Re: [PATCH net-next v2 3/3] net: tls: export protocol version, cipher, tx_conf/rx_conf to socket diag
From: Jakub Kicinski <hidden>
Date: 2019-08-29 21:57:11
On Thu, 29 Aug 2019 18:48:04 +0200, Davide Caratti wrote:
When an application configures kernel TLS on top of a TCP socket, it's now possible for inet_diag_handler() to collect information regarding the protocol version, the cipher type and TX / RX configuration, in case INET_DIAG_INFO is requested. Signed-off-by: Davide Caratti <redacted>
quoted hunk ↗ jump to hunk
diff --git a/include/net/tls.h b/include/net/tls.h index 4997742475cd..990f1d9182a3 100644 --- a/include/net/tls.h +++ b/include/net/tls.h@@ -431,6 +431,25 @@ static inline bool is_tx_ready(struct tls_sw_context_tx *ctx) return READ_ONCE(rec->tx_ready); } +static inline u16 tls_user_config(struct tls_context *ctx, bool tx) +{ + u16 config = tx ? ctx->tx_conf : ctx->rx_conf; + + switch (config) { + case TLS_BASE: + return TLS_CONF_BASE; + case TLS_SW: + return TLS_CONF_SW; +#ifdef CONFIG_TLS_DEVICE
Recently the TLS_HW define was taken out of the ifdef, so the ifdef around this is no longer necessary.
+ case TLS_HW: + return TLS_CONF_HW; +#endif + case TLS_HW_RECORD: + return TLS_CONF_HW_RECORD; + } + return 0; +} + struct sk_buff * tls_validate_xmit_skb(struct sock *sk, struct net_device *dev, struct sk_buff *skb);
quoted hunk ↗ jump to hunk
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index f8f2d2c3d627..3351a2ace369 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c@@ -39,6 +39,7 @@ #include <linux/netdevice.h> #include <linux/sched/signal.h> #include <linux/inetdevice.h> +#include <linux/inet_diag.h> #include <net/tls.h>@@ -835,6 +836,67 @@ static void tls_update(struct sock *sk, struct proto *p) } } +static int tls_get_info(const struct sock *sk, struct sk_buff *skb) +{ + struct tls_context *ctx; + u16 version, cipher_type;
Unfortunately revere christmas tree will be needed :(
+ struct nlattr *start; + int err;