dump_one,\n-\t.idiag_get_info\t = tcp_diag_get_info,\n-\t.idiag_type\t = IPPROTO_TCP,\n-\t.idiag_info_size = sizeof(struct tcp_info),\n+\t.dump\t\t\t= tcp_diag_dump,\n+\t.dump_one\t\t= tcp_diag_dump_one,\n+\t.idiag_get_info\t\t= tcp_diag_get_info,\n+\t.idiag_get_aux\t\t= tcp_diag_get_aux,\n+\t.idiag_get_aux_size\t= tcp_diag_get_aux_size,\n+\t.idiag_type\t\t= IPPROTO_TCP,\n+\t.idiag_info_size\t= sizeof(struct tcp_info),\n #ifdef CONFIG_INET_DIAG_DESTROY\n-\t.destroy\t = tcp_diag_destroy,\n+\t.destroy\t\t= tcp_diag_destroy,\n #endif\n };\n \n", "prefixes": [ "net-next", "v3", "2/2" ] }