Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/808316/?format=api
{ "id": 808316, "url": "http://patchwork.ozlabs.org/api/patches/808316/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/patch/20170831165939.5121-3-colona@arista.com/", "project": { "id": 7, "url": "http://patchwork.ozlabs.org/api/projects/7/?format=api", "name": "Linux network development", "link_name": "netdev", "list_id": "netdev.vger.kernel.org", "list_email": "netdev@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20170831165939.5121-3-colona@arista.com>", "list_archive_url": null, "date": "2017-08-31T16:59:39", "name": "[net-next,v5,2/2] tcp_diag: report TCP MD5 signing keys and addresses", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "6b5296b27890f5d564dde678ad96a2fa55e7e16c", "submitter": { "id": 65664, "url": "http://patchwork.ozlabs.org/api/people/65664/?format=api", "name": "Ivan Delalande", "email": "colona@arista.com" }, "delegate": { "id": 34, "url": "http://patchwork.ozlabs.org/api/users/34/?format=api", "username": "davem", "first_name": "David", "last_name": "Miller", "email": "davem@davemloft.net" }, "mbox": "http://patchwork.ozlabs.org/project/netdev/patch/20170831165939.5121-3-colona@arista.com/mbox/", "series": [ { "id": 881, "url": "http://patchwork.ozlabs.org/api/series/881/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=881", "date": "2017-08-31T16:59:39", "name": "report TCP MD5 signing keys and addresses", "version": 5, "mbox": "http://patchwork.ozlabs.org/series/881/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/808316/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/808316/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<netdev-owner@vger.kernel.org>", "X-Original-To": "patchwork-incoming@ozlabs.org", "Delivered-To": "patchwork-incoming@ozlabs.org", "Authentication-Results": [ "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)", "ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=arista.com header.i=@arista.com\n\theader.b=\"DfV73n9W\"; dkim-atps=neutral" ], "Received": [ "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xjpWh54Nwz9s81\n\tfor <patchwork-incoming@ozlabs.org>;\n\tFri, 1 Sep 2017 02:59:44 +1000 (AEST)", "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751985AbdHaQ7n (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tThu, 31 Aug 2017 12:59:43 -0400", "from prod-mx.aristanetworks.com ([162.210.130.12]:60500 \"EHLO\n\tprod-mx.aristanetworks.com\" rhost-flags-OK-OK-OK-OK)\n\tby vger.kernel.org with ESMTP id S1751956AbdHaQ7k (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Thu, 31 Aug 2017 12:59:40 -0400", "from prod-mx.aristanetworks.com (localhost [127.0.0.1])\n\tby prod-mx.aristanetworks.com (Postfix) with ESMTP id E8B0A9603;\n\tThu, 31 Aug 2017 09:59:39 -0700 (PDT)", "from visor.sjc.aristanetworks.com\n\t(manila-157.sjc.aristanetworks.com [172.20.135.157])\n\tby prod-mx.aristanetworks.com (Postfix) with ESMTP id DC2B99602;\n\tThu, 31 Aug 2017 09:59:39 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com;\n\ts=AristaCom; t=1504198779;\n\tbh=Lb2ho7nsXhY3boAKSQQhXY3geKfDl5pJgCPpNgtPH98=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References;\n\tb=DfV73n9W+ikyynB7URVskLZIEzYW+H96H3+PlXe5wyoYzELYP5eAU6FVQQTO9c/z4\n\tMasRGiNrweQQm1wt1W3zDauN2AYe2ZoU2Oewe8GTpAXsVz1SH94pfSvb7E78mkzgFN\n\t374S0w4fulFBrSs9d/dFIZuTztGu/noxn1Ld5RFQ=", "From": "Ivan Delalande <colona@arista.com>", "To": "David Miller <davem@davemloft.net>", "Cc": "Eric Dumazet <eric.dumazet@gmail.com>, netdev@vger.kernel.org,\n\tIvan Delalande <colona@arista.com>", "Subject": "[PATCH net-next v5 2/2] tcp_diag: report TCP MD5 signing keys and\n\taddresses", "Date": "Thu, 31 Aug 2017 09:59:39 -0700", "Message-Id": "<20170831165939.5121-3-colona@arista.com>", "X-Mailer": "git-send-email 2.14.1", "In-Reply-To": "<20170831165939.5121-1-colona@arista.com>", "References": "<20170831165939.5121-1-colona@arista.com>", "Sender": "netdev-owner@vger.kernel.org", "Precedence": "bulk", "List-ID": "<netdev.vger.kernel.org>", "X-Mailing-List": "netdev@vger.kernel.org" }, "content": "Report TCP MD5 (RFC2385) signing keys, addresses and address prefixes to\nprocesses with CAP_NET_ADMIN requesting INET_DIAG_INFO. Currently it is\nnot possible to retrieve these from the kernel once they have been\nconfigured on sockets.\n\nSigned-off-by: Ivan Delalande <colona@arista.com>\n---\n include/uapi/linux/inet_diag.h | 1 +\n include/uapi/linux/tcp.h | 9 ++++\n net/ipv4/tcp_diag.c | 109 ++++++++++++++++++++++++++++++++++++++---\n 3 files changed, 113 insertions(+), 6 deletions(-)", "diff": "diff --git a/include/uapi/linux/inet_diag.h b/include/uapi/linux/inet_diag.h\nindex 678496897a68..f52ff62bfabe 100644\n--- a/include/uapi/linux/inet_diag.h\n+++ b/include/uapi/linux/inet_diag.h\n@@ -143,6 +143,7 @@ enum {\n \tINET_DIAG_MARK,\n \tINET_DIAG_BBRINFO,\n \tINET_DIAG_CLASS_ID,\n+\tINET_DIAG_MD5SIG,\n \t__INET_DIAG_MAX,\n };\n \ndiff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h\nindex 030e594bab45..15c25eccab2b 100644\n--- a/include/uapi/linux/tcp.h\n+++ b/include/uapi/linux/tcp.h\n@@ -256,4 +256,13 @@ struct tcp_md5sig {\n \t__u8\ttcpm_key[TCP_MD5SIG_MAXKEYLEN];\t\t/* key (binary) */\n };\n \n+/* INET_DIAG_MD5SIG */\n+struct tcp_diag_md5sig {\n+\t__u8\ttcpm_family;\n+\t__u8\ttcpm_prefixlen;\n+\t__u16\ttcpm_keylen;\n+\t__be32\ttcpm_addr[4];\n+\t__u8\ttcpm_key[TCP_MD5SIG_MAXKEYLEN];\n+};\n+\n #endif /* _UAPI_LINUX_TCP_H */\ndiff --git a/net/ipv4/tcp_diag.c b/net/ipv4/tcp_diag.c\nindex a748c74aa8b7..abbf0edcf6c2 100644\n--- a/net/ipv4/tcp_diag.c\n+++ b/net/ipv4/tcp_diag.c\n@@ -16,6 +16,7 @@\n \n #include <linux/tcp.h>\n \n+#include <net/netlink.h>\n #include <net/tcp.h>\n \n static void tcp_diag_get_info(struct sock *sk, struct inet_diag_msg *r,\n@@ -36,6 +37,100 @@ static void tcp_diag_get_info(struct sock *sk, struct inet_diag_msg *r,\n \t\ttcp_get_info(sk, info);\n }\n \n+#ifdef CONFIG_TCP_MD5SIG\n+static void tcp_diag_md5sig_fill(struct tcp_diag_md5sig *info,\n+\t\t\t\t const struct tcp_md5sig_key *key)\n+{\n+\tinfo->tcpm_family = key->family;\n+\tinfo->tcpm_prefixlen = key->prefixlen;\n+\tinfo->tcpm_keylen = key->keylen;\n+\tmemcpy(info->tcpm_key, key->key, key->keylen);\n+\n+\tif (key->family == AF_INET)\n+\t\tinfo->tcpm_addr[0] = key->addr.a4.s_addr;\n+\t#if IS_ENABLED(CONFIG_IPV6)\n+\telse if (key->family == AF_INET6)\n+\t\tmemcpy(&info->tcpm_addr, &key->addr.a6,\n+\t\t sizeof(info->tcpm_addr));\n+\t#endif\n+}\n+\n+static int tcp_diag_put_md5sig(struct sk_buff *skb,\n+\t\t\t const struct tcp_md5sig_info *md5sig)\n+{\n+\tconst struct tcp_md5sig_key *key;\n+\tstruct tcp_diag_md5sig *info;\n+\tstruct nlattr *attr;\n+\tint md5sig_count = 0;\n+\n+\thlist_for_each_entry_rcu(key, &md5sig->head, node)\n+\t\tmd5sig_count++;\n+\tif (md5sig_count == 0)\n+\t\treturn 0;\n+\n+\tattr = nla_reserve(skb, INET_DIAG_MD5SIG,\n+\t\t\t md5sig_count * sizeof(struct tcp_diag_md5sig));\n+\tif (!attr)\n+\t\treturn -EMSGSIZE;\n+\n+\tinfo = nla_data(attr);\n+\tmemset(info, 0, md5sig_count * sizeof(struct tcp_diag_md5sig));\n+\thlist_for_each_entry_rcu(key, &md5sig->head, node) {\n+\t\ttcp_diag_md5sig_fill(info++, key);\n+\t\tif (--md5sig_count == 0)\n+\t\t\tbreak;\n+\t}\n+\n+\treturn 0;\n+}\n+#endif\n+\n+static int tcp_diag_get_aux(struct sock *sk, bool net_admin,\n+\t\t\t struct sk_buff *skb)\n+{\n+#ifdef CONFIG_TCP_MD5SIG\n+\tif (net_admin) {\n+\t\tstruct tcp_md5sig_info *md5sig;\n+\t\tint err = 0;\n+\n+\t\trcu_read_lock();\n+\t\tmd5sig = rcu_dereference(tcp_sk(sk)->md5sig_info);\n+\t\tif (md5sig)\n+\t\t\terr = tcp_diag_put_md5sig(skb, md5sig);\n+\t\trcu_read_unlock();\n+\t\tif (err < 0)\n+\t\t\treturn err;\n+\t}\n+#endif\n+\n+\treturn 0;\n+}\n+\n+static size_t tcp_diag_get_aux_size(struct sock *sk, bool net_admin)\n+{\n+\tsize_t size = 0;\n+\n+#ifdef CONFIG_TCP_MD5SIG\n+\tif (net_admin && sk_fullsock(sk)) {\n+\t\tconst struct tcp_md5sig_info *md5sig;\n+\t\tconst struct tcp_md5sig_key *key;\n+\t\tsize_t md5sig_count = 0;\n+\n+\t\trcu_read_lock();\n+\t\tmd5sig = rcu_dereference(tcp_sk(sk)->md5sig_info);\n+\t\tif (md5sig) {\n+\t\t\thlist_for_each_entry_rcu(key, &md5sig->head, node)\n+\t\t\t\tmd5sig_count++;\n+\t\t}\n+\t\trcu_read_unlock();\n+\t\tsize += nla_total_size(md5sig_count *\n+\t\t\t\t sizeof(struct tcp_diag_md5sig));\n+\t}\n+#endif\n+\n+\treturn size;\n+}\n+\n static void tcp_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,\n \t\t\t const struct inet_diag_req_v2 *r, struct nlattr *bc)\n {\n@@ -68,13 +163,15 @@ static int tcp_diag_destroy(struct sk_buff *in_skb,\n #endif\n \n static const struct inet_diag_handler tcp_diag_handler = {\n-\t.dump\t\t = tcp_diag_dump,\n-\t.dump_one\t = tcp_diag_dump_one,\n-\t.idiag_get_info\t = tcp_diag_get_info,\n-\t.idiag_type\t = IPPROTO_TCP,\n-\t.idiag_info_size = sizeof(struct tcp_info),\n+\t.dump\t\t\t= tcp_diag_dump,\n+\t.dump_one\t\t= tcp_diag_dump_one,\n+\t.idiag_get_info\t\t= tcp_diag_get_info,\n+\t.idiag_get_aux\t\t= tcp_diag_get_aux,\n+\t.idiag_get_aux_size\t= tcp_diag_get_aux_size,\n+\t.idiag_type\t\t= IPPROTO_TCP,\n+\t.idiag_info_size\t= sizeof(struct tcp_info),\n #ifdef CONFIG_INET_DIAG_DESTROY\n-\t.destroy\t = tcp_diag_destroy,\n+\t.destroy\t\t= tcp_diag_destroy,\n #endif\n };\n \n", "prefixes": [ "net-next", "v5", "2/2" ] }