Re: [PATCH 23/31] net/tcp: Add getsockopt(TCP_AO_GET)

From: Leonard Crestez
Date: Tue Aug 23 2022 - 12:37:39 EST

Next message: Oliver Upton: "Re: [PATCH v1 1/5] KVM: arm64: Enable ring-based dirty memory tracking"
Previous message: wangjianli: "[PATCH] usb/tm6000: fix repeated words in comments"
In reply to: Dmitry Safonov: "[PATCH 23/31] net/tcp: Add getsockopt(TCP_AO_GET)"
Next in thread: Dmitry Safonov: "[PATCH 21/31] net/tcp: Ignore specific ICMPs for TCP-AO connections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/18/22 19:59, Dmitry Safonov wrote:

Introduce getsockopt() that let user get TCP-AO keys and their
properties from a socket. A user can provide a filter to match
a specific key to be dumped or TCP_AO_GET_ALL flag may be used to dump
all keys in one syscall.

No equivalent for this exists for TCP_MD5SIG or my TCP_AUTHOPT series. I do however have a proc file to dump all keys in the system.

The list of keys is normally fully controlled by a single application so it shouldn't need to read back the keys that it wrote itself. The real reason this exists is because on the server side keys are copied on "synack" rather than "accept" and userspace can't know if a newly accepted socket has all the latest keychain updates.

This effectively dumps responsibility for a kernel implementation race onto userspace. At least you should mention how it's meant to be used in the commit message, and that it's not really optional.

I think making keys global is easier for userspace to use, despite the difference versus TCP_MD5.

--
Regards,
Leonard

Next message: Oliver Upton: "Re: [PATCH v1 1/5] KVM: arm64: Enable ring-based dirty memory tracking"
Previous message: wangjianli: "[PATCH] usb/tm6000: fix repeated words in comments"
In reply to: Dmitry Safonov: "[PATCH 23/31] net/tcp: Add getsockopt(TCP_AO_GET)"
Next in thread: Dmitry Safonov: "[PATCH 21/31] net/tcp: Ignore specific ICMPs for TCP-AO connections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]