]> git.proxmox.com Git - mirror_iproute2.git/commit
projects / mirror_iproute2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b0ca46a) | patch
xfrm: add option to hide keys in state output
authorBenedict Wong <benedictwong@google.com>
Fri, 18 Jan 2019 19:12:17 +0000 (11:12 -0800)
committerDavid Ahern <dsahern@gmail.com>
Mon, 21 Jan 2019 16:31:20 +0000 (08:31 -0800)
commita6af9f2e6195dc67d5355d6cb94fc8512c6fba1c
tree010bbb6b90e51014a38abff97a459f2b68126b98tree
parentb0ca46a1f8b1c8f4d252583820d6ad7369186d45commit | diff
xfrm: add option to hide keys in state output

ip xfrm state show currently dumps keys unconditionally. This limits its
use in logging, as security information can be leaked.

This patch adds a nokeys option to ip xfrm ( state show | monitor ), which
prevents the printing of keys. This allows ip xfrm state show to be used
in logging without exposing keys.

Signed-off-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
ip/ipxfrm.c diff | blob | blame | history
ip/xfrm.h diff | blob | blame | history
ip/xfrm_monitor.c diff | blob | blame | history
ip/xfrm_state.c diff | blob | blame | history
man/man8/ip-xfrm.8 diff | blob | blame | history
Upstream mirror of iproute2