iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4954f17dde
linux/net/ipv6
History
Dmitry Safonov 4954f17dde net/tcp: Introduce TCP_AO setsockopt()s 
Add 3 setsockopt()s:
1. TCP_AO_ADD_KEY to add a new Master Key Tuple (MKT) on a socket
2. TCP_AO_DEL_KEY to delete present MKT from a socket
3. TCP_AO_INFO to change flags, Current_key/RNext_key on a TCP-AO sk

Userspace has to introduce keys on every socket it wants to use TCP-AO
option on, similarly to TCP_MD5SIG/TCP_MD5SIG_EXT.
RFC5925 prohibits definition of MKTs that would match the same peer,
so do sanity checks on the data provided by userspace. Be as
conservative as possible, including refusal of defining MKT on
an established connection with no AO, removing the key in-use and etc.

(1) and (2) are to be used by userspace key manager to add/remove keys.
(3) main purpose is to set RNext_key, which (as prescribed by RFC5925)
is the KeyID that will be requested in TCP-AO header from the peer to
sign their segments with.

At this moment the life of ao_info ends in tcp_v4_destroy_sock().

Co-developed-by: Francesco Ruggeri <fruggeri@arista.com>
Signed-off-by: Francesco Ruggeri <fruggeri@arista.com>
Co-developed-by: Salam Noureddine <noureddine@arista.com>
Signed-off-by: Salam Noureddine <noureddine@arista.com>
Signed-off-by: Dmitry Safonov <dima@arista.com>
Acked-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-10-27 10:35:44 +01:00
..
ila ila: Remove unnecessary file net/ila.h 2023-08-02 12:28:16 -07:00
netfilter netfilter: xt_mangle: only check verdict part of return value 2023-10-18 10:26:43 +02:00
addrconf_core.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
addrconf.c net: ipv6/addrconf: clamp preferred_lft to the minimum required 2023-10-25 18:23:06 -07:00
addrlabel.c ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network 2022-11-07 12:26:15 +00:00
af_inet6.c bpf: Propagate modified uaddrlen from cgroup sockaddr programs 2023-10-11 15:03:40 -07:00
ah6.c net: ipv6: Remove completion function scaffolding 2023-02-13 18:35:15 +08:00
anycast.c IPv6: add extack info for IPv6 address add/delete 2023-07-28 11:01:56 +01:00
calipso.c
datagram.c ipv6: lockless IPV6_FLOWINFO_SEND implementation 2023-09-15 10:33:48 +01:00
esp6_offload.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-06-22 18:40:38 -07:00
esp6.c net: ipv6: fix typo in comments 2023-10-25 10:38:07 +01:00
exthdrs_core.c ipv6: Fix out-of-bounds access in ipv6_find_tlv() 2023-05-24 08:43:39 +01:00
exthdrs_offload.c
exthdrs.c ipv6: exthdrs: Replace opencoded swap() implementation 2023-08-08 15:36:47 -07:00
fib6_notifier.c
fib6_rules.c
fou6.c
icmp.c ipv6: lockless IPV6_DONTFRAG implementation 2023-09-15 10:33:47 +01:00
inet6_connection_sock.c net: implement lockless SO_PRIORITY 2023-10-01 19:09:54 +01:00
inet6_hashtables.c net: remove duplicate INDIRECT_CALLABLE_DECLARE of udp[6]_ehashfn 2023-07-31 13:53:10 -07:00
ioam6_iptunnel.c netlink: make range pointers in policies const 2023-10-26 16:24:09 -07:00
ioam6.c genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
ip6_checksum.c
ip6_fib.c net/ipv6: Remove expired routes with a separated list of routes. 2023-08-16 12:26:43 +01:00
ip6_flowlabel.c ipv6: move np->repflow to atomic flags 2023-09-15 10:33:48 +01:00
ip6_gre.c net:ipv6: check return value of pskb_trim() 2023-07-19 12:25:58 +01:00
ip6_icmp.c
ip6_input.c ipv6: ignore dst hint for multipath routes 2023-09-01 08:11:51 +01:00
ip6_offload.c net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
ip6_offload.h
ip6_output.c ipv6: avoid atomic fragment on GSO packets 2023-10-25 18:04:29 -07:00
ip6_tunnel.c net: tunnels: annotate lockless accesses to dev->needed_headroom 2023-03-15 00:04:04 -07:00
ip6_udp_tunnel.c ipv6: add new arguments to udp_tunnel6_dst_lookup() 2023-10-23 08:48:57 +01:00
ip6_vti.c ip6_vti: fix slab-use-after-free in decode_session6 2023-07-11 11:06:08 +02:00
ip6mr.c net: ipv4, ipv6: fix IPSTATS_MIB_OUTOCTETS increment duplicated 2023-08-30 09:44:09 +01:00
ipcomp6.c xfrm: ipcomp: add extack to ipcomp{4,6}_init_state 2022-09-29 07:18:00 +02:00
ipv6_sockglue.c ipv6: lockless IPV6_ADDR_PREFERENCES implementation 2023-09-19 18:21:44 +02:00
Kconfig ipv6: fix indentation of a config attribute 2023-08-16 10:03:08 +01:00
Makefile net/tcp: Introduce TCP_AO setsockopt()s 2023-10-27 10:35:44 +01:00
mcast_snoop.c
mcast.c net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. 2023-10-20 12:01:00 +01:00
mip6.c xfrm: mip6: add extack to mip6_destopt_init_state, mip6_rthdr_init_state 2022-09-29 07:18:01 +02:00
ndisc.c net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. 2023-10-20 12:01:00 +01:00
netfilter.c netfilter: Use l3mdev flow key when re-routing mangled packets 2022-05-16 13:03:29 +02:00
output_core.c treewide: use get_random_u32_{above,below}() instead of manual loop 2022-11-18 02:15:22 +01:00
ping.c bpf: Propagate modified uaddrlen from cgroup sockaddr programs 2023-10-11 15:03:40 -07:00
proc.c net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. 2023-10-20 12:01:00 +01:00
protocol.c
raw.c net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. 2023-10-20 12:01:00 +01:00
reassembly.c networking: Update to register_net_sysctl_sz 2023-08-15 15:26:18 -07:00
route.c ipv6: lockless IPV6_ADDR_PREFERENCES implementation 2023-09-19 18:21:44 +02:00
rpl_iptunnel.c ipv6: rpl: Remove redundant skb_dst_drop(). 2023-07-12 17:12:29 -07:00
rpl.c ipv6: rpl: Remove pskb(_may)?_pull() in ipv6_rpl_srh_rcv(). 2023-06-19 11:32:58 -07:00
seg6_hmac.c net: ipv6: unexport __init-annotated seg6_hmac_net_init() 2022-06-28 21:23:30 -07:00
seg6_iptunnel.c seg6: Cleanup duplicates of skb_dst_drop calls 2023-05-17 09:05:47 +01:00
seg6_local.c seg6: add NEXT-C-SID support for SRv6 End.X behavior 2023-08-15 18:51:47 -07:00
seg6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-09-08 18:38:30 +02:00
sit.c sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() 2023-04-28 09:48:14 +01:00
syncookies.c tcp: Fix data-races around sysctl_tcp_syncookies. 2022-07-18 12:21:54 +01:00
sysctl_net_ipv6.c networking: Update to register_net_sysctl_sz 2023-08-15 15:26:18 -07:00
tcp_ao.c net/tcp: Introduce TCP_AO setsockopt()s 2023-10-27 10:35:44 +01:00
tcp_ipv6.c net/tcp: Introduce TCP_AO setsockopt()s 2023-10-27 10:35:44 +01:00
tcpv6_offload.c net: Make gro complete function to return void 2023-05-31 09:50:17 +01:00
tunnel6.c
udp_impl.h tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 2022-10-12 17:50:37 -07:00
udp_offload.c net: gro: fix misuse of CB in udp socket lookup 2023-07-29 17:10:27 +01:00
udp.c bpf: Propagate modified uaddrlen from cgroup sockaddr programs 2023-10-11 15:03:40 -07:00
udplite.c udplite: remove UDPLITE_BIT 2023-09-14 16:16:36 +02:00
xfrm6_input.c udp: annotate data-races around udp->encap_type 2023-09-14 16:16:36 +02:00
xfrm6_output.c ipv6: drop feature RTAX_FEATURE_ALLFRAG 2023-10-25 18:04:29 -07:00
xfrm6_policy.c ipsec-2023-10-17 2023-10-17 18:21:13 -07:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c xfrm: tunnel: add extack to ipip_init_state, xfrm6_tunnel_init_state 2022-09-29 07:18:00 +02:00