net/handshake: Trace events for TLS Alert helpers

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add observability for the new TLS Alert infrastructure.

Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Link: https://lore.kernel.org/r/169047947409.5241.14548832149596892717.stgit@oracle-102.nfsv4bat.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Chuck Lever and committed by

Jakub Kicinski 2 years ago b470985c 39067dda

+169

3 changed files

expand all

include

trace

events

handshake.h

net

handshake

alert.c

trace.c

+160

include/trace/events/handshake.h

··· 6 6 #define _TRACE_HANDSHAKE_H 7 7 8 8 #include <linux/net.h> 9 + #include <net/tls_prot.h> 9 10 #include <linux/tracepoint.h> 11 + #include <trace/events/net_probe_common.h> 12 + 13 + #define TLS_RECORD_TYPE_LIST \ 14 + record_type(CHANGE_CIPHER_SPEC) \ 15 + record_type(ALERT) \ 16 + record_type(HANDSHAKE) \ 17 + record_type(DATA) \ 18 + record_type(HEARTBEAT) \ 19 + record_type(TLS12_CID) \ 20 + record_type_end(ACK) 21 + 22 + #undef record_type 23 + #undef record_type_end 24 + #define record_type(x) TRACE_DEFINE_ENUM(TLS_RECORD_TYPE_##x); 25 + #define record_type_end(x) TRACE_DEFINE_ENUM(TLS_RECORD_TYPE_##x); 26 + 27 + TLS_RECORD_TYPE_LIST 28 + 29 + #undef record_type 30 + #undef record_type_end 31 + #define record_type(x) { TLS_RECORD_TYPE_##x, #x }, 32 + #define record_type_end(x) { TLS_RECORD_TYPE_##x, #x } 33 + 34 + #define show_tls_content_type(type) \ 35 + __print_symbolic(type, TLS_RECORD_TYPE_LIST) 36 + 37 + TRACE_DEFINE_ENUM(TLS_ALERT_LEVEL_WARNING); 38 + TRACE_DEFINE_ENUM(TLS_ALERT_LEVEL_FATAL); 39 + 40 + #define show_tls_alert_level(level) \ 41 + __print_symbolic(level, \ 42 + { TLS_ALERT_LEVEL_WARNING, "Warning" }, \ 43 + { TLS_ALERT_LEVEL_FATAL, "Fatal" }) 44 + 45 + #define TLS_ALERT_DESCRIPTION_LIST \ 46 + alert_description(CLOSE_NOTIFY) \ 47 + alert_description(UNEXPECTED_MESSAGE) \ 48 + alert_description(BAD_RECORD_MAC) \ 49 + alert_description(RECORD_OVERFLOW) \ 50 + alert_description(HANDSHAKE_FAILURE) \ 51 + alert_description(BAD_CERTIFICATE) \ 52 + alert_description(UNSUPPORTED_CERTIFICATE) \ 53 + alert_description(CERTIFICATE_REVOKED) \ 54 + alert_description(CERTIFICATE_EXPIRED) \ 55 + alert_description(CERTIFICATE_UNKNOWN) \ 56 + alert_description(ILLEGAL_PARAMETER) \ 57 + alert_description(UNKNOWN_CA) \ 58 + alert_description(ACCESS_DENIED) \ 59 + alert_description(DECODE_ERROR) \ 60 + alert_description(DECRYPT_ERROR) \ 61 + alert_description(TOO_MANY_CIDS_REQUESTED) \ 62 + alert_description(PROTOCOL_VERSION) \ 63 + alert_description(INSUFFICIENT_SECURITY) \ 64 + alert_description(INTERNAL_ERROR) \ 65 + alert_description(INAPPROPRIATE_FALLBACK) \ 66 + alert_description(USER_CANCELED) \ 67 + alert_description(MISSING_EXTENSION) \ 68 + alert_description(UNSUPPORTED_EXTENSION) \ 69 + alert_description(UNRECOGNIZED_NAME) \ 70 + alert_description(BAD_CERTIFICATE_STATUS_RESPONSE) \ 71 + alert_description(UNKNOWN_PSK_IDENTITY) \ 72 + alert_description(CERTIFICATE_REQUIRED) \ 73 + alert_description_end(NO_APPLICATION_PROTOCOL) 74 + 75 + #undef alert_description 76 + #undef alert_description_end 77 + #define alert_description(x) TRACE_DEFINE_ENUM(TLS_ALERT_DESC_##x); 78 + #define alert_description_end(x) TRACE_DEFINE_ENUM(TLS_ALERT_DESC_##x); 79 + 80 + TLS_ALERT_DESCRIPTION_LIST 81 + 82 + #undef alert_description 83 + #undef alert_description_end 84 + #define alert_description(x) { TLS_ALERT_DESC_##x, #x }, 85 + #define alert_description_end(x) { TLS_ALERT_DESC_##x, #x } 86 + 87 + #define show_tls_alert_description(desc) \ 88 + __print_symbolic(desc, TLS_ALERT_DESCRIPTION_LIST) 10 89 11 90 DECLARE_EVENT_CLASS(handshake_event_class, 12 91 TP_PROTO( ··· 185 106 ), \ 186 107 TP_ARGS(net, req, sk, err)) 187 108 109 + DECLARE_EVENT_CLASS(handshake_alert_class, 110 + TP_PROTO( 111 + const struct sock *sk, 112 + unsigned char level, 113 + unsigned char description 114 + ), 115 + TP_ARGS(sk, level, description), 116 + TP_STRUCT__entry( 117 + /* sockaddr_in6 is always bigger than sockaddr_in */ 118 + __array(__u8, saddr, sizeof(struct sockaddr_in6)) 119 + __array(__u8, daddr, sizeof(struct sockaddr_in6)) 120 + __field(unsigned int, netns_ino) 121 + __field(unsigned long, level) 122 + __field(unsigned long, description) 123 + ), 124 + TP_fast_assign( 125 + const struct inet_sock *inet = inet_sk(sk); 126 + 127 + memset(__entry->saddr, 0, sizeof(struct sockaddr_in6)); 128 + memset(__entry->daddr, 0, sizeof(struct sockaddr_in6)); 129 + TP_STORE_ADDR_PORTS(__entry, inet, sk); 130 + 131 + __entry->netns_ino = sock_net(sk)->ns.inum; 132 + __entry->level = level; 133 + __entry->description = description; 134 + ), 135 + TP_printk("src=%pISpc dest=%pISpc %s: %s", 136 + __entry->saddr, __entry->daddr, 137 + show_tls_alert_level(__entry->level), 138 + show_tls_alert_description(__entry->description) 139 + ) 140 + ); 141 + #define DEFINE_HANDSHAKE_ALERT(name) \ 142 + DEFINE_EVENT(handshake_alert_class, name, \ 143 + TP_PROTO( \ 144 + const struct sock *sk, \ 145 + unsigned char level, \ 146 + unsigned char description \ 147 + ), \ 148 + TP_ARGS(sk, level, description)) 149 + 188 150 189 151 /* 190 152 * Request lifetime events ··· 273 153 DEFINE_HANDSHAKE_ERROR(handshake_cmd_accept_err); 274 154 DEFINE_HANDSHAKE_FD_EVENT(handshake_cmd_done); 275 155 DEFINE_HANDSHAKE_ERROR(handshake_cmd_done_err); 156 + 157 + /* 158 + * TLS Record events 159 + */ 160 + 161 + TRACE_EVENT(tls_contenttype, 162 + TP_PROTO( 163 + const struct sock *sk, 164 + unsigned char type 165 + ), 166 + TP_ARGS(sk, type), 167 + TP_STRUCT__entry( 168 + /* sockaddr_in6 is always bigger than sockaddr_in */ 169 + __array(__u8, saddr, sizeof(struct sockaddr_in6)) 170 + __array(__u8, daddr, sizeof(struct sockaddr_in6)) 171 + __field(unsigned int, netns_ino) 172 + __field(unsigned long, type) 173 + ), 174 + TP_fast_assign( 175 + const struct inet_sock *inet = inet_sk(sk); 176 + 177 + memset(__entry->saddr, 0, sizeof(struct sockaddr_in6)); 178 + memset(__entry->daddr, 0, sizeof(struct sockaddr_in6)); 179 + TP_STORE_ADDR_PORTS(__entry, inet, sk); 180 + 181 + __entry->netns_ino = sock_net(sk)->ns.inum; 182 + __entry->type = type; 183 + ), 184 + TP_printk("src=%pISpc dest=%pISpc %s", 185 + __entry->saddr, __entry->daddr, 186 + show_tls_content_type(__entry->type) 187 + ) 188 + ); 189 + 190 + /* 191 + * TLS Alert events 192 + */ 193 + 194 + DEFINE_HANDSHAKE_ALERT(tls_alert_send); 195 + DEFINE_HANDSHAKE_ALERT(tls_alert_recv); 276 196 277 197 #endif /* _TRACE_HANDSHAKE_H */ 278 198

net/handshake/alert.c

··· 21 21 22 22 #include "handshake.h" 23 23 24 + #include <trace/events/handshake.h> 25 + 24 26 /** 25 27 * tls_alert_send - send a TLS Alert on a kTLS socket 26 28 * @sock: open kTLS socket to send on ··· 40 38 struct kvec iov; 41 39 u8 alert[2]; 42 40 int ret; 41 + 42 + trace_tls_alert_send(sock->sk, level, description); 43 43 44 44 alert[0] = level; 45 45 alert[1] = description; ··· 81 77 return 0; 82 78 83 79 record_type = *((u8 *)CMSG_DATA(cmsg)); 80 + trace_tls_contenttype(sk, record_type); 84 81 return record_type; 85 82 } 86 83 EXPORT_SYMBOL(tls_get_record_type); ··· 104 99 data = iov->iov_base; 105 100 *level = data[0]; 106 101 *description = data[1]; 102 + 103 + trace_tls_alert_recv(sk, *level, *description); 107 104 } 108 105 EXPORT_SYMBOL(tls_alert_recv);

net/handshake/trace.c

··· 8 8 */ 9 9 10 10 #include <linux/types.h> 11 + #include <linux/ipv6.h> 11 12 12 13 #include <net/sock.h> 14 + #include <net/inet_sock.h> 13 15 #include <net/netlink.h> 14 16 #include <net/genetlink.h> 15 17