Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp48626ybt; Tue, 30 Jun 2020 14:33:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzlNO7Ey/jJC6nQgrKnBNYB9c1Aq9iz9cJGX50weMj36btSnZGZRRbJFHWlQy7VAYc8S7c6 X-Received: by 2002:a17:906:cd2:: with SMTP id l18mr20867745ejh.18.1593552362653; Tue, 30 Jun 2020 14:26:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593552362; cv=none; d=google.com; s=arc-20160816; b=Os14dg68/BzJLTWQpTftg5z+i6LMFJ9JUp3+q/zIsOu88AaiYWoCtP+9y6OtnBCAJm 2Xy0Y/I6VOzOxNr5P3QFzzeilCEwsgiiIQed3Y6iuJeagzIx4Z1RGmPgohKw6PzR8oTw Ro1ZIuBCjuQhIT5v9SklEuXT1747iaW7ZBsPk4ZaWchb0mq3SHpK7YL5QZjm8y4r+CB9 5TfHR9sK/AZDZSmFS/UV7Q6b8KQGXep3E/5b1JDHYH8lHQYpTg7xA4Tk3zAQshV/QbAz aALgzVJxrHENvk8Di7l/tluamG9F58IOgnGHFz5W69W8eA1PFbG9UafTqF7iwlAaGEsq QN4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:thread-index:thread-topic :content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date:dkim-signature:dkim-filter; bh=sjBFJc3lgLnEtXkMLVG8upOVvYseCMfl9eQoq9cRJWk=; b=jiX0CRU/bKEYY+hCCEU0e0fTKJFGA3x6uvCuq2rIWnK7ipzbRAjMivz6aKkRwWvapm RijtfwCcJm65AiWOhizsb25n5B481qKzj7d43sbvH1Pi8GtjUkX4Eil39D6yac+Lv+oJ zoZmyXpILAnsZelLcvGrR8Ck5j9DEOvbmAopgAuv+UWzd3DQkAOWmvximYpVje56ShVi zvpC/ycUGfrqFN3uqVN7gnGR9Qh5SLdWBEm/RkMncrXKW9GZVJZCVZEsAwlhTcpmC7D+ XDaJuKQd6v3Kjma492XzePIgsh+64UJmfCsEw6tnwWS8AdmU3UiujfKekjSmVhfV5rIe tEsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@efficios.com header.s=default header.b=aVzH4BTu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g11si2602550edk.96.2020.06.30.14.25.38; Tue, 30 Jun 2020 14:26:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@efficios.com header.s=default header.b=aVzH4BTu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729915AbgF3Ujx (ORCPT + 99 others); Tue, 30 Jun 2020 16:39:53 -0400 Received: from mail.efficios.com ([167.114.26.124]:58026 "EHLO mail.efficios.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728387AbgF3Ujw (ORCPT ); Tue, 30 Jun 2020 16:39:52 -0400 Received: from localhost (localhost [127.0.0.1]) by mail.efficios.com (Postfix) with ESMTP id E3A5E2C6DA1; Tue, 30 Jun 2020 16:39:51 -0400 (EDT) Received: from mail.efficios.com ([127.0.0.1]) by localhost (mail03.efficios.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id u6VBh4kG6hgX; Tue, 30 Jun 2020 16:39:51 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mail.efficios.com (Postfix) with ESMTP id A3F032C6F0A; Tue, 30 Jun 2020 16:39:51 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.efficios.com A3F032C6F0A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com; s=default; t=1593549591; bh=sjBFJc3lgLnEtXkMLVG8upOVvYseCMfl9eQoq9cRJWk=; h=Date:From:To:Message-ID:MIME-Version; b=aVzH4BTuRyljgJfijNTSCPjBcg1+mZu6DzcLsK2m9gh+fz8RFYKk6Xh+3RBKTrAHw y2h08B6OZmqZRAva7dh2vjzPt62ylUKIqx+29cL4RYoQH3yfcDC+qxw9eHLHeG1oDp SqgH+/+W9BDYBgir9qvHma8l2pWuT+PQdaqu23q7ySZJ0jWtOaGTuhRiDfzsv1PWvU Pq0L2e/7TvACjv2tpgWUPR0o+Fq+0qtw9W0/5c8604tEyNzUfnVFHkmsNPDfP8ZQ3r rVi/RgiukynkG5S8HBzahHD/c8VlHiIvMY0w0swyDHTWRRn3gsLOWnPx0Ah4Zj9pUB kBr3kVcBxRI2A== X-Virus-Scanned: amavisd-new at efficios.com Received: from mail.efficios.com ([127.0.0.1]) by localhost (mail03.efficios.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 72GketiYT7h8; Tue, 30 Jun 2020 16:39:51 -0400 (EDT) Received: from mail03.efficios.com (mail03.efficios.com [167.114.26.124]) by mail.efficios.com (Postfix) with ESMTP id 97CFA2C6E96; Tue, 30 Jun 2020 16:39:51 -0400 (EDT) Date: Tue, 30 Jun 2020 16:39:51 -0400 (EDT) From: Mathieu Desnoyers To: Eric Dumazet Cc: "David S. Miller" , Linus Torvalds , linux-kernel , netdev , Yuchung Cheng , Jonathan Rajotte-Julien Message-ID: <1682267267.17918.1593549591608.JavaMail.zimbra@efficios.com> In-Reply-To: References: <1132973300.15954.1593459836756.JavaMail.zimbra@efficios.com> <20200630.132112.1161418939084868350.davem@davemloft.net> Subject: Re: [regression] TCP_MD5SIG on established sockets MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [167.114.26.124] X-Mailer: Zimbra 8.8.15_GA_3945 (ZimbraWebClient - FF77 (Linux)/8.8.15_GA_3928) Thread-Topic: TCP_MD5SIG on established sockets Thread-Index: tcdE3j+VTMeB5CSmGAl1c0l3cJ95bg== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ----- On Jun 30, 2020, at 4:30 PM, Eric Dumazet edumazet@google.com wrote: > On Tue, Jun 30, 2020 at 1:21 PM David Miller wrote: >> >> From: Linus Torvalds >> Date: Tue, 30 Jun 2020 12:43:21 -0700 >> >> > If you're not willing to do the work to fix it, I will revert that >> > commit. >> >> Please let me handle this situation instead of making threats, this >> just got reported. >> >> Thank you. >> > > Also keep in mind the commit fixed a security issue, since we were > sending on the wire > garbage bytes from the kernel. > > We can not simply revert it and hope for the best. > > I find quite alarming vendors still use TCP MD5 "for security > reasons", but none of them have contributed to it in linux kernel > since 2018 > (Time of the 'buggy patch') I'm helping a customer increase their contributions and feedback to upstream. As we can see, they have accumulated some backlog over time. Clearly reverting a security fix is not acceptable here. Coming up with a proper ABI-compatible fix should not be out of our reach though. Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com