summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2015-07-10 11:39:57 +0200
committerDavid S. Miller <davem@davemloft.net>2015-07-10 23:25:24 -0700
commit8220ea23243178c16b87fc3ccadf071647b64e04 (patch)
treeda65935527f572bf9f0c0b13b3147e916543e9a3 /net
parent51ed7f3e7d33824820837ad784801973f147c51a (diff)
downloadlwn-8220ea23243178c16b87fc3ccadf071647b64e04.tar.gz
lwn-8220ea23243178c16b87fc3ccadf071647b64e04.zip
net: inet_diag: always export IPV6_V6ONLY sockopt for listening sockets
Reconsidering my commit 20462155 "net: inet_diag: export IPV6_V6ONLY sockopt", I am not happy with the limitations it causes for socket analysing code in userspace. Exporting the value only if it is set makes it hard for userspace to decide whether the option is not set or the kernel does not support exporting the option at all. >From an auditor's perspective, the interesting question for listening AF_INET6 sockets is: "Does it NOT have IPV6_V6ONLY set?" Because it is the unexpected case. This patch allows to answer this question reliably. Signed-off-by: Phil Sutter <phil@nwl.cc> Cc: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/inet_diag.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index 9bc26677058e..c3b1f3a0f4cf 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -152,8 +152,8 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
inet6_sk(sk)->tclass) < 0)
goto errout;
- if (ipv6_only_sock(sk) &&
- nla_put_u8(skb, INET_DIAG_SKV6ONLY, 1))
+ if (((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) &&
+ nla_put_u8(skb, INET_DIAG_SKV6ONLY, ipv6_only_sock(sk)))
goto errout;
}
#endif