On 1/18/19 12:12 PM, Benedict Wong wrote: > ip xfrm state show currently dumps keys unconditionally. This limits its > use in logging, as security information can be leaked. > > This patch adds a nokeys option to ip xfrm ( state show | monitor ), which > prevents the printing of keys. This allows ip xfrm state show to be used > in logging without exposing keys. > > Signed-off-by: Benedict Wong <benedictw...@google.com> > --- > ip/ipxfrm.c | 49 +++++++++++++++++++++++++--------------------- > ip/xfrm.h | 5 +++-- > ip/xfrm_monitor.c | 7 +++++-- > ip/xfrm_state.c | 27 ++++++++++++++++++++----- > man/man8/ip-xfrm.8 | 15 +++++++++++++- > 5 files changed, 71 insertions(+), 32 deletions(-) >
applied to iproute2-next. Thanks
