ss: allow dumping kTLS info

now that INET_DIAG_INFO requests can dump TCP ULP information, extend 'ss'
to allow diagnosing kTLS when it is attached to a TCP socket. While at it,
import kTLS uAPI definitions from the latest net-next tree.

CC: Andrea Claudi <aclaudi@redhat.com>
Co-developed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David Ahern <dsahern@gmail.com>

diff --git a/misc/ss.c b/misc/ss.c
index 363b4c8d87cd36f8b112a37156e68992d9f0a39c..c93d72c3f9f58f5df0c1f5f2062bff62bef515f4 100644 (file)
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -51,6 +51,7 @@
 #include <linux/tipc.h>
 #include <linux/tipc_netlink.h>
 #include <linux/tipc_sockets_diag.h>
+#include <linux/tls.h>
 
 /* AF_VSOCK/PF_VSOCK is only provided since glibc 2.18 */
 #ifndef PF_VSOCK
@@ -2751,6 +2752,72 @@ static void print_md5sig(struct tcp_diag_md5sig *sig)
        print_escape_buf(sig->tcpm_key, sig->tcpm_keylen, " ,");
 }
 
+static void tcp_tls_version(struct rtattr *attr)
+{
+       u_int16_t val;
+
+       if (!attr)
+               return;
+       val = rta_getattr_u16(attr);
+
+       switch (val) {
+       case TLS_1_2_VERSION:
+               out(" version: 1.2");
+               break;
+       case TLS_1_3_VERSION:
+               out(" version: 1.3");
+               break;
+       default:
+               out(" version: unknown(%hu)", val);
+               break;
+       }
+}
+
+static void tcp_tls_cipher(struct rtattr *attr)
+{
+       u_int16_t val;
+
+       if (!attr)
+               return;
+       val = rta_getattr_u16(attr);
+
+       switch (val) {
+       case TLS_CIPHER_AES_GCM_128:
+               out(" cipher: aes-gcm-128");
+               break;
+       case TLS_CIPHER_AES_GCM_256:
+               out(" cipher: aes-gcm-256");
+               break;
+       }
+}
+
+static void tcp_tls_conf(const char *name, struct rtattr *attr)
+{
+       u_int16_t val;
+
+       if (!attr)
+               return;
+       val = rta_getattr_u16(attr);
+
+       switch (val) {
+       case TLS_CONF_BASE:
+               out(" %s: none", name);
+               break;
+       case TLS_CONF_SW:
+               out(" %s: sw", name);
+               break;
+       case TLS_CONF_HW:
+               out(" %s: hw", name);
+               break;
+       case TLS_CONF_HW_RECORD:
+               out(" %s: hw-record", name);
+               break;
+       default:
+               out(" %s: unknown(%hu)", name, val);
+               break;
+       }
+}
+
 #define TCPI_HAS_OPT(info, opt) !!(info->tcpi_options & (opt))
 
 static void tcp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r,
@@ -2906,6 +2973,28 @@ static void tcp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r,
                        print_md5sig(sig++);
                }
        }
+       if (tb[INET_DIAG_ULP_INFO]) {
+               struct rtattr *ulpinfo[INET_ULP_INFO_MAX + 1] = { 0 };
+
+               parse_rtattr_nested(ulpinfo, INET_ULP_INFO_MAX,
+                                   tb[INET_DIAG_ULP_INFO]);
+
+               if (ulpinfo[INET_ULP_INFO_NAME])
+                       out(" tcp-ulp-%s",
+                           rta_getattr_str(ulpinfo[INET_ULP_INFO_NAME]));
+
+               if (ulpinfo[INET_ULP_INFO_TLS]) {
+                       struct rtattr *tlsinfo[TLS_INFO_MAX + 1] = { 0 };
+
+                       parse_rtattr_nested(tlsinfo, TLS_INFO_MAX,
+                                           ulpinfo[INET_ULP_INFO_TLS]);
+
+                       tcp_tls_version(tlsinfo[TLS_INFO_VERSION]);
+                       tcp_tls_cipher(tlsinfo[TLS_INFO_CIPHER]);
+                       tcp_tls_conf("rxconf", tlsinfo[TLS_INFO_RXCONF]);
+                       tcp_tls_conf("txconf", tlsinfo[TLS_INFO_TXCONF]);
+               }
+       }
 }
 
 static const char *format_host_sa(struct sockaddr_storage *sa)