lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Nov 2023 11:20:25 +0100
From: Eric Dumazet <edumazet@...gle.com>
To: Kuniyuki Iwashima <kuniyu@...zon.com>
Cc: "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, 
	Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, 
	Kuniyuki Iwashima <kuni1840@...il.com>, netdev@...r.kernel.org
Subject: Re: [PATCH v3 net-next 8/8] tcp: Factorise cookie-dependent fields
 initialisation in cookie_v[46]_check()

On Wed, Nov 29, 2023 at 3:33 AM Kuniyuki Iwashima <kuniyu@...zon.com> wrote:
>
> We will support arbitrary SYN Cookie with BPF, and then kfunc at
> TC will preallocate reqsk and initialise some fields that should
> not be overwritten later by cookie_v[46]_check().
>
> To simplify the flow in cookie_v[46]_check(), we move such fields'
> initialisation to cookie_tcp_reqsk_alloc() and factorise non-BPF
> SYN Cookie handling into cookie_tcp_check(), where we validate the
> cookie and allocate reqsk, as done by kfunc later.
>
> Note that we set ireq->ecn_ok in two steps, the latter of which will
> be shared by the BPF case.  As cookie_ecn_ok() is one-liner, now
> it's inlined.
>
> Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
> Reviewed-by: Simon Horman <horms@...nel.org>
> ---
>


>                                   dst_metric(dst, RTAX_INITRWND));
>
>         ireq->rcv_wscale = rcv_wscale;
> -       ireq->ecn_ok = cookie_ecn_ok(&tcp_opt, net, dst);
> +       ireq->ecn_ok &= cookie_ecn_ok(net, dst);

nit: presumably this cookie_ecn_ok() call could be factorized if done
from tcp_get_cookie_sock()

Reviewed-by: Eric Dumazet <edumazet@...gle.com>

No need for another version.

>
>         ret = tcp_get_cookie_sock(sk, skb, req, dst);
>  out:
> --
> 2.30.2
>

Powered by blists - more mailing lists