提交 637c841d 编写于 作者: D David Ahern 提交者: David S. Miller

net: diag: Add support to filter on device index

Add support to inet_diag facility to filter sockets based on device
index. If an interface index is in the filter only sockets bound
to that index (sk_bound_dev_if) are returned.
Signed-off-by: NDavid Ahern <dsa@cumulusnetworks.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 1ba44a1f
...@@ -72,6 +72,7 @@ enum { ...@@ -72,6 +72,7 @@ enum {
INET_DIAG_BC_AUTO, INET_DIAG_BC_AUTO,
INET_DIAG_BC_S_COND, INET_DIAG_BC_S_COND,
INET_DIAG_BC_D_COND, INET_DIAG_BC_D_COND,
INET_DIAG_BC_DEV_COND, /* u32 ifindex */
}; };
struct inet_diag_hostcond { struct inet_diag_hostcond {
......
...@@ -44,6 +44,7 @@ struct inet_diag_entry { ...@@ -44,6 +44,7 @@ struct inet_diag_entry {
u16 dport; u16 dport;
u16 family; u16 family;
u16 userlocks; u16 userlocks;
u32 ifindex;
}; };
static DEFINE_MUTEX(inet_diag_table_mutex); static DEFINE_MUTEX(inet_diag_table_mutex);
...@@ -571,6 +572,14 @@ static int inet_diag_bc_run(const struct nlattr *_bc, ...@@ -571,6 +572,14 @@ static int inet_diag_bc_run(const struct nlattr *_bc,
yes = 0; yes = 0;
break; break;
} }
case INET_DIAG_BC_DEV_COND: {
u32 ifindex;
ifindex = *((const u32 *)(op + 1));
if (ifindex != entry->ifindex)
yes = 0;
break;
}
} }
if (yes) { if (yes) {
...@@ -613,6 +622,7 @@ int inet_diag_bc_sk(const struct nlattr *bc, struct sock *sk) ...@@ -613,6 +622,7 @@ int inet_diag_bc_sk(const struct nlattr *bc, struct sock *sk)
entry_fill_addrs(&entry, sk); entry_fill_addrs(&entry, sk);
entry.sport = inet->inet_num; entry.sport = inet->inet_num;
entry.dport = ntohs(inet->inet_dport); entry.dport = ntohs(inet->inet_dport);
entry.ifindex = sk->sk_bound_dev_if;
entry.userlocks = sk_fullsock(sk) ? sk->sk_userlocks : 0; entry.userlocks = sk_fullsock(sk) ? sk->sk_userlocks : 0;
return inet_diag_bc_run(bc, &entry); return inet_diag_bc_run(bc, &entry);
...@@ -636,6 +646,17 @@ static int valid_cc(const void *bc, int len, int cc) ...@@ -636,6 +646,17 @@ static int valid_cc(const void *bc, int len, int cc)
return 0; return 0;
} }
/* data is u32 ifindex */
static bool valid_devcond(const struct inet_diag_bc_op *op, int len,
int *min_len)
{
/* Check ifindex space. */
*min_len += sizeof(u32);
if (len < *min_len)
return false;
return true;
}
/* Validate an inet_diag_hostcond. */ /* Validate an inet_diag_hostcond. */
static bool valid_hostcond(const struct inet_diag_bc_op *op, int len, static bool valid_hostcond(const struct inet_diag_bc_op *op, int len,
int *min_len) int *min_len)
...@@ -700,6 +721,10 @@ static int inet_diag_bc_audit(const void *bytecode, int bytecode_len) ...@@ -700,6 +721,10 @@ static int inet_diag_bc_audit(const void *bytecode, int bytecode_len)
if (!valid_hostcond(bc, len, &min_len)) if (!valid_hostcond(bc, len, &min_len))
return -EINVAL; return -EINVAL;
break; break;
case INET_DIAG_BC_DEV_COND:
if (!valid_devcond(bc, len, &min_len))
return -EINVAL;
break;
case INET_DIAG_BC_S_GE: case INET_DIAG_BC_S_GE:
case INET_DIAG_BC_S_LE: case INET_DIAG_BC_S_LE:
case INET_DIAG_BC_D_GE: case INET_DIAG_BC_D_GE:
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册