lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89iK-=G7p5CMuJDjioa7+ynZRrOOpd7bK3kPzxCXzygfFCQ@mail.gmail.com> Date: Tue, 21 Nov 2023 09:13:42 +0100 From: Eric Dumazet <edumazet@...gle.com> To: Dmitry Safonov <dima@...sta.com> Cc: David Ahern <dsahern@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Jakub Kicinski <kuba@...nel.org>, "David S. Miller" <davem@...emloft.net>, linux-kernel@...r.kernel.org, Dmitry Safonov <0x7f454c46@...il.com>, Francesco Ruggeri <fruggeri05@...il.com>, Salam Noureddine <noureddine@...sta.com>, Simon Horman <horms@...nel.org>, netdev@...r.kernel.org Subject: Re: [PATCH 7/7] net/tcp: Don't store TCP-AO maclen on reqsk On Tue, Nov 21, 2023 at 3:01 AM Dmitry Safonov <dima@...sta.com> wrote: > > This extra check doesn't work for a handshake when SYN segment has > (current_key.maclen != rnext_key.maclen). It could be amended to > preserve rnext_key.maclen instead of current_key.maclen, but that > requires a lookup on listen socket. > > Originally, this extra maclen check was introduced just because it was > cheap. Drop it and convert tcp_request_sock::maclen into boolean > tcp_request_sock::used_tcp_ao. > > Fixes: 06b22ef29591 ("net/tcp: Wire TCP-AO to request sockets") > Signed-off-by: Dmitry Safonov <dima@...sta.com> > --- > include/linux/tcp.h | 10 ++++------ > net/ipv4/tcp_ao.c | 4 ++-- > net/ipv4/tcp_input.c | 5 +++-- > net/ipv4/tcp_output.c | 9 +++------ > 4 files changed, 12 insertions(+), 16 deletions(-) > > diff --git a/include/linux/tcp.h b/include/linux/tcp.h > index 68f3d315d2e1..3af897b00920 100644 > --- a/include/linux/tcp.h > +++ b/include/linux/tcp.h > @@ -155,6 +155,9 @@ struct tcp_request_sock { > bool req_usec_ts; > #if IS_ENABLED(CONFIG_MPTCP) > bool drop_req; > +#endif > +#ifdef CONFIG_TCP_AO > + bool used_tcp_ao; Why adding another 8bit field here and creating a hole ? > #endif > u32 txhash; > u32 rcv_isn; > @@ -169,7 +172,6 @@ struct tcp_request_sock { > #ifdef CONFIG_TCP_AO > u8 ao_keyid; > u8 ao_rcv_next; > - u8 maclen; Just rename maclen here to used_tcp_ao ? > #endif > }; >
Powered by blists - more mailing lists