Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

inet_diag: Add equal-operator for ports

inet_diag currently provides less/greater than or equal operators for
comparing ports when filtering sockets. An equal comparison can be
performed by combining the two existing operators, or a user can for
example request a port range and then do the final filtering in
userspace. However, these approaches both have drawbacks. Implementing
equal using LE/GE causes the size and complexity of a filter to grow
quickly as the number of ports increase, while it on busy machines would
be great if the kernel only returns information about relevant sockets.

This patch introduces source and destination port equal operators.
INET_DIAG_BC_S_EQ is used to match a source port, INET_DIAG_BC_D_EQ a
destination port, and usage is the same as for the existing port
operators.  I.e., the port to match is stored in the no-member of the
next inet_diag_bc_op-struct in the filter.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kristian Evensen 7 years ago
parent
d323b524e8
commit
bbb6189df4
2 changed files with 10 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      include/uapi/linux/inet_diag.h
  2. 8 0
      net/ipv4/inet_diag.c

+ 2 - 0
include/uapi/linux/inet_diag.h
View File 

@@ -92,6 +92,8 @@ enum {
 
 	INET_DIAG_BC_D_COND,
 
 	INET_DIAG_BC_DEV_COND,   /* u32 ifindex */
 
 	INET_DIAG_BC_MARK_COND,
 
+	INET_DIAG_BC_S_EQ,
 
+	INET_DIAG_BC_D_EQ,
 
 };
 
 
 struct inet_diag_hostcond {

+ 8 - 0
net/ipv4/inet_diag.c
View File 

@@ -564,12 +564,18 @@ static int inet_diag_bc_run(const struct nlattr *_bc,
 
 		case INET_DIAG_BC_JMP:
 
 			yes = 0;
 
 			break;
 
+		case INET_DIAG_BC_S_EQ:
 
+			yes = entry->sport == op[1].no;
 
+			break;
 
 		case INET_DIAG_BC_S_GE:
 
 			yes = entry->sport >= op[1].no;
 
 			break;
 
 		case INET_DIAG_BC_S_LE:
 
 			yes = entry->sport <= op[1].no;
 
 			break;
 
+		case INET_DIAG_BC_D_EQ:
 
+			yes = entry->dport == op[1].no;
 
+			break;
 
 		case INET_DIAG_BC_D_GE:
 
 			yes = entry->dport >= op[1].no;
 
 			break;
 
@@ -802,8 +808,10 @@ static int inet_diag_bc_audit(const struct nlattr *attr,
 
 			if (!valid_devcond(bc, len, &min_len))
 
 				return -EINVAL;
 
 			break;
 
+		case INET_DIAG_BC_S_EQ:
 
 		case INET_DIAG_BC_S_GE:
 
 		case INET_DIAG_BC_S_LE:
 
+		case INET_DIAG_BC_D_EQ:
 
 		case INET_DIAG_BC_D_GE:
 
 		case INET_DIAG_BC_D_LE:
 
 			if (!valid_port_comparison(bc, len, &min_len))