1 diff -Ndur linux-2.6.32-700/fs/proc/web100.c linux-2.6.32-700-xidmask/fs/proc/web100.c
2 --- linux-2.6.32-700/fs/proc/web100.c 2013-01-10 14:18:50.429337747 -0500
3 +++ linux-2.6.32-700-xidmask/fs/proc/web100.c 2013-02-06 17:36:52.308961450 -0500
5 local_port = vars->LocalPort;
6 remote_port = vars->RemPort;
8 - len += v6addr_str(tmpbuf + len, (short *)&vars->LocalAddress.v6addr.addr);
9 - len += sprintf(tmpbuf + len, ".%d ", local_port);
10 - len += v6addr_str(tmpbuf + len, (short *)&vars->RemAddress.v6addr.addr);
11 - len += sprintf(tmpbuf + len, ".%d\n", remote_port);
12 + len += snprintf(tmpbuf + len, sizeof(tmpbuf) - len, "%pI6", &vars->LocalAddress.v6addr.addr);
13 + len += snprintf(tmpbuf + len, sizeof(tmpbuf) - len, ".%d ", local_port);
14 + len += snprintf(tmpbuf + len, sizeof(tmpbuf) - len, "%pI6", &vars->RemAddress.v6addr.addr);
15 + len += snprintf(tmpbuf + len, sizeof(tmpbuf) - len, ".%d\n", remote_port);
17 printk(KERN_ERR "connection_spec_ascii_read: LocalAddressType invalid\n");
21 stats = web100stats_first;
22 while (stats && n < max) {
23 - if (!stats->wc_dead) {
24 + // only return readable stats
25 + if ( 1 == vx_can_read_stats(stats) ) {
27 cids[n++] = stats->wc_cid;
29 diff -Ndur linux-2.6.32-700/include/linux/vserver/context.h linux-2.6.32-700-xidmask/include/linux/vserver/context.h
30 --- linux-2.6.32-700/include/linux/vserver/context.h 2013-01-10 14:18:49.949337361 -0500
31 +++ linux-2.6.32-700-xidmask/include/linux/vserver/context.h 2013-01-19 23:27:42.280655065 -0500
33 #define VXC_KTHREAD 0x01000000
34 #define VXC_NAMESPACE 0x02000000
36 +#define VXC_ENABLE_WEB100 0x10000000
40 diff -Ndur linux-2.6.32-700/include/net/tcp.h linux-2.6.32-700-xidmask/include/net/tcp.h
41 --- linux-2.6.32-700/include/net/tcp.h 2013-01-10 14:18:49.880337393 -0500
42 +++ linux-2.6.32-700-xidmask/include/net/tcp.h 2013-01-19 15:41:28.218337671 -0500
44 #ifdef CONFIG_WEB100_STATS
45 extern int sysctl_web100_fperms;
46 extern int sysctl_web100_gid;
47 +extern int sysctl_web100_sidestream_xid;
50 extern atomic_t tcp_memory_allocated;
51 diff -Ndur linux-2.6.32-700/include/net/web100.h linux-2.6.32-700-xidmask/include/net/web100.h
52 --- linux-2.6.32-700/include/net/web100.h 2013-01-10 14:18:49.874218972 -0500
53 +++ linux-2.6.32-700-xidmask/include/net/web100.h 2013-01-19 23:44:09.561660368 -0500
55 extern rwlock_t web100_linkage_lock;
57 /* For /proc/web100 */
58 -extern struct web100stats *web100stats_lookup(int cid);
59 +extern int vx_can_read_stats(struct web100stats *stats);
60 +extern struct web100stats *vx_web100stats_lookup(int cid, int vx_filter);
61 +#define web100stats_lookup(cid) vx_web100stats_lookup(cid, 1)
63 /* For the TCP code */
64 extern int web100_stats_create(struct sock *sk);
65 diff -Ndur linux-2.6.32-700/net/ipv4/sysctl_net_ipv4.c linux-2.6.32-700-xidmask/net/ipv4/sysctl_net_ipv4.c
66 --- linux-2.6.32-700/net/ipv4/sysctl_net_ipv4.c 2013-01-10 14:18:50.233320698 -0500
67 +++ linux-2.6.32-700-xidmask/net/ipv4/sysctl_net_ipv4.c 2013-01-19 15:41:52.767269242 -0500
70 .proc_handler = &web100_proc_dointvec_update,
73 + .ctl_name = CTL_UNNUMBERED,
74 + .procname = "web100_sidestream_xid",
75 + .data = &sysctl_web100_sidestream_xid,
76 + .maxlen = sizeof(int),
78 + .proc_handler = &web100_proc_dointvec_update,
82 .ctl_name = CTL_UNNUMBERED,
83 diff -Ndur linux-2.6.32-700/net/ipv4/tcp.c linux-2.6.32-700-xidmask/net/ipv4/tcp.c
84 --- linux-2.6.32-700/net/ipv4/tcp.c 2013-01-10 14:18:50.234322447 -0500
85 +++ linux-2.6.32-700-xidmask/net/ipv4/tcp.c 2013-01-19 15:42:50.975214376 -0500
87 #ifdef CONFIG_WEB100_STATS
88 int sysctl_web100_fperms = CONFIG_WEB100_FPERMS;
89 int sysctl_web100_gid = CONFIG_WEB100_GID;
90 +int sysctl_web100_sidestream_xid = -1;
93 atomic_t tcp_memory_allocated; /* Current allocated memory. */
96 tcp_push(sk, flags & ~MSG_MORE, mss_now, TCP_NAGLE_PUSH);
97 #ifdef CONFIG_WEB100_STATS
98 - web100_update_writeq(sk);
99 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_writeq(sk));
103 @@ -1101,7 +1102,7 @@
105 tcp_push(sk, flags & ~MSG_MORE, mss_now, TCP_NAGLE_PUSH);
106 #ifdef CONFIG_WEB100_STATS
107 - web100_update_writeq(sk);
108 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_writeq(sk));
112 @@ -1471,7 +1472,7 @@
115 #ifdef CONFIG_WEB100_STATS
116 - web100_update_recvq(sk);
117 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_recvq(sk));
120 /* Well, if we have backlog, try to process it now yet. */
121 diff -Ndur linux-2.6.32-700/net/ipv4/tcp_input.c linux-2.6.32-700-xidmask/net/ipv4/tcp_input.c
122 --- linux-2.6.32-700/net/ipv4/tcp_input.c 2013-01-10 14:18:50.232318345 -0500
123 +++ linux-2.6.32-700-xidmask/net/ipv4/tcp_input.c 2013-01-10 14:21:16.371337187 -0500
124 @@ -3177,7 +3177,7 @@
127 #ifdef CONFIG_WEB100_NET100
128 - if (vars->WAD_NoAI) {
129 + if (stats != NULL && vars->WAD_NoAI) {
130 tp->snd_cwnd += vars->WAD_CwndAdjust;
131 vars->WAD_CwndAdjust = 0;
132 tp->snd_cwnd_stamp = tcp_time_stamp;
133 @@ -4426,7 +4426,7 @@
134 tcp_fast_path_check(sk);
136 #ifdef CONFIG_WEB100_STATS
137 - web100_update_recvq(sk);
138 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_recvq(sk));
142 @@ -4484,7 +4484,7 @@
143 tp->rcv_nxt, TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq);
145 #ifdef CONFIG_WEB100_STATS
146 - web100_update_recvq(sk);
147 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_recvq(sk));
149 skb_set_owner_r(skb, sk);
151 @@ -5372,7 +5372,7 @@
154 #ifdef CONFIG_WEB100_STATS
155 - web100_update_recvq(sk);
156 + WEB100_UPDATE_FUNC(tcp_sk(sk), web100_update_recvq(sk));
158 tcp_event_data_recv(sk, skb);
160 diff -Ndur linux-2.6.32-700/net/ipv4/tcp_ipv4.c linux-2.6.32-700-xidmask/net/ipv4/tcp_ipv4.c
161 --- linux-2.6.32-700/net/ipv4/tcp_ipv4.c 2013-01-10 14:18:50.235319018 -0500
162 +++ linux-2.6.32-700-xidmask/net/ipv4/tcp_ipv4.c 2013-01-10 14:21:16.372284450 -0500
163 @@ -1383,7 +1383,9 @@
167 - tcp_sk(newsk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV4;
168 + if ( tcp_sk(newsk)->tcp_stats != NULL ) {
169 + tcp_sk(newsk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV4;
173 newsk->sk_gso_type = SKB_GSO_TCPV4;
174 @@ -1857,7 +1859,9 @@
175 if ((err = web100_stats_create(sk))) {
178 - tcp_sk(sk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV4;
179 + if ( tcp_sk(sk)->tcp_stats != NULL ) {
180 + tcp_sk(sk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV4;
185 diff -Ndur linux-2.6.32-700/net/ipv4/web100_stats.c linux-2.6.32-700-xidmask/net/ipv4/web100_stats.c
186 --- linux-2.6.32-700/net/ipv4/web100_stats.c 2013-01-10 14:18:50.231318735 -0500
187 +++ linux-2.6.32-700-xidmask/net/ipv4/web100_stats.c 2013-02-06 17:33:26.489910217 -0500
189 return cid % web100stats_htsize;
192 -struct web100stats *web100stats_lookup(int cid)
194 + * Determine if the given socket should have web100 stats structure.
197 + * sk -- socket pointer
199 + * 0 -- false, do not create the web100 stats struct
200 + * 1 -- true, create the web100 stats structure
202 +int vx_can_create_stats(struct sock *sk) {
203 + struct vx_info *vxi=NULL;
205 + if ( NULL == sk ) {
209 + if ( 0 != sk->sk_xid ) {
210 + vxi = lookup_vx_info(sk->sk_xid);
211 + if ( NULL != vxi ) {
212 + if ( ! vx_info_ccaps(vxi, VXC_ENABLE_WEB100) ) {
213 + /* do not create stats struct */
218 + /* create stats struct */
223 + * Determine if the current task has permission to read given stats struct. The
224 + * reader's identity is taken as the current task. If the current task
225 + * has permission, then the function returns TRUE. Otherwise, FALSE.
227 + * At least one condition must be satisfied for the function to return TRUE:
228 + * xid == 0 -- reader is the root context of the system.
229 + * xid == stats->wc_sk->sk_xid -- reader created the stats object
230 + * xid == web100_sidestream_xid -- reader can see all stats
233 + * stats - the web100 stats structure to read.
236 + * 0 - FALSE, read permission should be denied.
237 + * 1 - TRUE, current task has read permission
239 +int vx_can_read_stats(struct web100stats *stats) {
240 + struct vx_info *vxi=NULL;
241 + struct sock *sk = NULL;
243 + if ( NULL == stats || stats->wc_dead ) {
247 + if ( 0 == vx_current_xid() ) {
248 + // always ok for xid=0 (root context)
252 + vxi = current_vx_info();
253 + if ( NULL == vxi ) {
254 + /* non-root context is missing vx_info; cannot check access flags */
258 + if ( vx_current_xid() == sysctl_web100_sidestream_xid ) {
259 + /* the sidestream xid can view all stats. */
264 + if ( vx_current_xid() == sk->sk_xid ) {
265 + /* the xid is the socket owner so can see it's own connections */
269 + /* all checks have failed, so deny read permission. */
274 + * Based on the connection ID, return the web100stats structure.
275 + * Optionally, when vx_filter=1, filter the result by the
276 + * read-permission of the current task. When vx_filter=0, do not perform
280 + * cid -- connection id
281 + * vx_filter -- 1 or 0, filter the returned stats or not
284 + * If the cid is found, a pointer to a web100stats struct;
285 + * If the cid is not found or filtered, NULL is returned.
287 +struct web100stats *vx_web100stats_lookup(int cid, int vx_filter)
289 struct web100stats *stats;
292 stats = web100stats_ht[web100stats_hash(cid)];
293 while (stats && stats->wc_cid != cid)
294 stats = stats->wc_hash_next;
296 + if ( 0 == vx_filter || 1 == vx_can_read_stats(stats) ) {
302 /* This will get really slow as the cid space fills. This can be done
305 i = web100stats_next_cid;
307 - if (web100stats_lookup(i) == NULL)
308 + /* use vx sensitive version *without* filtering */
309 + if (vx_web100stats_lookup(i,0) == NULL)
311 i = (i + 1) % WEB100_MAX_CONNS;
312 } while (i != web100stats_next_cid);
314 struct web100directs *vars;
315 struct tcp_sock *tp = tcp_sk(sk);
318 + if ( 0 == vx_can_create_stats(sk) ) {
319 + /* do not create web100 stats for this socket */
320 + tp->tcp_stats = NULL;
324 if ((stats = kmalloc(sizeof (struct web100stats), gfp_any())) == NULL)
328 void web100_stats_destroy(struct web100stats *stats)
330 + if ( NULL == stats ) {
333 /* Attribute final sndlim time. */
334 web100_update_sndlim(tcp_sk(stats->wc_sk), stats->wc_limstate);
336 diff -Ndur linux-2.6.32-700/net/ipv6/tcp_ipv6.c linux-2.6.32-700-xidmask/net/ipv6/tcp_ipv6.c
337 --- linux-2.6.32-700/net/ipv6/tcp_ipv6.c 2013-01-10 14:18:50.219284269 -0500
338 +++ linux-2.6.32-700-xidmask/net/ipv6/tcp_ipv6.c 2013-01-10 14:21:16.373337472 -0500
339 @@ -1380,7 +1380,9 @@
343 - tcp_sk(newsk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV6;
344 + if ( tcp_sk(newsk)->tcp_stats != NULL ) {
345 + tcp_sk(newsk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV6;
350 @@ -1901,7 +1903,9 @@
351 if ((err = web100_stats_create(sk))) {
354 - tcp_sk(sk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV6;
355 + if ( tcp_sk(sk)->tcp_stats != NULL ) {
356 + tcp_sk(sk)->tcp_stats->wc_vars.LocalAddressType = WC_ADDRTYPE_IPV6;