diff options
| author | Ivan Delalande <colona@arista.com> | 2017-06-15 21:07:07 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-06-19 13:51:34 -0400 |
| commit | 8917a777be3ba566377be05117f71b93a5fd909d (patch) | |
| tree | 5ac57647291329d724de78027aab6125d7c13700 /net/ipv4/tcp_ipv4.c | |
| parent | 6797318e623da68dfbacd0cb5c246f5ecd2baf6e (diff) | |
tcp: md5: add TCP_MD5SIG_EXT socket option to set a key address prefix
Replace first padding in the tcp_md5sig structure with a new flag field
and address prefix length so it can be specified when configuring a new
key for TCP MD5 signature. The tcpm_flags field will only be used if the
socket option is TCP_MD5SIG_EXT to avoid breaking existing programs, and
tcpm_prefixlen only when the TCP_MD5SIG_FLAG_PREFIX flag is set.
Signed-off-by: Bob Gilligan <gilligan@arista.com>
Signed-off-by: Eric Mowat <mowat@arista.com>
Signed-off-by: Ivan Delalande <colona@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/tcp_ipv4.c')
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index a3c67866b780..bf407f3e20dd 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
| @@ -1066,11 +1066,12 @@ static void tcp_clear_md5_list(struct sock *sk) | |||
| 1066 | } | 1066 | } |
| 1067 | } | 1067 | } |
| 1068 | 1068 | ||
| 1069 | static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval, | 1069 | static int tcp_v4_parse_md5_keys(struct sock *sk, int optname, |
| 1070 | int optlen) | 1070 | char __user *optval, int optlen) |
| 1071 | { | 1071 | { |
| 1072 | struct tcp_md5sig cmd; | 1072 | struct tcp_md5sig cmd; |
| 1073 | struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr; | 1073 | struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr; |
| 1074 | u8 prefixlen = 32; | ||
| 1074 | 1075 | ||
| 1075 | if (optlen < sizeof(cmd)) | 1076 | if (optlen < sizeof(cmd)) |
| 1076 | return -EINVAL; | 1077 | return -EINVAL; |
| @@ -1081,15 +1082,22 @@ static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval, | |||
| 1081 | if (sin->sin_family != AF_INET) | 1082 | if (sin->sin_family != AF_INET) |
| 1082 | return -EINVAL; | 1083 | return -EINVAL; |
| 1083 | 1084 | ||
| 1085 | if (optname == TCP_MD5SIG_EXT && | ||
| 1086 | cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) { | ||
| 1087 | prefixlen = cmd.tcpm_prefixlen; | ||
| 1088 | if (prefixlen > 32) | ||
| 1089 | return -EINVAL; | ||
| 1090 | } | ||
| 1091 | |||
| 1084 | if (!cmd.tcpm_keylen) | 1092 | if (!cmd.tcpm_keylen) |
| 1085 | return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr, | 1093 | return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr, |
| 1086 | AF_INET, 32); | 1094 | AF_INET, prefixlen); |
| 1087 | 1095 | ||
| 1088 | if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) | 1096 | if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) |
| 1089 | return -EINVAL; | 1097 | return -EINVAL; |
| 1090 | 1098 | ||
| 1091 | return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr, | 1099 | return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr, |
| 1092 | AF_INET, 32, cmd.tcpm_key, cmd.tcpm_keylen, | 1100 | AF_INET, prefixlen, cmd.tcpm_key, cmd.tcpm_keylen, |
| 1093 | GFP_KERNEL); | 1101 | GFP_KERNEL); |
| 1094 | } | 1102 | } |
| 1095 | 1103 | ||