diff options
Diffstat (limited to 'net/ipv4/tcp_fastopen.c')
| -rw-r--r-- | net/ipv4/tcp_fastopen.c | 27 | 
1 files changed, 25 insertions, 2 deletions
| diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c index 19ad9586c720..af2814c9342a 100644 --- a/net/ipv4/tcp_fastopen.c +++ b/net/ipv4/tcp_fastopen.c @@ -38,7 +38,7 @@ static void tcp_fastopen_ctx_free(struct rcu_head *head)  	struct tcp_fastopen_context *ctx =  	    container_of(head, struct tcp_fastopen_context, rcu); -	kzfree(ctx); +	kfree_sensitive(ctx);  }  void tcp_fastopen_destroy_cipher(struct sock *sk) @@ -108,6 +108,29 @@ out:  	return err;  } +int tcp_fastopen_get_cipher(struct net *net, struct inet_connection_sock *icsk, +			    u64 *key) +{ +	struct tcp_fastopen_context *ctx; +	int n_keys = 0, i; + +	rcu_read_lock(); +	if (icsk) +		ctx = rcu_dereference(icsk->icsk_accept_queue.fastopenq.ctx); +	else +		ctx = rcu_dereference(net->ipv4.tcp_fastopen_ctx); +	if (ctx) { +		n_keys = tcp_fastopen_context_len(ctx); +		for (i = 0; i < n_keys; i++) { +			put_unaligned_le64(ctx->key[i].key[0], key + (i * 2)); +			put_unaligned_le64(ctx->key[i].key[1], key + (i * 2) + 1); +		} +	} +	rcu_read_unlock(); + +	return n_keys; +} +  static bool __tcp_fastopen_cookie_gen_cipher(struct request_sock *req,  					     struct sk_buff *syn,  					     const siphash_key_t *key, @@ -272,7 +295,7 @@ static struct sock *tcp_fastopen_create_child(struct sock *sk,  	refcount_set(&req->rsk_refcnt, 2);  	/* Now finish processing the fastopen child socket. */ -	tcp_init_transfer(child, BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB); +	tcp_init_transfer(child, BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB, skb);  	tp->rcv_nxt = TCP_SKB_CB(skb)->seq + 1; | 
