Received: by 2002:a05:6358:5282:b0:b5:90e7:25cb with SMTP id g2csp3760086rwa; Tue, 23 Aug 2022 09:38:24 -0700 (PDT) X-Google-Smtp-Source: AA6agR6CuK1/57JqTPF6yV+XpNuZ+YFiS38FbiP74t6WeLE2fifbl86Ro51K6Pr8Z7ps34z/0V8X X-Received: by 2002:a63:f04f:0:b0:42a:e1e2:5e87 with SMTP id s15-20020a63f04f000000b0042ae1e25e87mr4568994pgj.111.1661272704006; Tue, 23 Aug 2022 09:38:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661272703; cv=none; d=google.com; s=arc-20160816; b=HrYy7S+iKlVQc6uPwnFerGPw4mEALyQNyZ8ZLH7wL+otOefsvrpuvJZNmO0oKTv/FQ 9X57qlFTsRVeFIsUxWDXbH3oCqTfLysgVq9Bw2bOv3d+y+mFtB1NbOaGt0qrTG8dTzi/ t+P8pMhHya/xwY7vasnTEXHqSi7pS6EWWHTR9HMaNcxE5psZWV8SqOr5XxZiamhWCD+V haG4eNlchLDWu38ncN5njCu5ZrOZmnYLCBBJoKwuwxaKfCewNVg9vNHg43eh5NHKW4Gf xG5LeMceRid1DGpBGLXwjMx1QCfoodpNJh+lKBZl/KnqXsJoYki2XbdXbnWwwe5TJC1M tRSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=PZ5m+k6B5YpUHHcwQLGup/SYaFkGlGf+jzFdRUX/fG8=; b=iC2uuZBiAk7nSTN3G0e5iP4hDizaJ9ZJ2dHYxKZrKV5P3ip3RHCb39DwqvuC7l5lDR UMjkKnDcjcE0QkOJsgm5yBzgSV/bJgWA+4rTLYL4YVQ7/N+cenRrQvtZEDhtMZCSlRIa SIGurJ3fAGjzRfQpcCjLXr2Wt7l21nzJUp9zAsqOVnmRO3E+NchVOzDb0ruNn8ecATou 8j+5AB7bPfd2eEK59BZIeTQ4fKeXKdMUf1Xx6txUvgQcyK80BB10dimN7Ny6TlYDivq1 xFOnUmog+MleJa0SOtfzJo1llLqhfhJTlfQkmvlqgkEsXFsUZEThRRQLVRCQ+2QDaYfk P4iQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=baEOqFgN; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n3-20020a17090a4e0300b001f24e450a1dsi16920306pjh.54.2022.08.23.09.38.10; Tue, 23 Aug 2022 09:38:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=baEOqFgN; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244808AbiHWQhe (ORCPT + 99 others); Tue, 23 Aug 2022 12:37:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53866 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244812AbiHWQhH (ORCPT ); Tue, 23 Aug 2022 12:37:07 -0400 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E087D8E24; Tue, 23 Aug 2022 07:45:19 -0700 (PDT) Received: by mail-ej1-x62d.google.com with SMTP id sd33so6553796ejc.8; Tue, 23 Aug 2022 07:45:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc; bh=PZ5m+k6B5YpUHHcwQLGup/SYaFkGlGf+jzFdRUX/fG8=; b=baEOqFgNSVvs8MlfO5CupK9gJ3bJ0PxrrYky6ITqJ4DxTkmzgwCIzaw6vnFphQ4LQ4 7p3/o7miOj2HWJm9DiYrb4gwtimZURw6hrwbtS8MjE7hsubu/m/yU6lHqrKsAtBra4D3 odGjU6ZztSdbqIp9cJRrOPX2AiY3j/2RbYqLlJd/96QeLR3jTY+TM+s2eZ96+Lr+PTHU ayKBYVG7tV0DM5ZclpCCVkJpboywGve0nnYYAl1+3b181cW4yggunNrAQwuSz1LFH4Pf R10AH5AOlTR4RcV/uhiwlPpXcPa8Ym7u6BJonUxk/RFw/OmNq8kA0evV19VuAC9xFFSq GeYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc; bh=PZ5m+k6B5YpUHHcwQLGup/SYaFkGlGf+jzFdRUX/fG8=; b=6aIV5daQYmE++gaDdNPcWdnlW4Dv6GWosDGRgooHFTPva+3QhXMIRAuCUfxURw0yBo ySZAbwRJR4+3b0XhcgMlg9lxAHo6TQiwQkbproVXdOCfUaJ4IUoA1tm+CqEbAWAH5ArU dCmun/vex6kox4nyapja//b62P1fH4NBpGZaSQcz024lmGa+wTUi9S6yfjmgjEJPPUeb kDPc//+sdRiaXVAu8eso1udNOPqWLoLjpzZPA98yzc1+Cqre21hVWA5q6JZnPX7ItleI lLEHNtYcN+4o9Za0gDO8dTeucd9EXl322t9nC+cR5vudLjQJle/wlcrdB/I5m/QjuHqi PBNw== X-Gm-Message-State: ACgBeo1UAq6EvZHQQMPFSDP9PBaRCEMVktV73UpPXUAlTo8/4G61KxO4 NjyA1nROTC1jKcfQzjvn3IE= X-Received: by 2002:a17:906:478d:b0:73d:8ba3:d999 with SMTP id cw13-20020a170906478d00b0073d8ba3d999mr5365517ejc.77.1661265918186; Tue, 23 Aug 2022 07:45:18 -0700 (PDT) Received: from ?IPV6:2a04:241e:502:a09c:f5c4:cca0:9b39:e8aa? ([2a04:241e:502:a09c:f5c4:cca0:9b39:e8aa]) by smtp.gmail.com with ESMTPSA id kz22-20020a17090777d600b0073cc17cdb92sm6569354ejc.106.2022.08.23.07.45.16 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 23 Aug 2022 07:45:17 -0700 (PDT) Message-ID: Date: Tue, 23 Aug 2022 17:45:15 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [PATCH 23/31] net/tcp: Add getsockopt(TCP_AO_GET) Content-Language: en-US To: Dmitry Safonov Cc: Andy Lutomirski , Ard Biesheuvel , Bob Gilligan , David Ahern , Dmitry Safonov <0x7f454c46@gmail.com>, Eric Biggers , Francesco Ruggeri , Herbert Xu , Hideaki YOSHIFUJI , Ivan Delalande , Jakub Kicinski , Paolo Abeni , Salam Noureddine , Shuah Khan , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Eric Dumazet , "David S. Miller" References: <20220818170005.747015-1-dima@arista.com> <20220818170005.747015-24-dima@arista.com> From: Leonard Crestez In-Reply-To: <20220818170005.747015-24-dima@arista.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 8/18/22 19:59, Dmitry Safonov wrote: > Introduce getsockopt() that let user get TCP-AO keys and their > properties from a socket. A user can provide a filter to match > a specific key to be dumped or TCP_AO_GET_ALL flag may be used to dump > all keys in one syscall. No equivalent for this exists for TCP_MD5SIG or my TCP_AUTHOPT series. I do however have a proc file to dump all keys in the system. The list of keys is normally fully controlled by a single application so it shouldn't need to read back the keys that it wrote itself. The real reason this exists is because on the server side keys are copied on "synack" rather than "accept" and userspace can't know if a newly accepted socket has all the latest keychain updates. This effectively dumps responsibility for a kernel implementation race onto userspace. At least you should mention how it's meant to be used in the commit message, and that it's not really optional. I think making keys global is easier for userspace to use, despite the difference versus TCP_MD5. -- Regards, Leonard