On Thu, 29 Aug 2019 18:48:04 +0200, Davide Caratti wrote:
> When an application configures kernel TLS on top of a TCP socket, it's
> now possible for inet_diag_handler() to collect information regarding the
> protocol version, the cipher type and TX / RX configuration, in case
> INET_DIAG_INFO is requested.
>
> Signed-off-by: Davide Caratti <dcara...@redhat.com>
> diff --git a/include/net/tls.h b/include/net/tls.h
> index 4997742475cd..990f1d9182a3 100644
> --- a/include/net/tls.h
> +++ b/include/net/tls.h
> @@ -431,6 +431,25 @@ static inline bool is_tx_ready(struct tls_sw_context_tx
> *ctx)
> return READ_ONCE(rec->tx_ready);
> }
>
> +static inline u16 tls_user_config(struct tls_context *ctx, bool tx)
> +{
> + u16 config = tx ? ctx->tx_conf : ctx->rx_conf;
> +
> + switch (config) {
> + case TLS_BASE:
> + return TLS_CONF_BASE;
> + case TLS_SW:
> + return TLS_CONF_SW;
> +#ifdef CONFIG_TLS_DEVICE
Recently the TLS_HW define was taken out of the ifdef, so the ifdef
around this is no longer necessary.
> + case TLS_HW:
> + return TLS_CONF_HW;
> +#endif
> + case TLS_HW_RECORD:
> + return TLS_CONF_HW_RECORD;
> + }
> + return 0;
> +}
> +
> struct sk_buff *
> tls_validate_xmit_skb(struct sock *sk, struct net_device *dev,
> struct sk_buff *skb);
> diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> index f8f2d2c3d627..3351a2ace369 100644
> --- a/net/tls/tls_main.c
> +++ b/net/tls/tls_main.c
> @@ -39,6 +39,7 @@
> #include <linux/netdevice.h>
> #include <linux/sched/signal.h>
> #include <linux/inetdevice.h>
> +#include <linux/inet_diag.h>
>
> #include <net/tls.h>
>
> @@ -835,6 +836,67 @@ static void tls_update(struct sock *sk, struct proto *p)
> }
> }
>
> +static int tls_get_info(const struct sock *sk, struct sk_buff *skb)
> +{
> + struct tls_context *ctx;
> + u16 version, cipher_type;
Unfortunately revere christmas tree will be needed :(
> + struct nlattr *start;
> + int err;
