* [PATCH 4/7] tlshd_handshake_parms: Add a textualised peer address and populate it from peeraddr.
@ 2025-06-08 17:43 Ken Milmore
0 siblings, 0 replies; only message in thread
From: Ken Milmore @ 2025-06-08 17:43 UTC (permalink / raw)
To: kernel-tls-handshake
Make use of this in the logging instead of calling getnameinfo() on the fly.
We may also need this later if we want GnuTLS to verify the host address.
Signed-off-by: Ken Milmore <ken.milmore@gmail.com>
---
src/tlshd/handshake.c | 5 ++---
src/tlshd/log.c | 18 +++++-------------
src/tlshd/netlink.c | 12 ++++++++++++
src/tlshd/tlshd.h | 7 +++----
4 files changed, 22 insertions(+), 20 deletions(-)
diff --git a/src/tlshd/handshake.c b/src/tlshd/handshake.c
index 6d10eaf..ca4e79a 100644
--- a/src/tlshd/handshake.c
+++ b/src/tlshd/handshake.c
@@ -186,9 +186,8 @@ out:
keyctl_unlink(parms.keyring, KEY_SPEC_SESSION_KEYRING);
if (parms.session_status) {
- tlshd_log_failure(parms.peername, parms.peeraddr,
- parms.peeraddr_len);
+ tlshd_log_failure(parms.peername, parms.peeraddr_txt);
return;
}
- tlshd_log_success(parms.peername, parms.peeraddr, parms.peeraddr_len);
+ tlshd_log_success(parms.peername, parms.peeraddr_txt);
}
diff --git a/src/tlshd/log.c b/src/tlshd/log.c
index 77e2d29..87f3943 100644
--- a/src/tlshd/log.c
+++ b/src/tlshd/log.c
@@ -51,16 +51,12 @@ int tlshd_stderr;
* @salen: length of IP address
*
*/
-void tlshd_log_success(const char *hostname, const struct sockaddr *sap,
- socklen_t salen)
+void tlshd_log_success(const char *hostname, const char *addr_txt)
{
- char buf[NI_MAXHOST];
-
- getnameinfo(sap, salen, buf, sizeof(buf), NULL, 0, NI_NUMERICHOST);
if (hostname[0] == '\0')
hostname = "<unknown>";
syslog(LOG_INFO, "Handshake with '%s' (%s) was successful\n",
- hostname, buf);
+ hostname, addr_txt);
}
/**
@@ -70,17 +66,13 @@ void tlshd_log_success(const char *hostname, const struct sockaddr *sap,
* @salen: length of IP address
*
*/
-void tlshd_log_failure(const char *hostname, const struct sockaddr *sap,
- socklen_t salen)
+void tlshd_log_failure(const char *hostname, const char *addr_txt)
{
- if (salen) {
- char buf[NI_MAXHOST];
-
- getnameinfo(sap, salen, buf, sizeof(buf), NULL, 0, NI_NUMERICHOST);
+ if (addr_txt[0] != '\0') {
if (hostname[0] == '\0')
hostname = "<unknown>";
syslog(LOG_ERR, "Handshake with '%s' (%s) failed\n",
- hostname, buf);
+ hostname, addr_txt);
} else
syslog(LOG_ERR, "Handshake request failed\n");
}
diff --git a/src/tlshd/netlink.c b/src/tlshd/netlink.c
index 0f4a797..512f30e 100644
--- a/src/tlshd/netlink.c
+++ b/src/tlshd/netlink.c
@@ -224,6 +224,7 @@ static void tlshd_parse_certificate(struct tlshd_handshake_parms *parms,
}
static char tlshd_peername[NI_MAXHOST] = "";
+static char tlshd_peeraddr_txt[NI_MAXHOST] = "";
static struct sockaddr_storage tlshd_peeraddr = { 0 };
static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg)
@@ -281,6 +282,16 @@ static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg)
tlshd_parse_peer_identity(parms, tb[HANDSHAKE_A_ACCEPT_PEER_IDENTITY]);
tlshd_parse_certificate(parms, tb[HANDSHAKE_A_ACCEPT_CERTIFICATE]);
+ /* Textualize the peer address */
+ err = getnameinfo(parms->peeraddr, parms->peeraddr_len,
+ tlshd_peeraddr_txt, sizeof(tlshd_peeraddr_txt),
+ NULL, 0, NI_NUMERICHOST);
+ if (err) {
+ tlshd_log_gai_error(err);
+ tlshd_peeraddr_txt[0] = '\0';
+ return NL_STOP;
+ }
+
if (peername)
strncpy(tlshd_peername, peername, sizeof(tlshd_peername) - 1);
else {
@@ -299,6 +310,7 @@ static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg)
static const struct tlshd_handshake_parms tlshd_default_handshake_parms = {
.peername = tlshd_peername,
+ .peeraddr_txt = tlshd_peeraddr_txt,
.peeraddr = (struct sockaddr *)&tlshd_peeraddr,
.peeraddr_len = 0,
.sockfd = -1,
diff --git a/src/tlshd/tlshd.h b/src/tlshd/tlshd.h
index f058a1a..29b0715 100644
--- a/src/tlshd/tlshd.h
+++ b/src/tlshd/tlshd.h
@@ -29,6 +29,7 @@ struct nl_sock;
struct tlshd_handshake_parms {
char *peername;
+ char *peeraddr_txt;
struct sockaddr *peeraddr;
socklen_t peeraddr_len;
int sockfd;
@@ -96,10 +97,8 @@ extern void tlshd_log_init(const char *progname);
extern void tlshd_log_shutdown(void);
extern void tlshd_log_close(void);
-extern void tlshd_log_success(const char *hostname,
- const struct sockaddr *sap, socklen_t salen);
-extern void tlshd_log_failure(const char *hostname,
- const struct sockaddr *sap, socklen_t salen);
+extern void tlshd_log_success(const char *hostname, const char *addr_txt);
+extern void tlshd_log_failure(const char *hostname, const char *addr_txt);
extern void tlshd_log_debug(const char *fmt, ...);
extern void tlshd_log_notice(const char *fmt, ...);
--
2.47.2
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2025-06-08 17:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-08 17:43 [PATCH 4/7] tlshd_handshake_parms: Add a textualised peer address and populate it from peeraddr Ken Milmore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox