* [PATCH 1/2] tcp: add mode parameter to tcp_proc_register
@ 2017-06-23 1:40 Ivan Delalande
2017-06-23 1:40 ` [PATCH 2/2] tcp: md5: export all configured signature keys in /proc/net Ivan Delalande
2017-06-23 4:27 ` [PATCH 1/2] tcp: add mode parameter to tcp_proc_register David Miller
0 siblings, 2 replies; 4+ messages in thread
From: Ivan Delalande @ 2017-06-23 1:40 UTC (permalink / raw)
To: David Miller; +Cc: Eric Dumazet, netdev, linux-kernel, Ivan Delalande
This will be used to create a proc file that regular users cannot read.
Signed-off-by: Ivan Delalande <colona@arista.com>
---
include/net/tcp.h | 3 ++-
net/ipv4/tcp_ipv4.c | 7 ++++---
net/ipv6/tcp_ipv6.c | 2 +-
3 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 575f95cb8275..5d78f9af309e 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1753,7 +1753,8 @@ struct tcp_iter_state {
loff_t last_pos;
};
-int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo);
+int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo,
+ umode_t mode);
void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo);
extern struct request_sock_ops tcp_request_sock_ops;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 81d6c16aecdc..0ae3d7cd59a3 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2221,7 +2221,8 @@ int tcp_seq_open(struct inode *inode, struct file *file)
}
EXPORT_SYMBOL(tcp_seq_open);
-int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo)
+int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo,
+ umode_t mode)
{
int rc = 0;
struct proc_dir_entry *p;
@@ -2230,7 +2231,7 @@ int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo)
afinfo->seq_ops.next = tcp_seq_next;
afinfo->seq_ops.stop = tcp_seq_stop;
- p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net,
+ p = proc_create_data(afinfo->name, mode, net->proc_net,
afinfo->seq_fops, afinfo);
if (!p)
rc = -ENOMEM;
@@ -2396,7 +2397,7 @@ static struct tcp_seq_afinfo tcp4_seq_afinfo = {
static int __net_init tcp4_proc_init_net(struct net *net)
{
- return tcp_proc_register(net, &tcp4_seq_afinfo);
+ return tcp_proc_register(net, &tcp4_seq_afinfo, S_IRUGO);
}
static void __net_exit tcp4_proc_exit_net(struct net *net)
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index ae36442786ec..d97d6627666f 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1888,7 +1888,7 @@ static struct tcp_seq_afinfo tcp6_seq_afinfo = {
int __net_init tcp6_proc_init(struct net *net)
{
- return tcp_proc_register(net, &tcp6_seq_afinfo);
+ return tcp_proc_register(net, &tcp6_seq_afinfo, S_IRUGO);
}
void tcp6_proc_exit(struct net *net)
--
2.13.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] tcp: md5: export all configured signature keys in /proc/net
2017-06-23 1:40 [PATCH 1/2] tcp: add mode parameter to tcp_proc_register Ivan Delalande
@ 2017-06-23 1:40 ` Ivan Delalande
2017-06-25 1:38 ` kbuild test robot
2017-06-23 4:27 ` [PATCH 1/2] tcp: add mode parameter to tcp_proc_register David Miller
1 sibling, 1 reply; 4+ messages in thread
From: Ivan Delalande @ 2017-06-23 1:40 UTC (permalink / raw)
To: David Miller; +Cc: Eric Dumazet, netdev, linux-kernel, Ivan Delalande
Add files "tcpmd5" and "tcp6md5" in /proc/net containing all the TCP
MD5 keys configured for sockets using this signature option (RFC2385).
These files contain a line for each key configured on each socket, with
the index number of the socket (as found in /proc/net/tcp{,6}), its
inode number, the address, prefix length and the key itself.
Note that IPv4-mapped IPv6 addresses will be printed as a regular IPv4
address in the tcp6md5 file.
Signed-off-by: Ani Sinha <ani@arista.com>
Signed-off-by: Ken Kofman <kkofman@arista.com>
Signed-off-by: Ivan Delalande <colona@arista.com>
---
Documentation/filesystems/proc.txt | 2 ++
include/net/tcp.h | 1 +
net/ipv4/tcp.c | 55 ++++++++++++++++++++++++++++++++++++++
net/ipv4/tcp_ipv4.c | 29 +++++++++++++++++++-
net/ipv6/tcp_ipv6.c | 29 +++++++++++++++++++-
5 files changed, 114 insertions(+), 2 deletions(-)
diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
index 4cddbce85ac9..d52a03b2e534 100644
--- a/Documentation/filesystems/proc.txt
+++ b/Documentation/filesystems/proc.txt
@@ -1105,6 +1105,7 @@ Table 1-8: IPv6 info in /proc/net
File Content
udp6 UDP sockets (IPv6)
tcp6 TCP sockets (IPv6)
+ tcp6md5 MD5 signature keys configured on IPv6 TCP sockets
raw6 Raw device statistics (IPv6)
igmp6 IP multicast addresses, which this host joined (IPv6)
if_inet6 List of IPv6 interface addresses
@@ -1136,6 +1137,7 @@ Table 1-9: Network info in /proc/net
snmp SNMP data
sockstat Socket statistics
tcp TCP sockets
+ tcpmd5 MD5 signature keys configured on IPv4 TCP sockets
udp UDP sockets
unix UNIX domain sockets
wireless Wireless interface data (Wavelan etc)
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 5d78f9af309e..95c9dc47e0c5 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1450,6 +1450,7 @@ struct tcp_md5sig_key *tcp_v4_md5_lookup(const struct sock *sk,
struct tcp_md5sig_key *tcp_md5_do_lookup(const struct sock *sk,
const union tcp_md5_addr *addr,
int family);
+int tcp_md5_seq_show(struct seq_file *seq, void *v);
#define tcp_twsk_md5_key(twsk) ((twsk)->tw_md5_key)
#else
static inline struct tcp_md5sig_key *tcp_md5_do_lookup(const struct sock *sk,
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 2a68221d2e55..47bcaeed3605 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3279,6 +3279,61 @@ int tcp_md5_hash_key(struct tcp_md5sig_pool *hp, const struct tcp_md5sig_key *ke
}
EXPORT_SYMBOL(tcp_md5_hash_key);
+static void do_md5_seq_print_key(struct seq_file *seq,
+ const struct tcp_iter_state *st,
+ const struct tcp_md5sig_key *key,
+ unsigned long ino)
+{
+ if (key->keylen == 0)
+ return;
+
+ seq_printf(seq, "%4d: %6lu ", st->num, ino);
+ if (key->family == AF_INET)
+ seq_printf(seq, "%39pI4/%-3u ", &key->addr.a4, key->prefixlen);
+ else
+ seq_printf(seq, "%39pI6c/%-3u ", &key->addr.a6, key->prefixlen);
+ seq_printf(seq, "%*pE\n", key->keylen, key->key);
+}
+
+int tcp_md5_seq_show(struct seq_file *seq, void *v)
+{
+ struct sock *sp = v;
+ const struct tcp_sock *tp = tcp_sk(sp);
+ const struct tcp_iter_state *st = seq->private;
+ const struct tcp_md5sig_info *md5sig;
+ const struct tcp_md5sig_key *key;
+ unsigned long ino;
+
+ if (v == SEQ_START_TOKEN) {
+ seq_puts(seq, " sl inode addr key\n");
+ goto out;
+ }
+
+ if (sp->sk_state == TCP_TIME_WAIT) {
+ const struct tcp_timewait_sock *tcptw = tcp_twsk(sp);
+
+ key = tcptw->tw_md5_key;
+ if (key)
+ do_md5_seq_print_key(seq, st, key, 0);
+ goto out;
+ }
+
+ ino = sock_i_ino(sp);
+ rcu_read_lock();
+ md5sig = rcu_dereference(tp->md5sig_info);
+ if (!md5sig)
+ goto out_unlock;
+
+ hlist_for_each_entry_rcu(key, &md5sig->head, node) {
+ do_md5_seq_print_key(seq, st, key, ino);
+ }
+
+out_unlock:
+ rcu_read_unlock();
+out:
+ return 0;
+}
+EXPORT_SYMBOL(tcp_md5_seq_show);
#endif
void tcp_done(struct sock *sk)
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 0ae3d7cd59a3..d15a6e3cbdb2 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2395,13 +2395,40 @@ static struct tcp_seq_afinfo tcp4_seq_afinfo = {
},
};
+#ifdef CONFIG_TCP_MD5SIG
+static struct tcp_seq_afinfo tcp4_md5_seq_afinfo = {
+ .name = "tcpmd5",
+ .family = AF_INET,
+ .seq_fops = &tcp_afinfo_seq_fops,
+ .seq_ops = {
+ .show = tcp_md5_seq_show,
+ }
+};
+#endif
+
static int __net_init tcp4_proc_init_net(struct net *net)
{
- return tcp_proc_register(net, &tcp4_seq_afinfo, S_IRUGO);
+ if (tcp_proc_register(net, &tcp4_seq_afinfo, S_IRUGO))
+ goto out_tcp;
+#ifdef CONFIG_TCP_MD5SIG
+ if (tcp_proc_register(net, &tcp4_md5_seq_afinfo, S_IRUSR))
+ goto out_tcpmd5;
+#endif
+ return 0;
+
+#ifdef CONFIG_TCP_MD5SIG
+out_tcpmd5:
+ tcp_proc_unregister(net, &tcp4_seq_afinfo);
+#endif
+out_tcp:
+ return -ENOMEM;
}
static void __net_exit tcp4_proc_exit_net(struct net *net)
{
+#ifdef CONFIG_TCP_MD5SIG
+ tcp_proc_unregister(net, &tcp4_md5_seq_afinfo);
+#endif
tcp_proc_unregister(net, &tcp4_seq_afinfo);
}
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index d97d6627666f..006f5bfae50d 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1886,13 +1886,40 @@ static struct tcp_seq_afinfo tcp6_seq_afinfo = {
},
};
+#ifdef CONFIG_TCP_MD5SIG
+static struct tcp_seq_afinfo tcp6_md5_seq_afinfo = {
+ .name = "tcp6md5",
+ .family = AF_INET6,
+ .seq_fops = &tcp6_afinfo_seq_fops,
+ .seq_ops = {
+ .show = tcp_md5_seq_show,
+ }
+};
+#endif
+
int __net_init tcp6_proc_init(struct net *net)
{
- return tcp_proc_register(net, &tcp6_seq_afinfo, S_IRUGO);
+ if (tcp_proc_register(net, &tcp6_seq_afinfo, S_IRUGO))
+ goto out_tcp6;
+#ifdef CONFIG_TCP_MD5SIG
+ if (tcp_proc_register(net, &tcp6_md5_seq_afinfo, S_IRUSR))
+ goto out_tcp6md5;
+#endif
+ return 0;
+
+#ifdef CONFIG_TCP_MD5SIG
+out_tcp6md5:
+ tcp_proc_unregister(net, &tcp6_seq_afinfo);
+#endif
+out_tcp6:
+ return -ENOMEM;
}
void tcp6_proc_exit(struct net *net)
{
+#ifdef CONFIG_TCP_MD5SIG
+ tcp_proc_unregister(net, &tcp6_md5_seq_afinfo);
+#endif
tcp_proc_unregister(net, &tcp6_seq_afinfo);
}
#endif
--
2.13.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] tcp: add mode parameter to tcp_proc_register
2017-06-23 1:40 [PATCH 1/2] tcp: add mode parameter to tcp_proc_register Ivan Delalande
2017-06-23 1:40 ` [PATCH 2/2] tcp: md5: export all configured signature keys in /proc/net Ivan Delalande
@ 2017-06-23 4:27 ` David Miller
1 sibling, 0 replies; 4+ messages in thread
From: David Miller @ 2017-06-23 4:27 UTC (permalink / raw)
To: colona; +Cc: eric.dumazet, netdev, linux-kernel
From: Ivan Delalande <colona@arista.com>
Date: Thu, 22 Jun 2017 18:40:27 -0700
> This will be used to create a proc file that regular users cannot read.
>
> Signed-off-by: Ivan Delalande <colona@arista.com>
/proc is deprecated.
Export this information via inet_diag.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] tcp: md5: export all configured signature keys in /proc/net
2017-06-23 1:40 ` [PATCH 2/2] tcp: md5: export all configured signature keys in /proc/net Ivan Delalande
@ 2017-06-25 1:38 ` kbuild test robot
0 siblings, 0 replies; 4+ messages in thread
From: kbuild test robot @ 2017-06-25 1:38 UTC (permalink / raw)
To: Ivan Delalande
Cc: kbuild-all, David Miller, Eric Dumazet, netdev, linux-kernel,
Ivan Delalande
[-- Attachment #1: Type: text/plain, Size: 1877 bytes --]
Hi Ivan,
[auto build test ERROR on net/master]
[also build test ERROR on v4.12-rc6 next-20170623]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Ivan-Delalande/tcp-add-mode-parameter-to-tcp_proc_register/20170625-070707
config: x86_64-randconfig-x019-06250446 (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/ipv4/tcp.c: In function 'do_md5_seq_print_key':
net/ipv4/tcp.c:3300:53: error: 'const struct tcp_md5sig_key' has no member named 'prefixlen'
seq_printf(seq, "%39pI4/%-3u ", &key->addr.a4, key->prefixlen);
^~
>> net/ipv4/tcp.c:3302:46: error: 'const union tcp_md5_addr' has no member named 'a6'; did you mean 'a4'?
seq_printf(seq, "%39pI6c/%-3u ", &key->addr.a6, key->prefixlen);
^
net/ipv4/tcp.c:3302:54: error: 'const struct tcp_md5sig_key' has no member named 'prefixlen'
seq_printf(seq, "%39pI6c/%-3u ", &key->addr.a6, key->prefixlen);
^~
vim +3302 net/ipv4/tcp.c
3294 {
3295 if (key->keylen == 0)
3296 return;
3297
3298 seq_printf(seq, "%4d: %6lu ", st->num, ino);
3299 if (key->family == AF_INET)
> 3300 seq_printf(seq, "%39pI4/%-3u ", &key->addr.a4, key->prefixlen);
3301 else
> 3302 seq_printf(seq, "%39pI6c/%-3u ", &key->addr.a6, key->prefixlen);
3303 seq_printf(seq, "%*pE\n", key->keylen, key->key);
3304 }
3305
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 29567 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-06-25 1:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-23 1:40 [PATCH 1/2] tcp: add mode parameter to tcp_proc_register Ivan Delalande
2017-06-23 1:40 ` [PATCH 2/2] tcp: md5: export all configured signature keys in /proc/net Ivan Delalande
2017-06-25 1:38 ` kbuild test robot
2017-06-23 4:27 ` [PATCH 1/2] tcp: add mode parameter to tcp_proc_register David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).