Skip to content

Commit 637c841

Browse files
David Aherndavem330
David Ahern
authored and
davem330
committed
net: diag: Add support to filter on device index
Add support to inet_diag facility to filter sockets based on device index. If an interface index is in the filter only sockets bound to that index (sk_bound_dev_if) are returned. Signed-off-by: David Ahern <dsa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 1ba44a1 commit 637c841

File tree

2 files changed

+26
-0
lines changed

2 files changed

+26
-0
lines changed

include/uapi/linux/inet_diag.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,7 @@ enum {
7272
INET_DIAG_BC_AUTO,
7373
INET_DIAG_BC_S_COND,
7474
INET_DIAG_BC_D_COND,
75+
INET_DIAG_BC_DEV_COND, /* u32 ifindex */
7576
};
7677

7778
struct inet_diag_hostcond {

net/ipv4/inet_diag.c

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ struct inet_diag_entry {
4444
u16 dport;
4545
u16 family;
4646
u16 userlocks;
47+
u32 ifindex;
4748
};
4849

4950
static DEFINE_MUTEX(inet_diag_table_mutex);
@@ -571,6 +572,14 @@ static int inet_diag_bc_run(const struct nlattr *_bc,
571572
yes = 0;
572573
break;
573574
}
575+
case INET_DIAG_BC_DEV_COND: {
576+
u32 ifindex;
577+
578+
ifindex = *((const u32 *)(op + 1));
579+
if (ifindex != entry->ifindex)
580+
yes = 0;
581+
break;
582+
}
574583
}
575584

576585
if (yes) {
@@ -613,6 +622,7 @@ int inet_diag_bc_sk(const struct nlattr *bc, struct sock *sk)
613622
entry_fill_addrs(&entry, sk);
614623
entry.sport = inet->inet_num;
615624
entry.dport = ntohs(inet->inet_dport);
625+
entry.ifindex = sk->sk_bound_dev_if;
616626
entry.userlocks = sk_fullsock(sk) ? sk->sk_userlocks : 0;
617627

618628
return inet_diag_bc_run(bc, &entry);
@@ -636,6 +646,17 @@ static int valid_cc(const void *bc, int len, int cc)
636646
return 0;
637647
}
638648

649+
/* data is u32 ifindex */
650+
static bool valid_devcond(const struct inet_diag_bc_op *op, int len,
651+
int *min_len)
652+
{
653+
/* Check ifindex space. */
654+
*min_len += sizeof(u32);
655+
if (len < *min_len)
656+
return false;
657+
658+
return true;
659+
}
639660
/* Validate an inet_diag_hostcond. */
640661
static bool valid_hostcond(const struct inet_diag_bc_op *op, int len,
641662
int *min_len)
@@ -700,6 +721,10 @@ static int inet_diag_bc_audit(const void *bytecode, int bytecode_len)
700721
if (!valid_hostcond(bc, len, &min_len))
701722
return -EINVAL;
702723
break;
724+
case INET_DIAG_BC_DEV_COND:
725+
if (!valid_devcond(bc, len, &min_len))
726+
return -EINVAL;
727+
break;
703728
case INET_DIAG_BC_S_GE:
704729
case INET_DIAG_BC_S_LE:
705730
case INET_DIAG_BC_D_GE:

0 commit comments

Comments
 (0)