Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp480820imn; Tue, 26 Jul 2022 00:34:47 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tsuHMgdnI6LwzxZUXIMDqYpCVIaA3U4scve+pYAqb3TxYAAnd/S8rEuRHdWkt1HlIvKxGJ X-Received: by 2002:a17:902:e5d2:b0:16d:7846:3e9a with SMTP id u18-20020a170902e5d200b0016d78463e9amr8095006plf.122.1658820887781; Tue, 26 Jul 2022 00:34:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658820887; cv=none; d=google.com; s=arc-20160816; b=wNXmj9HYm0vIKMpmGGJ+hqZf9BqK+WqXWIlIBtKklG/86JIXN+B2Uoc04p3Y8qZXy4 pa40hsMQiBfG4g3k69jK7seSKCptR+cNX94ENvWtGjH2XdmgBwGYKI5pdCq3LO/jHx6J uwxtJVcx1Seb29/KiJEWYeYyBEdatWRy9tpGrP+zn2sFdTClpHJC0xbA2/ZcW5xl1MrQ F01JpviSiYvfReCp3Zza3Kn3PgswPvlJ6c6mHdDKGAE87nzZa1LMvHYMjcic4o8Yjn52 nOBQP2YyBcSXRukUNkGnuCqTQ6s0Ko6nTBzVt+nZyf8hd1b5WzTnpYWrvHu766fBPXLb ZHeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=VvOrjB34rm7PzOpcu5vN7H48T73Za5L36kUOrTOg6ZU=; b=D+Um8knpyW8xPuzdEx5kQvnAIo/8JKF8B0mZSJGkyWaWr+c3u/00M6z90wBTwKxq9P wCPF//GA6gsEu7M7ox7KrYO+Gy14uY32VMGgLd79GLhh2fRfpKHLImg34ypzArgrLDk9 7GPwk8KnL0CvYl9f/4XBgbbV2zUCIZMlmqpe8NIqaSVfNPZinGJjXWtWG99TGLby9v1Q vWm3wlqcMlZ7gwXA9hvFiF15OQI5ew3zIdIKB0Ls3vJOmSZhxSMNPQ6S2huj4ZAbClUj 3NzZr5wiHBG71DTIM83slpZFxHikrNR3ZZpt6cTfNfUuPG+P+Tg+NHjZKBOosYu9gz/q Yd8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=UYCAqLQd; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y9-20020a056a00190900b00527f8c1d0ebsi17461608pfi.183.2022.07.26.00.34.22; Tue, 26 Jul 2022 00:34:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=UYCAqLQd; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238445AbiGZHcd (ORCPT + 99 others); Tue, 26 Jul 2022 03:32:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40524 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232008AbiGZHb6 (ORCPT ); Tue, 26 Jul 2022 03:31:58 -0400 Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E626D31DEA for ; Tue, 26 Jul 2022 00:28:02 -0700 (PDT) Received: by mail-yb1-xb2a.google.com with SMTP id a82so18411871ybb.12 for ; Tue, 26 Jul 2022 00:28:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VvOrjB34rm7PzOpcu5vN7H48T73Za5L36kUOrTOg6ZU=; b=UYCAqLQdkCe++bxbvoqb8ja13KXFhIBaW0rC+YYqYq4gvHo+TFgKPF/GZuT91VmSB8 C1W+AZw4l9ok/cijI6EPFtIFecx9ElKI75nt3EZmXPMl0ME3rxCMtwt6FCqEcqAzlXgc L7pKvLgAUNdI/gsvxXkfFlg5biXeIuPvgjq6OlZZ2cbEWC7jVJ6RmvIswJs0R1wPEInh sNGMWt8YNJtmjzLBgsGVFMhf8MoqqCx0CeHLgs7fbxPF4hIut+LmlvHlIRh5UZesH3nX o77xUb6eSknQa9/tZQ3BGK1QZOpg9ZmseIfEITeaJYNYQSmSvHlSqBbMN8jvoIXgWsY1 JjRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VvOrjB34rm7PzOpcu5vN7H48T73Za5L36kUOrTOg6ZU=; b=jS7yiV1a3+hSrbKofRNofpD30xMuzU1zhanibyJCHi2sMkav+0k7PE5Q2oz3IBjhb9 SBucS4cw7wEvIMo1iVSZD7e+1LBzz/aWEDR7rPywmXCQZWtWGcH+rl/XutiND3vjAu7k GAVCkPg2SO4uUHNXZFtxSV18pKC/ju6zGUH+5OYo66RByd/8ZYzABBijVCGtPQsrOzls rESDeKvHZDrTwtOqJGLpgKtgkb9P4cZYMXNH0FkwZ0ZStSaiDT/Qc2BBkVLkxWNV2AZw daNVTuefKYtCH/mTHS/KPKMgAF11jr1EKVwKOX2S5hGy3bB2pj7so5k+EHmMmCNS31dZ gCCQ== X-Gm-Message-State: AJIora9PIgckw6CDXbX2/H4TBIhM305y0nZ/ZmIYA+acqdYKqVoqJdvF K32P7vOKQptEjV+K036dPcZCRZIoODodAAofy+DApg== X-Received: by 2002:a25:13c8:0:b0:670:6a55:5fad with SMTP id 191-20020a2513c8000000b006706a555fadmr12357687ybt.598.1658820477779; Tue, 26 Jul 2022 00:27:57 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Eric Dumazet Date: Tue, 26 Jul 2022 09:27:46 +0200 Message-ID: Subject: Re: [PATCH v6 21/26] selftests: net/fcnal: Initial tcp_authopt support To: Leonard Crestez Cc: David Ahern , Philip Paeps , Dmitry Safonov <0x7f454c46@gmail.com>, Shuah Khan , "David S. Miller" , Herbert Xu , Kuniyuki Iwashima , Hideaki YOSHIFUJI , Jakub Kicinski , Yuchung Cheng , Francesco Ruggeri , Mat Martineau , Christoph Paasch , Ivan Delalande , Caowangbao , Priyaranjan Jha , netdev , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , "open list:KERNEL SELFTEST FRAMEWORK" , LKML Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, Jul 26, 2022 at 9:06 AM Eric Dumazet wrote: > > On Tue, Jul 26, 2022 at 8:16 AM Leonard Crestez wrote: > > > > Tests are mostly copied from tcp_md5 with minor changes. > > > > It covers VRF support but only based on binding multiple servers: not > > multiple keys bound to different interfaces. > > > > Also add a specific -t tcp_authopt to run only these tests specifically. > > > > Thanks for the test. > > Could you amend the existing TCP MD5 test to make sure dual sockets > mode is working ? > > Apparently, if we have a dual stack listener socket (AF_INET6), > correct incoming IPV4 SYNs are dropped. > > If this is the case, fixing MD5 should happen first ;) > > I think that we are very late in the cycle (linux-5.19 should be > released in 5 days), and your patch set should not be merged so late. I suspect bug was added in commit 7bbb765b73496699a165d505ecdce962f903b422 Author: Dmitry Safonov <0x7f454c46@gmail.com> Date: Wed Feb 23 17:57:40 2022 +0000 net/tcp: Merge TCP-MD5 inbound callbacks a possible fix (also removing an indirect call for IPV4) could be: diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index ba2bdc81137490bd1748cde95789f8d2bff3ab0f..66b883d1683ddf7de6a8959a2b4e025a74c830b1 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -4534,8 +4534,14 @@ tcp_inbound_md5_hash(const struct sock *sk, const struct sk_buff *skb, } /* check the signature */ - genhash = tp->af_specific->calc_md5_hash(newhash, hash_expected, - NULL, skb); + if (family == AF_INET) + genhash = tcp_v4_md5_hash_skb(newhash, + hash_expected, + NULL, skb); + else + genhash = tp->af_specific->calc_md5_hash(newhash, + hash_expected, + NULL, skb); if (genhash || memcmp(hash_location, newhash, 16) != 0) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);