diff options
| author | Dmitry Safonov <[email protected]> | 2023-10-23 19:22:04 +0000 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2023-10-27 09:35:45 +0000 |
| commit | 0a3a809089eb1d4a0a2fd0c16b520d603988c859 (patch) | |
| tree | b584ef3c79e149b5f9986ed02258d29a48569df8 /net/ipv4/proc.c | |
| parent | net/tcp: Sign SYN-ACK segments with TCP-AO (diff) | |
| download | kernel-0a3a809089eb1d4a0a2fd0c16b520d603988c859.tar.gz kernel-0a3a809089eb1d4a0a2fd0c16b520d603988c859.zip | |
net/tcp: Verify inbound TCP-AO signed segments
Now there is a common function to verify signature on TCP segments:
tcp_inbound_hash(). It has checks for all possible cross-interactions
with MD5 signs as well as with unsigned segments.
The rules from RFC5925 are:
(1) Any TCP segment can have at max only one signature.
(2) TCP connections can't switch between using TCP-MD5 and TCP-AO.
(3) TCP-AO connections can't stop using AO, as well as unsigned
connections can't suddenly start using AO.
Co-developed-by: Francesco Ruggeri <[email protected]>
Signed-off-by: Francesco Ruggeri <[email protected]>
Co-developed-by: Salam Noureddine <[email protected]>
Signed-off-by: Salam Noureddine <[email protected]>
Signed-off-by: Dmitry Safonov <[email protected]>
Acked-by: David Ahern <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'net/ipv4/proc.c')
0 files changed, 0 insertions, 0 deletions