[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANn89i+Ln+d6fci8T1MWwACZGS-RE+DfOvQ1kvejGowtiYhofw@mail.gmail.com>
Date: Wed, 29 Nov 2023 18:53:26 +0100
From: Eric Dumazet <edumazet@...gle.com>
To: Dmitry Safonov <dima@...sta.com>
Cc: David Ahern <dsahern@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Jakub Kicinski <kuba@...nel.org>, "David S. Miller" <davem@...emloft.net>, linux-kernel@...r.kernel.org,
Dmitry Safonov <0x7f454c46@...il.com>, Francesco Ruggeri <fruggeri05@...il.com>,
Salam Noureddine <noureddine@...sta.com>, Simon Horman <horms@...nel.org>, netdev@...r.kernel.org
Subject: Re: [PATCH v4 4/7] net/tcp: Allow removing current/rnext TCP-AO keys
on TCP_LISTEN sockets
On Wed, Nov 29, 2023 at 5:57 PM Dmitry Safonov <dima@...sta.com> wrote:
>
> TCP_LISTEN sockets are not connected to any peer, so having
> current_key/rnext_key doesn't make sense.
I do not understand this patch.
This seems that the clearing should happen at disconnect time, from
tcp_disconnect() ?
Why forcing user to set a socket option to clear these fields ?
>
> The userspace may falter over this issue by setting current or rnext
> TCP-AO key before listen() syscall. setsockopt(TCP_AO_DEL_KEY) doesn't
> allow removing a key that is in use (in accordance to RFC 5925), so
> it might be inconvenient to have keys that can be destroyed only with
> listener socket.
>
> Fixes: 4954f17ddefc ("net/tcp: Introduce TCP_AO setsockopt()s")
> Signed-off-by: Dmitry Safonov <dima@...sta.com>
> ---
> net/ipv4/tcp_ao.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c
> index c8be1d526eac..bf41be6d4721 100644
> --- a/net/ipv4/tcp_ao.c
> +++ b/net/ipv4/tcp_ao.c
> @@ -1818,8 +1818,16 @@ static int tcp_ao_del_cmd(struct sock *sk, unsigned short int family,
> if (!new_rnext)
> return -ENOENT;
> }
> - if (cmd.del_async && sk->sk_state != TCP_LISTEN)
> - return -EINVAL;
> + if (sk->sk_state == TCP_LISTEN) {
> + /* Cleaning up possible "stale" current/rnext keys state,
> + * that may have preserved from TCP_CLOSE, before sys_listen()
> + */
> + ao_info->current_key = NULL;
> + ao_info->rnext_key = NULL;
> + } else {
> + if (cmd.del_async)
> + return -EINVAL;
> + }
>
> if (family == AF_INET) {
> struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.addr;
> --
> 2.43.0
>
Powered by blists - more mailing lists