Make IPv6 SOCK_RAW sockets operate like IPv6 UDP and TCP sockets with
respect to IPv4 mapped addresses by calling IPv4 raw_sendmsg from
rawv6_sendmsg to send those messages out.
Signed-off-by: Travis Brown <trav...@arista.com>
Signed-off-by: Ivan Delalande <col...@arista.com>
---
These keys are reported by kernel 4.14 and later under the
INET_DIAG_MD5SIG attribute, when INET_DIAG_INFO is requested (ss -i)
and we have CAP_NET_ADMIN. The additional output looks like:
md5keys:fe80::/64=signing_key,10.1.2.0/24=foobar,::1/128=Test
Signed-off-by: Ivan Delalande <
Keep it as simple as possible for now: just escape anything that is not
isprint-able, is among the "escape" parameter or '\' as an octal escape
sequence. This should be pretty easy to extend if any other user needs
something more complex in the future.
Signed-off-by: Ivan Dela
On Fri, Sep 01, 2017 at 01:26:33AM +0200, Sabrina Dubroca wrote:
> 2017-08-31, 09:59:39 -0700, Ivan Delalande wrote:
> > diff --git a/net/ipv4/tcp_diag.c b/net/ipv4/tcp_diag.c
> > index a748c74aa8b7..abbf0edcf6c2 100644
> > --- a/net/ipv4/tcp_diag.c
> >
Extend inet_diag_handler to allow individual protocols to report
additional data on INET_DIAG_INFO through idiag_get_aux. The size
can be dynamic and is computed by idiag_get_aux_size.
Signed-off-by: Ivan Delalande <col...@arista.com>
---
include/linux/inet_diag.h | 7 +++
ne
to polish and send it if this series
gets applied.
Ivan Delalande (2):
inet_diag: allow protocols to provide additional data
tcp_diag: report TCP MD5 signing keys and addresses
include/linux/inet_diag.h | 7 +++
include/uapi/linux/inet_diag.h | 1 +
include/uapi/linux/tcp.h | 9
Report TCP MD5 (RFC2385) signing keys, addresses and address prefixes to
processes with CAP_NET_ADMIN requesting INET_DIAG_INFO. Currently it is
not possible to retrieve these from the kernel once they have been
configured on sockets.
Signed-off-by: Ivan Delalande <col...@arista.com>
---
i
Report TCP MD5 (RFC2385) signing keys, addresses and address prefixes to
processes with CAP_NET_ADMIN requesting INET_DIAG_INFO. Currently it is
not possible to retrieve these from the kernel once they have been
configured on sockets.
Signed-off-by: Ivan Delalande <col...@arista.com>
---
i
Extend inet_diag_handler to allow individual protocols to report
additional data on INET_DIAG_INFO through idiag_get_aux. The size
can be dynamic and is computed by idiag_get_aux_size.
Signed-off-by: Ivan Delalande <col...@arista.com>
---
include/linux/inet_diag.h | 7 +++
ne
on INET_DIAG_INFO,
- lock socket before calling tcp_diag_put_md5sig.
I also have a patch for iproute2/ss to test this change, making it print
this new attribute. I'm planning to polish and send it if this series
gets applied.
Ivan Delalande (2):
inet_diag: allow protocols to provide additional data
to provide additional data on INET_DIAG_INFO,
- lock socket before calling tcp_diag_put_md5sig.
I also have a patch for iproute2/ss to test this change, making it print
this new attribute. I'm planning to polish and send it if this series
gets applied.
Ivan Delalande (2):
inet_diag: allow
Report TCP MD5 (RFC2385) signing keys, addresses and address prefixes to
processes with CAP_NET_ADMIN requesting INET_DIAG_INFO. Currently it is
not possible to retrieve these from the kernel once they have been
configured on sockets.
Signed-off-by: Ivan Delalande <col...@arista.com>
---
i
Extend inet_diag_handler to allow individual protocols to report
additional data on INET_DIAG_INFO through idiag_get_aux. The size
can be dynamic and is computed by idiag_get_aux_size.
Signed-off-by: Ivan Delalande <col...@arista.com>
---
include/linux/inet_diag.h | 7 +++
ne
On Fri, Aug 25, 2017 at 08:41:25PM -0700, Eric Dumazet wrote:
> On Fri, 2017-08-25 at 18:53 -0700, Ivan Delalande wrote:
> > Report TCP MD5 (RFC2385) signing keys, addresses and address prefixes to
> > processes with CAP_NET_ADMIN requesting INET_DIAG_INFO. Currently it is
&
Extend inet_diag_handler to allow individual protocols to report
additional data on INET_DIAG_INFO through idiag_get_aux. The size
can be dynamic and is computed by idiag_get_aux_size.
Signed-off-by: Ivan Delalande <col...@arista.com>
---
include/linux/inet_diag.h | 7 +++
ne
Report TCP MD5 (RFC2385) signing keys, addresses and address prefixes to
processes with CAP_NET_ADMIN requesting INET_DIAG_INFO. Currently it is
not possible to retrieve these from the kernel once they have been
configured on sockets.
Signed-off-by: Ivan Delalande <col...@arista.com>
---
i
Report TCP MD5 (RFC2385) signing keys, addresses and address prefixes to
processes with CAP_NET_ADMIN requesting INET_DIAG_INFO. Currently it is
not possible to retrieve these from the kernel once they have been
configured on sockets.
Signed-off-by: Ivan Delalande <col...@arista.com>
---
i
This will be used to create a proc file that regular users cannot read.
Signed-off-by: Ivan Delalande <col...@arista.com>
---
include/net/tcp.h | 3 ++-
net/ipv4/tcp_ipv4.c | 7 ---
net/ipv6/tcp_ipv6.c | 2 +-
3 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/include/net
}), its
inode number, the address, prefix length and the key itself.
Note that IPv4-mapped IPv6 addresses will be printed as a regular IPv4
address in the tcp6md5 file.
Signed-off-by: Ani Sinha <a...@arista.com>
Signed-off-by: Ken Kofman <kkof...@arista.com>
Signed-off-by: I
This allows the keys used for TCP MD5 signature to be used for whole
range of addresses, specified with a prefix length, instead of only one
address as it currently is.
Signed-off-by: Bob Gilligan <gilli...@arista.com>
Signed-off-by: Eric Mowat <mo...@arista.com>
Signed-off-by: Iv
, and
tcpm_prefixlen only when the TCP_MD5SIG_FLAG_PREFIX flag is set.
Signed-off-by: Bob Gilligan <gilli...@arista.com>
Signed-off-by: Eric Mowat <mo...@arista.com>
Signed-off-by: Ivan Delalande <col...@arista.com>
---
include/net/tcp.h| 1 +
include/uapi/linux/tcp.h | 9 +++
On Sat, Jun 10, 2017 at 06:58:11PM -0400, David Miller wrote:
> From: Ivan Delalande <col...@arista.com>
> Date: Fri, 9 Jun 2017 19:14:49 -0700
>
> > Add a flag field and address prefix length at the end of the tcp_md5sig
> > structure so users can configure an
-by: Bob Gilligan <gilli...@arista.com>
Signed-off-by: Eric Mowat <mo...@arista.com>
Signed-off-by: Ivan Delalande <col...@arista.com>
---
include/uapi/linux/tcp.h | 8
net/ipv4/tcp_ipv4.c | 15 +++
net/ipv6/tcp_ipv6.c | 24 +--
This allows the keys used for TCP MD5 signature to be used for whole
range of addresses, specified with a prefix length, instead of only one
address as it currently is.
Signed-off-by: Bob Gilligan <gilli...@arista.com>
Signed-off-by: Eric Mowat <mo...@arista.com>
Signed-off-by: Iv
On Tue, Jun 06, 2017 at 09:08:22PM -0700, Eric Dumazet wrote:
> On Tue, 2017-06-06 at 17:54 -0700, Ivan Delalande wrote:
>> diff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h
>> index 38a2b07afdff..52ac30aa0652 100644
>> --- a/include/uapi/linux/tcp.h
>&g
This allows the keys used for TCP MD5 signature to be used for whole
range of addresses, specified with a prefix length, instead of only one
address as it currently is.
Signed-off-by: Bob Gilligan <gilli...@arista.com>
Signed-off-by: Eric Mowat <mo...@arista.com>
Signed-off-by: Iv
;
Signed-off-by: Ivan Delalande <col...@arista.com>
---
include/uapi/linux/tcp.h | 6 +-
net/ipv4/tcp_ipv4.c | 13 +++--
net/ipv6/tcp_ipv6.c | 20 +++-
3 files changed, 31 insertions(+), 8 deletions(-)
diff --git a/include/uapi/linux/tcp.h b/include/uapi
27 matches
Mail list logo