net/tcp: Verify inbound TCP-AO signed segments - kernel/linux.git

diff options

author	Dmitry Safonov <dima@arista.com>	2023-10-23 22:22:04 +0300
committer	David S. Miller <davem@davemloft.net>	2023-10-27 12:35:45 +0300
commit	0a3a809089eb1d4a0a2fd0c16b520d603988c859 (patch)
tree	b584ef3c79e149b5f9986ed02258d29a48569df8 /net/ipv4/proc.c
parent	9427c6aa3ec92f66b3d38f5d5f7af6b94b648a66 (diff)
download	linux-0a3a809089eb1d4a0a2fd0c16b520d603988c859.tar.xz

net/tcp: Verify inbound TCP-AO signed segments

Now there is a common function to verify signature on TCP segments: tcp_inbound_hash(). It has checks for all possible cross-interactions with MD5 signs as well as with unsigned segments. The rules from RFC5925 are: (1) Any TCP segment can have at max only one signature. (2) TCP connections can't switch between using TCP-MD5 and TCP-AO. (3) TCP-AO connections can't stop using AO, as well as unsigned connections can't suddenly start using AO. Co-developed-by: Francesco Ruggeri <fruggeri@arista.com> Signed-off-by: Francesco Ruggeri <fruggeri@arista.com> Co-developed-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Dmitry Safonov <dima@arista.com> Acked-by: David Ahern <dsahern@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'net/ipv4/proc.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: