| Message ID | 1406740415-9386-1-git-send-email-dbanerje@akamai.com |
|---|---|
| State | Superseded, archived |
| Delegated to: | David Miller |
| Headers | show |
Hello. On 07/30/2014 09:13 PM, Debabrata Banerjee wrote: > commit d23ff701643a4a725e2c7a8ba2d567d39daa29ea introduced netlink support for Please also specify that commit's summary line in parens. > the new tcp_metrics, however it restricted getting of tcp_metrics to root user > only. This is a change from how these values could have been fetched when in > the old route cache. Unless there's a legitimate reason to restrict the reading > of these values it would be better if normal users could fetch them. > Cc: Julian Anastasov <ja@ssi.bg> > Cc: linux-kernel@vger.kernel.org You need to sign off on the patch, else it couldn't be applied. WBR, Sergei -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hello, On Wed, 30 Jul 2014, Debabrata Banerjee wrote: > commit d23ff701643a4a725e2c7a8ba2d567d39daa29ea introduced netlink support for > the new tcp_metrics, however it restricted getting of tcp_metrics to root user > only. This is a change from how these values could have been fetched when in > the old route cache. Unless there's a legitimate reason to restrict the reading > of these values it would be better if normal users could fetch them. Not sure how fatal is to show TCP fastopen cookies to any user. Otherwise, I don't remember for other restrictions. Regards -- Julian Anastasov <ja@ssi.bg> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi, On 7/30/14, 3:33 PM, "Julian Anastasov" <ja@ssi.bg> wrote: >On Wed, 30 Jul 2014, Debabrata Banerjee wrote: > >> commit d23ff701643a4a725e2c7a8ba2d567d39daa29ea introduced netlink >>support for >> the new tcp_metrics, however it restricted getting of tcp_metrics to >>root user >> only. This is a change from how these values could have been fetched >>when in >> the old route cache. Unless there's a legitimate reason to restrict the >>reading >> of these values it would be better if normal users could fetch them. > > Not sure how fatal is to show TCP fastopen cookies to >any user. Otherwise, I don't remember for other restrictions. TFO cookie as reported is sent in the clear in the tcp header. It is not the secret/key used to generate the cookie, so this should be fine. -Debabrata -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c index 4fe0418..0d54e59 100644 --- a/net/ipv4/tcp_metrics.c +++ b/net/ipv4/tcp_metrics.c @@ -1093,7 +1093,6 @@ static const struct genl_ops tcp_metrics_nl_ops[] = { .doit = tcp_metrics_nl_cmd_get, .dumpit = tcp_metrics_nl_dump, .policy = tcp_metrics_nl_policy, - .flags = GENL_ADMIN_PERM, }, { .cmd = TCP_METRICS_CMD_DEL,