From: David S. Miller Date: Sat, 2 Sep 2017 01:38:09 +0000 (-0700) Subject: Merge branch 'inet_diag-TCP-MD5' X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=d49e3a9f5ec493270d53b7796be4da9a1a804ce3;p=openwrt%2Fstaging%2Fblogic.git Merge branch 'inet_diag-TCP-MD5' Ivan Delalande says: ==================== inet_diag: report TCP MD5 signing keys and addresses Allow userspace to retrieve MD5 signature keys and addresses configured on TCP sockets through inet_diag. Thanks to Eric Dumazet and Stephen Hemminger for their useful explanations and feedback. v5: - memset the whole netlink payload after it has been nla_reserve-d in tcp_diag_put_md5sig (a third memset had to be added for tcpm_key so we might as well have just one for entire region). - move the nla_total_size call from inet_sk_attr_size to the idiag_get_aux_size defined by protocols as they could add multiple netlink attributes, - add check for net_admin in tcp_diag_get_aux_size. v4: - add new struct tcp_diag_md5sig to report the data instead of tcp_md5sig to avoid wasting 112 bytes on every tcpm_addr, - memset tcpm_addr on IPv4 addresses to avoid leaks, - style fix in inet_diag_dump_one_icsk. v3: - rename inet_diag_*md5sig in tcp_diag.c to tcp_diag_* for consistency, - don't lock the socket in tcp_diag_put_md5sig, - add checks on md5sig_count in tcp_diag_put_md5sig to not create the netlink attribute if the list is empty, and to avoid overflows or memory leaks if the list has changed in the meantime. v2: - move changes to tcp_diag.c and extend inet_diag_handler to allow protocols to provide additional data on INET_DIAG_INFO, - lock socket before calling tcp_diag_put_md5sig. I also have a patch for iproute2/ss to test this change, making it print this new attribute. I'm planning to polish and send it if this series gets applied. ==================== Signed-off-by: David S. Miller --- d49e3a9f5ec493270d53b7796be4da9a1a804ce3