diff options
| author | Dmitry Safonov <[email protected]> | 2023-10-23 19:22:03 +0000 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2023-10-27 09:35:45 +0000 |
| commit | 9427c6aa3ec92f66b3d38f5d5f7af6b94b648a66 (patch) | |
| tree | 8be6f14d20cbef124e5b570e4a78bc9a0c9ba8fd /net/ipv6/tcp_ao.c | |
| parent | net/tcp: Wire TCP-AO to request sockets (diff) | |
| download | kernel-9427c6aa3ec92f66b3d38f5d5f7af6b94b648a66.tar.gz kernel-9427c6aa3ec92f66b3d38f5d5f7af6b94b648a66.zip | |
net/tcp: Sign SYN-ACK segments with TCP-AO
Similarly to RST segments, wire SYN-ACKs to TCP-AO.
tcp_rsk_used_ao() is handy here to check if the request socket used AO
and needs a signature on the outgoing segments.
Co-developed-by: Francesco Ruggeri <[email protected]>
Signed-off-by: Francesco Ruggeri <[email protected]>
Co-developed-by: Salam Noureddine <[email protected]>
Signed-off-by: Salam Noureddine <[email protected]>
Signed-off-by: Dmitry Safonov <[email protected]>
Acked-by: David Ahern <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'net/ipv6/tcp_ao.c')
| -rw-r--r-- | net/ipv6/tcp_ao.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/net/ipv6/tcp_ao.c b/net/ipv6/tcp_ao.c index c9a6fa84f6ce..99753e12c08c 100644 --- a/net/ipv6/tcp_ao.c +++ b/net/ipv6/tcp_ao.c @@ -144,3 +144,25 @@ int tcp_v6_parse_ao(struct sock *sk, int cmd, { return tcp_parse_ao(sk, cmd, AF_INET6, optval, optlen); } + +int tcp_v6_ao_synack_hash(char *ao_hash, struct tcp_ao_key *ao_key, + struct request_sock *req, const struct sk_buff *skb, + int hash_offset, u32 sne) +{ + void *hash_buf = NULL; + int err; + + hash_buf = kmalloc(tcp_ao_digest_size(ao_key), GFP_ATOMIC); + if (!hash_buf) + return -ENOMEM; + + err = tcp_v6_ao_calc_key_rsk(ao_key, hash_buf, req); + if (err) + goto out; + + err = tcp_ao_hash_skb(AF_INET6, ao_hash, ao_key, req_to_sk(req), skb, + hash_buf, hash_offset, sne); +out: + kfree(hash_buf); + return err; +} |