16 Jun, 2015
1 commit
-
These groups will contain socket-destruction events for
AF_INET/AF_INET6, IPPROTO_TCP/IPPROTO_UDP.Near the end of socket destruction, a check for listeners is
performed. In the presence of a listener, rather than completely
cleanup the socket, a unit of work will be added to a private
work queue which will first broadcast information about the socket
and then finish the cleanup operation.Signed-off-by: Craig Gallek
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller
12 Mar, 2015
1 commit
-
A long standing problem in netlink socket dumps is the use
of kernel socket addresses as cookies.1) It is a security concern.
2) Sockets can be reused quite quickly, so there is
no guarantee a cookie is used once and identify
a flow.3) request sock, establish sock, and timewait socks
for a given flow have different cookies.Part of our effort to bring better TCP statistics requires
to switch to a different allocator.In this patch, I chose to use a per network namespace 64bit generator,
and to use it only in the case a socket needs to be dumped to netlink.
(This might be refined later if needed)Note that I tried to carry cookies from request sock, to establish sock,
then timewait sockets.Signed-off-by: Eric Dumazet
Cc: Eric Salo
Signed-off-by: David S. Miller
11 Mar, 2015
1 commit
-
sock_diag_check_cookie() second parameter is constant
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
25 Apr, 2014
1 commit
-
The permission check in sock_diag_put_filterinfo is wrong, and it is so removed
from it's sources it is not clear why it is wrong. Move the computation
into packet_diag_dump and pass a bool of the result into sock_diag_filterinfo.This does not yet correct the capability check but instead simply moves it to make
it clear what is going on.Reported-by: Andy Lutomirski
Signed-off-by: "Eric W. Biederman"
Signed-off-by: David S. Miller
23 Apr, 2014
1 commit
-
The caller needs capabilities on the namespace being queried, not on
their own namespace. This is a security bug, although it likely has
only a minor impact.Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski
Acked-by: Nicolas Dichtel
Signed-off-by: David S. Miller
30 Apr, 2013
1 commit
-
This patch allows to dump BPF filters attached to a socket with
SO_ATTACH_FILTER.
Note that we check CAP_SYS_ADMIN before allowing to dump this info.For now, only AF_PACKET sockets use this feature.
Signed-off-by: Nicolas Dichtel
Signed-off-by: David S. Miller
13 Oct, 2012
1 commit
-
Signed-off-by: David Howells
Acked-by: Arnd Bergmann
Acked-by: Thomas Gleixner
Acked-by: Michael Kerrisk
Acked-by: Paul E. McKenney
Acked-by: Dave Jones
17 Jul, 2012
1 commit
-
Before this patch sock_diag works for init_net only and dumps
information about sockets from all namespaces.This patch expands sock_diag for all name-spaces.
It creates a netlink kernel socket for each netns and filters
data during dumping.v2: filter accoding with netns in all places
remove an unused variable.Cc: "David S. Miller"
Cc: Alexey Kuznetsov
Cc: James Morris
Cc: Hideaki YOSHIFUJI
Cc: Patrick McHardy
Cc: Pavel Emelyanov
CC: Eric Dumazet
Cc: linux-kernel@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Andrew Vagin
Acked-by: Pavel Emelyanov
Signed-off-by: David S. Miller
04 Jun, 2012
1 commit
-
Adding socket backlog len in INET_DIAG_SKMEMINFO is really useful to
diagnose various TCP problems.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
26 Apr, 2012
1 commit
-
read only, so change it to const.
Signed-off-by: Shan Wei
Acked-by: Pavel Emelyanov
Signed-off-by: David S. Miller
31 Dec, 2011
2 commits
-
Add a routine that dumps memory-related values of a socket.
It's made as an array to make it possible to add more stuff
here later without breaking compatibility.Since v1: The SK_MEMINFO_ constants are in userspace
visible part of sock_diag.h, the rest is under __KERNEL__.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
Properly toss existing components around the ifdef __KERNEL__
and include the header into the header-y target.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller
17 Dec, 2011
2 commits
-
The sk address is used as a cookie between dump/get_exact calls.
It will be required for unix socket sdumping, so move it from
inet_diag to sock_diag.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
It should belong to sock_diag, not inet_diag.
Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller
07 Dec, 2011
1 commit
-
When receiving the SOCK_DIAG_BY_FAMILY message we have to find the
handler for provided family and pass the nl message to it.This patch describes an infrastructure to work with such nandlers
and implements stubs for AF_INET(6) ones.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller