Received: by 2002:a05:6358:5282:b0:b5:90e7:25cb with SMTP id g2csp3759421rwa; Tue, 23 Aug 2022 09:37:38 -0700 (PDT) X-Google-Smtp-Source: AA6agR5G/ajAGb9UlXOxwXhPZjp6c0I4sxNASqeUuonmqpjWrxXjWxcHGfKBHJznpMatZavqju40 X-Received: by 2002:a05:6402:415:b0:446:230d:2b82 with SMTP id q21-20020a056402041500b00446230d2b82mr4396780edv.200.1661272658599; Tue, 23 Aug 2022 09:37:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661272658; cv=none; d=google.com; s=arc-20160816; b=x2JKo6hFQbhxgJbQF+R78xh1JoyVFPrM94tgX/c7WAoAXJKbSOYE38Q8f5P08YBL7/ ZQawYEi/XYLjcq3BrdTY668bnRrIe3YIx+BVgt2z24oP6VWxNYa3MRYH6OP/ob8iCgOF o79a9TSjplPekth6GkRwId/rOHe5YsKxNb2xO9n8tJLfKVQjAGpH5v9DJlTwyuGxUher EIUGWMBVWx4nNEOpDdDe+PPpvwPMYDxKrZIAcByptAecUR4u4BxYmJMRlfuNSumRVyM9 Dj+Nxg4+d/j7iUN2R1dJVYB0ebuiEwQtV7pD5PMob+2mZsf/FbbdyeS6v1odbgrhWCmZ qUhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=9FkbKWfrE7syTvjgVRfTfp1QVZS5uNWK2l9/kYxbDIo=; b=cSen7qvlfzj2y2g0T8bBDL/jSX9DtMxm8qG0DC+KN+M3A5CCFwFdKfb2/VHbCq7RzP Vf3cNlNQgxnQBSsCiCUzgn1k7rGuXb21lHpM2thIoYl26c10flVnmN2qhVgMp9z+fpwB F0iVqAVuZ5GT93M8bFfkAuxn+9uhYsH2AnV91m1uMVOgfBNj9BQQ5oh6vh6Rh7OA4F6a 1E2EONhn5Y3gPn+CFQmwKYuDmzNkqapu9zwrTbf5wbbPIGwpR4Xwt/C9nCiTWTMAnCc2 DjR9H1pWwJAhUG8lqjHx1NIQoqx0YTAOylZxnFO7CIUGb9Ec/1n690qai33EDNkrHIs0 sIAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=VqXQUoqN; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t12-20020a056402524c00b0043c45284ef9si2867601edd.562.2022.08.23.09.37.04; Tue, 23 Aug 2022 09:37:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=VqXQUoqN; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244653AbiHWQeN (ORCPT + 99 others); Tue, 23 Aug 2022 12:34:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53306 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244638AbiHWQde (ORCPT ); Tue, 23 Aug 2022 12:33:34 -0400 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD00EE58B5; Tue, 23 Aug 2022 07:50:47 -0700 (PDT) Received: by mail-ed1-x532.google.com with SMTP id w10so6229926edc.3; Tue, 23 Aug 2022 07:50:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc; bh=9FkbKWfrE7syTvjgVRfTfp1QVZS5uNWK2l9/kYxbDIo=; b=VqXQUoqNkfeNZyklgLrRt9wOSiknNhjeL9iSJXyh8uVPqmoM5JVXSZG7SfNasI+hwu 49/sW/PGdPuNWBLvLI/o5KGRWsw+vcWBIXbx0P7VHyKNERqOBBmUtWfGJUYUPwFImMX0 g9a7uAnzZVlSJc+n20RQ79RB56freCTS9pTrgQFwomdMcdjx/QDf4WAlPQBBemRqFXSZ JbMX3xpc4C9HY9eu/RS6u0obRvUC0NjoeZjJ1nGt51Ytm9CV9UX8ZD8kXM8URhhWmEpL 2XAZm0uu0wRAjRr/DaNu+GzyK60zS2BUtxNodeoW2dHBsvASAI6QEkHmN3E7Qxq1ifF0 yApg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc; bh=9FkbKWfrE7syTvjgVRfTfp1QVZS5uNWK2l9/kYxbDIo=; b=7FGz/EpxzdKPq2/NOtpPvCF2lRBSmsiT/z4SKOpes5Vviu1HZt4chcvf6IyWEjCCjs TD3w2jnfvYU+YjzT8FBbHZS4SnHNu3MGIQvZKJ+Mryd6mnSGERCOpBkyBucqchOYdui/ qGtpIxtpDXLsNtFJKtbXZmq67rtQmOCGxZOIa/U0vQYngyvQnpgqTvJJaYQyLPPOTiNt bKddA57IOcVOGq6qeE9T0wOCtzLn8RZ3JxbNzNKumldmKeKV5KEB5LCQcYjOi3gwymR9 PnfjdZuOSssmr9LeSdRUGFhF01OW2MNI3uO7dsqDDNcJT9OxxV2t1GFvdo+7ZhlZt9Z8 CLoA== X-Gm-Message-State: ACgBeo0Jj9TXqnv/gZDN+TNZ1lL7sjB3S6Y3PlDwrZdckeu16CCYuSUc 3ckKFZYxjPGg8qYj7xsJBMM= X-Received: by 2002:aa7:ce0f:0:b0:445:f488:51ca with SMTP id d15-20020aa7ce0f000000b00445f48851camr408017edv.6.1661266246401; Tue, 23 Aug 2022 07:50:46 -0700 (PDT) Received: from ?IPV6:2a04:241e:502:a09c:f5c4:cca0:9b39:e8aa? ([2a04:241e:502:a09c:f5c4:cca0:9b39:e8aa]) by smtp.gmail.com with ESMTPSA id w21-20020a1709061f1500b0072eddcc807fsm7589047ejj.155.2022.08.23.07.50.44 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 23 Aug 2022 07:50:45 -0700 (PDT) Message-ID: <01f8616c-2904-42f1-1e59-ca4c71f7a9bd@gmail.com> Date: Tue, 23 Aug 2022 17:50:43 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [PATCH 19/31] net/tcp: Add TCP-AO SNE support Content-Language: en-US To: Dmitry Safonov Cc: Andy Lutomirski , Ard Biesheuvel , Bob Gilligan , David Ahern , Dmitry Safonov <0x7f454c46@gmail.com>, Eric Biggers , Francesco Ruggeri , Herbert Xu , Hideaki YOSHIFUJI , Ivan Delalande , Jakub Kicinski , Paolo Abeni , Salam Noureddine , Shuah Khan , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, Eric Dumazet , "David S. Miller" , linux-kernel@vger.kernel.org References: <20220818170005.747015-1-dima@arista.com> <20220818170005.747015-20-dima@arista.com> From: Leonard Crestez In-Reply-To: <20220818170005.747015-20-dima@arista.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 8/18/22 19:59, Dmitry Safonov wrote: > Add Sequence Number Extension (SNE) extension for TCP-AO. > This is needed to protect long-living TCP-AO connections from replaying > attacks after sequence number roll-over, see RFC5925 (6.2). > +#ifdef CONFIG_TCP_AO > + ao = rcu_dereference_protected(tp->ao_info, > + lockdep_sock_is_held((struct sock *)tp)); > + if (ao) { > + if (ack < ao->snd_sne_seq) > + ao->snd_sne++; > + ao->snd_sne_seq = ack; > + } > +#endif > tp->snd_una = ack; > } ... snip ... > +#ifdef CONFIG_TCP_AO > + ao = rcu_dereference_protected(tp->ao_info, > + lockdep_sock_is_held((struct sock *)tp)); > + if (ao) { > + if (seq < ao->rcv_sne_seq) > + ao->rcv_sne++; > + ao->rcv_sne_seq = seq; > + } > +#endif > WRITE_ONCE(tp->rcv_nxt, seq); It should always be the case that (rcv_nxt == rcv_sne_seq) and (snd_una == snd_sne_seq) so the _sne_seq fields are redundant. It's possible to avoid those extra fields. However 8 bytes per TCP-AO socket is inconsequential. -- Regards, Leonard