From: Phil Sutter <phil@nwl.cc>
To: netdev@vger.kernel.org
Cc: davem@davemloft.net, Eric Dumazet <edumazet@google.com>
Subject: [PATCH v2] net: inet_diag: always export IPV6_V6ONLY sockopt for listening sockets
Date: Fri, 10 Jul 2015 11:39:57 +0200 [thread overview]
Message-ID: <1436521197-912-1-git-send-email-phil@nwl.cc> (raw)
In-Reply-To: <1436463030.24939.47.camel@edumazet-glaptop2.roam.corp.google.com>
Reconsidering my commit 20462155 "net: inet_diag: export IPV6_V6ONLY
sockopt", I am not happy with the limitations it causes for socket
analysing code in userspace. Exporting the value only if it is set makes
it hard for userspace to decide whether the option is not set or the
kernel does not support exporting the option at all.
>From an auditor's perspective, the interesting question for listening
AF_INET6 sockets is: "Does it NOT have IPV6_V6ONLY set?" Because it is
the unexpected case. This patch allows to answer this question reliably.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Cc: Eric Dumazet <edumazet@google.com>
---
Changes since v1:
- Export the value only for listening sockets, as suggested by Eric Dumazet.
- Adjusted commit message accordingly.
---
net/ipv4/inet_diag.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index 9bc2667..c3b1f3a 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -152,8 +152,8 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
inet6_sk(sk)->tclass) < 0)
goto errout;
- if (ipv6_only_sock(sk) &&
- nla_put_u8(skb, INET_DIAG_SKV6ONLY, 1))
+ if (((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) &&
+ nla_put_u8(skb, INET_DIAG_SKV6ONLY, ipv6_only_sock(sk)))
goto errout;
}
#endif
--
2.1.2
next prev parent reply other threads:[~2015-07-10 9:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-09 8:42 [PATCH] net: inet_diag: always export IPV6_V6ONLY sockopt Phil Sutter
2015-07-09 12:57 ` Eric Dumazet
2015-07-09 16:38 ` Phil Sutter
2015-07-09 17:30 ` Eric Dumazet
2015-07-10 9:39 ` Phil Sutter [this message]
2015-07-11 6:25 ` [PATCH v2] net: inet_diag: always export IPV6_V6ONLY sockopt for listening sockets David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1436521197-912-1-git-send-email-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).