diff options
| author | Davide Caratti <dcaratti@redhat.com> | 2019-10-07 12:16:44 +0200 |
|---|---|---|
| committer | David Ahern <dsahern@gmail.com> | 2019-10-14 20:07:21 -0700 |
| commit | 14cadc707b919914e9a2d5dffad9232c3ae97c5f (patch) | |
| tree | e337e68f6942feb29913e60303117859f53d1fb9 /misc/ss.c | |
| parent | 4c23b1286599b4feaacfdab45c9131238ed9be6d (diff) | |
| download | iproute2-14cadc707b919914e9a2d5dffad9232c3ae97c5f.tar.gz | |
ss: allow dumping kTLS info
now that INET_DIAG_INFO requests can dump TCP ULP information, extend 'ss'
to allow diagnosing kTLS when it is attached to a TCP socket. While at it,
import kTLS uAPI definitions from the latest net-next tree.
CC: Andrea Claudi <aclaudi@redhat.com>
Co-developed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Diffstat (limited to 'misc/ss.c')
| -rw-r--r-- | misc/ss.c | 89 |
1 files changed, 89 insertions, 0 deletions
@@ -51,6 +51,7 @@ #include <linux/tipc.h> #include <linux/tipc_netlink.h> #include <linux/tipc_sockets_diag.h> +#include <linux/tls.h> /* AF_VSOCK/PF_VSOCK is only provided since glibc 2.18 */ #ifndef PF_VSOCK @@ -2751,6 +2752,72 @@ static void print_md5sig(struct tcp_diag_md5sig *sig) print_escape_buf(sig->tcpm_key, sig->tcpm_keylen, " ,"); } +static void tcp_tls_version(struct rtattr *attr) +{ + u_int16_t val; + + if (!attr) + return; + val = rta_getattr_u16(attr); + + switch (val) { + case TLS_1_2_VERSION: + out(" version: 1.2"); + break; + case TLS_1_3_VERSION: + out(" version: 1.3"); + break; + default: + out(" version: unknown(%hu)", val); + break; + } +} + +static void tcp_tls_cipher(struct rtattr *attr) +{ + u_int16_t val; + + if (!attr) + return; + val = rta_getattr_u16(attr); + + switch (val) { + case TLS_CIPHER_AES_GCM_128: + out(" cipher: aes-gcm-128"); + break; + case TLS_CIPHER_AES_GCM_256: + out(" cipher: aes-gcm-256"); + break; + } +} + +static void tcp_tls_conf(const char *name, struct rtattr *attr) +{ + u_int16_t val; + + if (!attr) + return; + val = rta_getattr_u16(attr); + + switch (val) { + case TLS_CONF_BASE: + out(" %s: none", name); + break; + case TLS_CONF_SW: + out(" %s: sw", name); + break; + case TLS_CONF_HW: + out(" %s: hw", name); + break; + case TLS_CONF_HW_RECORD: + out(" %s: hw-record", name); + break; + default: + out(" %s: unknown(%hu)", name, val); + break; + } +} + #define TCPI_HAS_OPT(info, opt) !!(info->tcpi_options & (opt)) static void tcp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r, @@ -2906,6 +2973,28 @@ static void tcp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r, print_md5sig(sig++); } } + if (tb[INET_DIAG_ULP_INFO]) { + struct rtattr *ulpinfo[INET_ULP_INFO_MAX + 1] = { 0 }; + + parse_rtattr_nested(ulpinfo, INET_ULP_INFO_MAX, + tb[INET_DIAG_ULP_INFO]); + + if (ulpinfo[INET_ULP_INFO_NAME]) + out(" tcp-ulp-%s", + rta_getattr_str(ulpinfo[INET_ULP_INFO_NAME])); + + if (ulpinfo[INET_ULP_INFO_TLS]) { + struct rtattr *tlsinfo[TLS_INFO_MAX + 1] = { 0 }; + + parse_rtattr_nested(tlsinfo, TLS_INFO_MAX, + ulpinfo[INET_ULP_INFO_TLS]); + + tcp_tls_version(tlsinfo[TLS_INFO_VERSION]); + tcp_tls_cipher(tlsinfo[TLS_INFO_CIPHER]); + tcp_tls_conf("rxconf", tlsinfo[TLS_INFO_RXCONF]); + tcp_tls_conf("txconf", tlsinfo[TLS_INFO_TXCONF]); + } + } } static const char *format_host_sa(struct sockaddr_storage *sa) |