From: Ken Milmore <ken.milmore@gmail.com>
To: kernel-tls-handshake@lists.linux.dev
Subject: [PATCH 4/7] tlshd_handshake_parms: Add a textualised peer address and populate it from peeraddr.
Date: Sun, 8 Jun 2025 18:43:36 +0100 [thread overview]
Message-ID: <eb6edfbe-ae2e-4824-8853-792c59a103ee@gmail.com> (raw)
Make use of this in the logging instead of calling getnameinfo() on the fly.
We may also need this later if we want GnuTLS to verify the host address.
Signed-off-by: Ken Milmore <ken.milmore@gmail.com>
---
src/tlshd/handshake.c | 5 ++---
src/tlshd/log.c | 18 +++++-------------
src/tlshd/netlink.c | 12 ++++++++++++
src/tlshd/tlshd.h | 7 +++----
4 files changed, 22 insertions(+), 20 deletions(-)
diff --git a/src/tlshd/handshake.c b/src/tlshd/handshake.c
index 6d10eaf..ca4e79a 100644
--- a/src/tlshd/handshake.c
+++ b/src/tlshd/handshake.c
@@ -186,9 +186,8 @@ out:
keyctl_unlink(parms.keyring, KEY_SPEC_SESSION_KEYRING);
if (parms.session_status) {
- tlshd_log_failure(parms.peername, parms.peeraddr,
- parms.peeraddr_len);
+ tlshd_log_failure(parms.peername, parms.peeraddr_txt);
return;
}
- tlshd_log_success(parms.peername, parms.peeraddr, parms.peeraddr_len);
+ tlshd_log_success(parms.peername, parms.peeraddr_txt);
}
diff --git a/src/tlshd/log.c b/src/tlshd/log.c
index 77e2d29..87f3943 100644
--- a/src/tlshd/log.c
+++ b/src/tlshd/log.c
@@ -51,16 +51,12 @@ int tlshd_stderr;
* @salen: length of IP address
*
*/
-void tlshd_log_success(const char *hostname, const struct sockaddr *sap,
- socklen_t salen)
+void tlshd_log_success(const char *hostname, const char *addr_txt)
{
- char buf[NI_MAXHOST];
-
- getnameinfo(sap, salen, buf, sizeof(buf), NULL, 0, NI_NUMERICHOST);
if (hostname[0] == '\0')
hostname = "<unknown>";
syslog(LOG_INFO, "Handshake with '%s' (%s) was successful\n",
- hostname, buf);
+ hostname, addr_txt);
}
/**
@@ -70,17 +66,13 @@ void tlshd_log_success(const char *hostname, const struct sockaddr *sap,
* @salen: length of IP address
*
*/
-void tlshd_log_failure(const char *hostname, const struct sockaddr *sap,
- socklen_t salen)
+void tlshd_log_failure(const char *hostname, const char *addr_txt)
{
- if (salen) {
- char buf[NI_MAXHOST];
-
- getnameinfo(sap, salen, buf, sizeof(buf), NULL, 0, NI_NUMERICHOST);
+ if (addr_txt[0] != '\0') {
if (hostname[0] == '\0')
hostname = "<unknown>";
syslog(LOG_ERR, "Handshake with '%s' (%s) failed\n",
- hostname, buf);
+ hostname, addr_txt);
} else
syslog(LOG_ERR, "Handshake request failed\n");
}
diff --git a/src/tlshd/netlink.c b/src/tlshd/netlink.c
index 0f4a797..512f30e 100644
--- a/src/tlshd/netlink.c
+++ b/src/tlshd/netlink.c
@@ -224,6 +224,7 @@ static void tlshd_parse_certificate(struct tlshd_handshake_parms *parms,
}
static char tlshd_peername[NI_MAXHOST] = "";
+static char tlshd_peeraddr_txt[NI_MAXHOST] = "";
static struct sockaddr_storage tlshd_peeraddr = { 0 };
static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg)
@@ -281,6 +282,16 @@ static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg)
tlshd_parse_peer_identity(parms, tb[HANDSHAKE_A_ACCEPT_PEER_IDENTITY]);
tlshd_parse_certificate(parms, tb[HANDSHAKE_A_ACCEPT_CERTIFICATE]);
+ /* Textualize the peer address */
+ err = getnameinfo(parms->peeraddr, parms->peeraddr_len,
+ tlshd_peeraddr_txt, sizeof(tlshd_peeraddr_txt),
+ NULL, 0, NI_NUMERICHOST);
+ if (err) {
+ tlshd_log_gai_error(err);
+ tlshd_peeraddr_txt[0] = '\0';
+ return NL_STOP;
+ }
+
if (peername)
strncpy(tlshd_peername, peername, sizeof(tlshd_peername) - 1);
else {
@@ -299,6 +310,7 @@ static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg)
static const struct tlshd_handshake_parms tlshd_default_handshake_parms = {
.peername = tlshd_peername,
+ .peeraddr_txt = tlshd_peeraddr_txt,
.peeraddr = (struct sockaddr *)&tlshd_peeraddr,
.peeraddr_len = 0,
.sockfd = -1,
diff --git a/src/tlshd/tlshd.h b/src/tlshd/tlshd.h
index f058a1a..29b0715 100644
--- a/src/tlshd/tlshd.h
+++ b/src/tlshd/tlshd.h
@@ -29,6 +29,7 @@ struct nl_sock;
struct tlshd_handshake_parms {
char *peername;
+ char *peeraddr_txt;
struct sockaddr *peeraddr;
socklen_t peeraddr_len;
int sockfd;
@@ -96,10 +97,8 @@ extern void tlshd_log_init(const char *progname);
extern void tlshd_log_shutdown(void);
extern void tlshd_log_close(void);
-extern void tlshd_log_success(const char *hostname,
- const struct sockaddr *sap, socklen_t salen);
-extern void tlshd_log_failure(const char *hostname,
- const struct sockaddr *sap, socklen_t salen);
+extern void tlshd_log_success(const char *hostname, const char *addr_txt);
+extern void tlshd_log_failure(const char *hostname, const char *addr_txt);
extern void tlshd_log_debug(const char *fmt, ...);
extern void tlshd_log_notice(const char *fmt, ...);
--
2.47.2
reply other threads:[~2025-06-08 17:43 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eb6edfbe-ae2e-4824-8853-792c59a103ee@gmail.com \
--to=ken.milmore@gmail.com \
--cc=kernel-tls-handshake@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox