summaryrefslogtreecommitdiff
path: root/include/linux/tcp.h
diff options
context:
space:
mode:
authorDmitry Safonov <dima@arista.com>2023-10-23 22:22:02 +0300
committerDavid S. Miller <davem@davemloft.net>2023-10-27 12:35:45 +0300
commit06b22ef29591f625ef877ae00d82192938e29e60 (patch)
tree25d7b31da15d3d4a13efb265eb99aac8aa125917 /include/linux/tcp.h
parentdecde2586b34b99684faff1eab41e5c496c27fb6 (diff)
downloadlinux-06b22ef29591f625ef877ae00d82192938e29e60.tar.xz
net/tcp: Wire TCP-AO to request sockets
Now when the new request socket is created from the listening socket, it's recorded what MKT was used by the peer. tcp_rsk_used_ao() is a new helper for checking if TCP-AO option was used to create the request socket. tcp_ao_copy_all_matching() will copy all keys that match the peer on the request socket, as well as preparing them for the usage (creating traffic keys). Co-developed-by: Francesco Ruggeri <fruggeri@arista.com> Signed-off-by: Francesco Ruggeri <fruggeri@arista.com> Co-developed-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Dmitry Safonov <dima@arista.com> Acked-by: David Ahern <dsahern@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux/tcp.h')
-rw-r--r--include/linux/tcp.h18
1 files changed, 18 insertions, 0 deletions
diff --git a/include/linux/tcp.h b/include/linux/tcp.h
index eec6e7e5312e..ec4e9367f5b0 100644
--- a/include/linux/tcp.h
+++ b/include/linux/tcp.h
@@ -166,6 +166,11 @@ struct tcp_request_sock {
* after data-in-SYN.
*/
u8 syn_tos;
+#ifdef CONFIG_TCP_AO
+ u8 ao_keyid;
+ u8 ao_rcv_next;
+ u8 maclen;
+#endif
};
static inline struct tcp_request_sock *tcp_rsk(const struct request_sock *req)
@@ -173,6 +178,19 @@ static inline struct tcp_request_sock *tcp_rsk(const struct request_sock *req)
return (struct tcp_request_sock *)req;
}
+static inline bool tcp_rsk_used_ao(const struct request_sock *req)
+{
+ /* The real length of MAC is saved in the request socket,
+ * signing anything with zero-length makes no sense, so here is
+ * a little hack..
+ */
+#ifndef CONFIG_TCP_AO
+ return false;
+#else
+ return tcp_rsk(req)->maclen != 0;
+#endif
+}
+
#define TCP_RMEM_TO_WIN_SCALE 8
struct tcp_sock {