From patchwork Mon Dec 18 21:51:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Paasch X-Patchwork-Id: 850427 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=apple.com header.i=@apple.com header.b="HuUeGsfY"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3z0vrj2GLXz9s7v for ; Tue, 19 Dec 2017 08:52:05 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965152AbdLRVwD (ORCPT ); Mon, 18 Dec 2017 16:52:03 -0500 Received: from mail-out6.apple.com ([17.151.62.28]:48858 "EHLO mail-in6.apple.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S935637AbdLRVvl (ORCPT ); Mon, 18 Dec 2017 16:51:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1513633896; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-Version:Content-Type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Z2Fzn5XQS0F6e9tEJOTZv7i7JOuqxNiGw8KU7+Moj6A=; b=HuUeGsfYHhg4u75ntyPNeBPr5MjdUgNHg4LBo3alxMRPJ2oLSzoTHOnDXj0fSw2Z eOZ23S+nn7fdoxUPgWttrQ+bbNLhGRtj0TEJ+K482c/KtkpOntz1RVUjVPoqelkh 1e595wWRH2pAIXRJL8VT5q6aIVS+7guUsDyTWQK23xR7RRvPykc79flUBSjqXrlp uw+SoaLde8An1c1ax9qAGMsPMDJUk7TAK6zi8msL2nrlWeWZaeO4UoiErul9Nyxb 9P63z1aagqjv0Ej7OGh9vBNNmTTW7qbY6oDdBosQU+ra4j57gx7+oBRXinFuYv1A FUqEteoYdDhQvr+Jkcl+2g==; Received: from relay6.apple.com (relay6.apple.com [17.128.113.90]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail-in6.apple.com (Apple Secure Mail Relay) with SMTP id 4C.23.20985.868383A5; Mon, 18 Dec 2017 13:51:36 -0800 (PST) X-AuditID: 11973e15-7125b9c0000051f9-43-5a383868524a Received: from nwk-mmpp-sz13.apple.com (nwk-mmpp-sz13.apple.com [17.128.115.216]) by relay6.apple.com (Apple SCV relay) with SMTP id 59.13.05652.868383A5; Mon, 18 Dec 2017 13:51:36 -0800 (PST) Content-transfer-encoding: 7BIT Received: from localhost ([17.226.23.135]) by nwk-mmpp-sz13.apple.com (Oracle Communications Messaging Server 8.0.2.1.20171204 64bit (built Dec 4 2017)) with ESMTPSA id <0P1600LCBFE0YT00@nwk-mmpp-sz13.apple.com>; Mon, 18 Dec 2017 13:51:36 -0800 (PST) From: Christoph Paasch To: netdev@vger.kernel.org Cc: Eric Dumazet , Mat Martineau , Alexei Starovoitov Subject: [RFC 08/14] tcp_md5: Detect key inside tcp_v4_send_ack instead of passing it as an argument Date: Mon, 18 Dec 2017 13:51:03 -0800 Message-id: <20171218215109.38700-9-cpaasch@apple.com> X-Mailer: git-send-email 2.15.0 In-reply-to: <20171218215109.38700-1-cpaasch@apple.com> References: <20171218215109.38700-1-cpaasch@apple.com> X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprNLMWRmVeSWpSXmKPExsUi2FAYpZthYRFlcPa+mMWXn7fZLZ4ee8Ru 8beln8Xi2AIxBxaPBZtKPTat6mTzmHcy0OPzJrkAligum5TUnMyy1CJ9uwSujI/PTrEVnBGq 2PPsP1sD4ze+LkZODgkBE4mL+3tZuhi5OIQEVjNJnF3wlwkmseb5N1aIxCFGiROz/gAlODiY BeQlDp6XhYg3Mkk03TgO1iAsICnRfecOM4jNJqAl8fZ2OyuILSIgJfFxx3Z2EJtZoJlRYucc EYj6NIl5K5+xgdgsAqoSmw88BavnFTCT2L1uMTPEEfISi7/vBKvhFDCX6Pn6CGyOEFDN+Z8v mUCOkBA4wSaxc9dplgmMgrMQ7lvAyLiKUSg3MTNHNzPPTC+xoCAnVS85P3cTIyg0p9uJ7mA8 s8rqEKMAB6MSD++Mq+ZRQqyJZcWVuYcYpTlYlMR5L1abRAkJpCeWpGanphakFsUXleakFh9i ZOLglGpgFLK0WdDF7rf5c+qX0u6C7ArWF6qOnzISb0zkFZ/26Z7EVaZw5i0l//g2vFlc+kzu u3uLUkLQTG614gV+inKMy+6ZbV5hV/pf6NTU+0n5K8uSdrWlRHecTArJatb69/ltRDSL2imF LQdZlNadNst/apB0XnfTRKlsG78PNS9uZ5yZ7Lroz94wJZbijERDLeai4kQAk4TQdC4CAAA= X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrGLMWRmVeSWpSXmKPExsUi2FB8QzfDwiLK4OVbYYsvP2+zWzw99ojd 4m9LP4vFsQViDiweCzaVemxa1cnmMe9koMfnTXIBLFGGNmn5ReWJRSkKRckFJbZKxRmJKfnl 8ZbGRqYOiQUFOal6yfm5Svp2NimpOZllqUX6dgmGGR+fnWIrOCNUsefZf7YGxm98XYycHBIC JhJrnn9j7WLk4hASOMQocWLWH6YuRg4OZgF5iYPnZSHijUwSTTeOM4E0CAtISnTfucMMYrMJ aEm8vd3OCmKLCEhJfNyxnR3EZhZoZpTYOUcEoj5NYt7KZ2wgNouAqsTmA0/B6nkFzCR2r1vM DHGEvMTi7zvBajgFzCV6vj4CmyMEVHP+50umCYx8sxBOWsDIuIpRoCg1J7HSTA/u2U2M4MAs jNrB2LDc6hCjAAejEg/vjKvmUUKsiWXFlblAv3EwK4nw+p0FCvGmJFZWpRblxxeV5qQWH2L0 AbptIrOUaHI+MGrySuINjS2MLU0sDAxMLM1McAgrifO6rwKaJZCeWJKanZpakFoEM46Jg1Oq gdF87flXBf+UMizTHPMybN/V+m+8OWuhtClfsdIc4yuKR54uunKgr1qu79zlr8K+Sa8d7YJS F+zV3LLEvOLEHIvaSy/3OCywWzzr8hzJKV/WNN807D5y7DJnyaXNDveqas7lnzb5FZGWdluO LXRFwsvz4p3cm43ezHkdG3W+6tS3m/KmF/fZBjxTYgEmC0Mt5qLiRAATjeveeQIAAA== Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This will simplify to consolidate the TCP_MD5-code into a single place. Signed-off-by: Christoph Paasch Reviewed-by: Mat Martineau --- net/ipv4/tcp_ipv4.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index dee296097b8f..397975203e14 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -764,7 +764,6 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb) static void tcp_v4_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 tsval, u32 tsecr, int oif, - struct tcp_md5sig_key *key, int reply_flags, u8 tos) { const struct tcphdr *th = tcp_hdr(skb); @@ -773,6 +772,9 @@ static void tcp_v4_send_ack(const struct sock *sk, __be32 opt[(MAX_TCP_OPTION_SPACE >> 2)]; } rep; struct hlist_head *extopt_list = NULL; +#ifdef CONFIG_TCP_MD5SIG + struct tcp_md5sig_key *key; +#endif struct net *net = sock_net(sk); struct ip_reply_arg arg; int offset = 0; @@ -803,6 +805,17 @@ static void tcp_v4_send_ack(const struct sock *sk, rep.th.ack = 1; rep.th.window = htons(win); +#ifdef CONFIG_TCP_MD5SIG + if (sk->sk_state == TCP_TIME_WAIT) { + key = tcp_twsk_md5_key(tcp_twsk(sk)); + } else if (sk->sk_state == TCP_NEW_SYN_RECV) { + key = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&ip_hdr(skb)->saddr, + AF_INET); + } else { + key = NULL; /* Should not happen */ + } +#endif + if (unlikely(extopt_list && !hlist_empty(extopt_list))) { unsigned int remaining; struct tcp_out_options opts; @@ -872,7 +885,6 @@ static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb) tcp_time_stamp_raw() + tcptw->tw_ts_offset, tcptw->tw_ts_recent, tw->tw_bound_dev_if, - tcp_twsk_md5_key(tcptw), tw->tw_transparent ? IP_REPLY_ARG_NOSRCCHECK : 0, tw->tw_tos ); @@ -900,8 +912,6 @@ static void tcp_v4_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, tcp_time_stamp_raw() + tcp_rsk(req)->ts_off, req->ts_recent, 0, - tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&ip_hdr(skb)->saddr, - AF_INET), inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0, ip_hdr(skb)->tos); }