diff options
| author | Ivan Delalande <colona@arista.com> | 2017-06-15 21:07:06 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-06-19 13:50:55 -0400 |
| commit | 6797318e623da68dfbacd0cb5c246f5ecd2baf6e (patch) | |
| tree | 64cb66cb77576371cd085f8208f86e2be91cb9db /net/ipv6/tcp_ipv6.c | |
| parent | 910603818c6c0558fe9b5e056a3bd5195aaae1a5 (diff) | |
tcp: md5: add an address prefix for key lookup
This allows the keys used for TCP MD5 signature to be used for whole
range of addresses, specified with a prefix length, instead of only one
address as it currently is.
Signed-off-by: Bob Gilligan <gilligan@arista.com>
Signed-off-by: Eric Mowat <mowat@arista.com>
Signed-off-by: Ivan Delalande <colona@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/tcp_ipv6.c')
| -rw-r--r-- | net/ipv6/tcp_ipv6.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 6264917fe4c7..261689310408 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
| @@ -533,9 +533,9 @@ static int tcp_v6_parse_md5_keys(struct sock *sk, char __user *optval, | |||
| 533 | if (!cmd.tcpm_keylen) { | 533 | if (!cmd.tcpm_keylen) { |
| 534 | if (ipv6_addr_v4mapped(&sin6->sin6_addr)) | 534 | if (ipv6_addr_v4mapped(&sin6->sin6_addr)) |
| 535 | return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], | 535 | return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], |
| 536 | AF_INET); | 536 | AF_INET, 32); |
| 537 | return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr, | 537 | return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr, |
| 538 | AF_INET6); | 538 | AF_INET6, 128); |
| 539 | } | 539 | } |
| 540 | 540 | ||
| 541 | if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) | 541 | if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) |
| @@ -543,10 +543,12 @@ static int tcp_v6_parse_md5_keys(struct sock *sk, char __user *optval, | |||
| 543 | 543 | ||
| 544 | if (ipv6_addr_v4mapped(&sin6->sin6_addr)) | 544 | if (ipv6_addr_v4mapped(&sin6->sin6_addr)) |
| 545 | return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], | 545 | return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], |
| 546 | AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); | 546 | AF_INET, 32, cmd.tcpm_key, |
| 547 | cmd.tcpm_keylen, GFP_KERNEL); | ||
| 547 | 548 | ||
| 548 | return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr, | 549 | return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr, |
| 549 | AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); | 550 | AF_INET6, 128, cmd.tcpm_key, cmd.tcpm_keylen, |
| 551 | GFP_KERNEL); | ||
| 550 | } | 552 | } |
| 551 | 553 | ||
| 552 | static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp, | 554 | static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp, |
| @@ -1186,7 +1188,7 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff * | |||
| 1186 | * across. Shucks. | 1188 | * across. Shucks. |
| 1187 | */ | 1189 | */ |
| 1188 | tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr, | 1190 | tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr, |
| 1189 | AF_INET6, key->key, key->keylen, | 1191 | AF_INET6, 128, key->key, key->keylen, |
| 1190 | sk_gfp_mask(sk, GFP_ATOMIC)); | 1192 | sk_gfp_mask(sk, GFP_ATOMIC)); |
| 1191 | } | 1193 | } |
| 1192 | #endif | 1194 | #endif |