Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp43400ybt; Tue, 30 Jun 2020 14:25:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzFYYrP/tlSh5N0f3CkKsOE3vGD2DTnIUfP6GGR3C6cKXcExtbAU1gopy9jPW7cEuIeq/OL X-Received: by 2002:aa7:d04e:: with SMTP id n14mr411292edo.161.1593552358312; Tue, 30 Jun 2020 14:25:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593552358; cv=none; d=google.com; s=arc-20160816; b=Ri44cYPiH4nn/SWNDhd5cck4czF86zOrL4RnzFF2mpsjCAeMLMWGDriWH9IUC0IzIQ MlCyQvUl6OzsjuiicQJyhOR1eiWSzRitsrKvIMWObctmjH5xuu+aUrqcsGLkpQBErsPp EUjC2PWPRayGsqMJvrIYfs9Dni600vV8kAicsBzYRZG/mZgr9lkc7jkVs2AIccjSdJIx Xzrze6U8oKywZ9NJdskcNUh01qVahZ1mkQnhMtNCSmfdAuyKaX7WqJZVTUyHM9HP6As8 Z8ULffcTfofnokrMuUo3tBRXE3sL50BhXYspe8IkDrXvxnkLsxIq3n+b0nYcNGETA71Y Bepw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=i0YqT6m3QtaAiDI6grIJlvbolRVDowogWllB0TSpYPE=; b=SRNhDhJ+XfIT7+bw0A7WI0SAMXokH1ZQaD6MzIIUDbiUQPnim/Rmmi3qP8kz7yM4C/ Hh8R22eB29LPodcUHSOKxPh0av1mVp/LgbxCL6Y7IU6K3UjaTOFBWnYl3yJKBqHkKeQU bn5NXmX/A/25C8KBf5DijJYjweTFJmHx9EFk3ytZdH7sIlP+KodFhfyaxwMqScaTQMeP iDlbWXr+GjWzKWCdAJiKlJTs5Fb7O27+fNpjuqPK0RldifbooTqxs7MBFrnytsU4eyrH FpJqbPmCLJMkQPmx+nzWFJN/XFqIUbNsgmxQLb/S/ZL4Ji0S1tugNPBYGRm0pEHshw1o z1Ww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=AW4tqNB+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k13si2354135edh.362.2020.06.30.14.25.35; Tue, 30 Jun 2020 14:25:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=AW4tqNB+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729880AbgF3Ujk (ORCPT + 99 others); Tue, 30 Jun 2020 16:39:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54266 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729689AbgF3Ujk (ORCPT ); Tue, 30 Jun 2020 16:39:40 -0400 Received: from mail-yb1-xb41.google.com (mail-yb1-xb41.google.com [IPv6:2607:f8b0:4864:20::b41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D3E22C03E979 for ; Tue, 30 Jun 2020 13:39:39 -0700 (PDT) Received: by mail-yb1-xb41.google.com with SMTP id p204so6947224ybc.11 for ; Tue, 30 Jun 2020 13:39:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=i0YqT6m3QtaAiDI6grIJlvbolRVDowogWllB0TSpYPE=; b=AW4tqNB+BgRpKkfQRGV1Z/vkYn0fzNhc2eLPusihMPDvXcGu6gra+VNscBfk9xuFZY ArtotMYiGS9mbfWPGVDez5YKt9DwuVV2suJcC2TmLxwvDVhYxfhwl88hepl1aePYPlXt M14CXbyA6FPNAcyuVyWrGuizTBAqFjGlVmH3YQ29cWRsuobQF4jZq39DEb2EznPF75Hm UsnHBONXYRh1YNbEuzyDMUq2x7xT8yVzSeYGVNKYSH8tebRR7ALzuTn5Lb9v9wcPtgyb qhDWWntg6tv9CJl0KFkmp8sV1xzPbUMF4rDFl0Uq4Ho0dW3HKKqJsNIfMtG+sa1275hg i8LA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=i0YqT6m3QtaAiDI6grIJlvbolRVDowogWllB0TSpYPE=; b=bpYrJ/91jpx2KAnm6uNA1cVqWVX/iqVPL9lIBoRDMq3o5da9vbrnEQ/FdfnqIYOmG0 4hA+OvkgWhLb1RBOh2rAQJRePJYQex9unSheb4MiknXxivoiwxCd2xP91cJDY1AeQ/KS 2io6+D8YXuIoC+0CUP6nqlXwgdNa0ZYaMsirREqKQ2kkBrjNEmikD2yj5HHMu7xytqs2 0t8pO6DY0EWniYcvlbNXGpyhbR4nUxF0Nsip46uGnyc039CYIsJaSMIdEHfn+TsQ/8G8 zgXTIqbJ6F4zPIlVMdP7BxQLOiJei3GwLRWbRDgFtl5JfvnZo5L8XsWFpqyID6b8dEOs gIyQ== X-Gm-Message-State: AOAM531PYkr2kZEDUJeW43XG7KsXMY087RJKqcMNqSnIW5D0uFSeXyiX IHfcTIVGDld+B9dYcYVQseV1TDUIHVDlxaaKlEroLw== X-Received: by 2002:a25:cd87:: with SMTP id d129mr34851710ybf.395.1593549578616; Tue, 30 Jun 2020 13:39:38 -0700 (PDT) MIME-Version: 1.0 References: <341326348.19635.1589398715534.JavaMail.zimbra@efficios.com> <1132973300.15954.1593459836756.JavaMail.zimbra@efficios.com> <312079189.17903.1593549293094.JavaMail.zimbra@efficios.com> In-Reply-To: <312079189.17903.1593549293094.JavaMail.zimbra@efficios.com> From: Eric Dumazet Date: Tue, 30 Jun 2020 13:39:27 -0700 Message-ID: Subject: Re: [regression] TCP_MD5SIG on established sockets To: Mathieu Desnoyers Cc: Linus Torvalds , "David S. Miller" , linux-kernel , netdev , Yuchung Cheng , Jonathan Rajotte-Julien Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 30, 2020 at 1:34 PM Mathieu Desnoyers wrote: > > ----- On Jun 30, 2020, at 3:52 PM, Linus Torvalds torvalds@linux-foundation.org wrote: > > > On Tue, Jun 30, 2020 at 12:43 PM Linus Torvalds > > wrote: > >> > [...] > > So I think it's still wrong (clearly others do change passwords > > outside of listening state), but considering that it apparently took > > people two years to notice, at least some of the onus on figuring out > > a better morel is on people who didn't even bother to test things in a > > timely manner. > > I'm fully willing to work with Eric on finding a way forward with a > fix which addresses the original issue Eric's patch was trying to > fix while preserving ABI compatibility. > > The main thing we need to agree on at this stage is what is our goal. We > can either choose to restore the original ABI behavior entirely, or only > focus on what appears to be the most important use-cases. > > AFAIU, restoring full ABI compatibility would require to re-enable all > the following scenarios: > > A) Transition of live socket from no key -> MD5 key. > B) Transition of live socket from MD5 key -> no key. > C) Transition of live socket from MD5 key to a different MD5 key. > > Scenario (C) appears to be the most important use-case, and probably the > easiest to restore to its original behavior. > > AFAIU restoring scenarios A and B would require us to validate how > much header space is needed by each SACK, TS and MD5 option enabled > on the socket, and reject enabling any option that adds header space > requirement exceeding the available space. > > I welcome advice on what should be the end goal here. > The (C) & (B) case are certainly doable. A) case is more complex, I have no idea of breakages of various TCP stacks if a flow got SACK at some point (in 3WHS) but suddenly becomes Reno.