* [MPTCP] Re: [PATCH 1/4] mptcp: disable mptcp when md5sig is set on socket
@ 2019-11-11 17:09 Paolo Abeni
0 siblings, 0 replies; 3+ messages in thread
From: Paolo Abeni @ 2019-11-11 17:09 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 647 bytes --]
On Mon, 2019-11-11 at 17:58 +0100, Florian Westphal wrote:
> Paolo Abeni <pabeni(a)redhat.com> wrote:
> > As per last public mtg discussion, md5sig will cause TCP option space
> > exaustion. Without md5sig we can't exhaust the TCP option space.
>
> How can you enable MD5SIG on an mptcp socket? I don't think its
> possible, as we don't expose the subflow tcp sockets to userspace and
> we don't allow setsockotps anymore.
I think you can via:
socket(MPTCP)
setsockopt()
connect() // or listen/accept()
AFAICS we still allow setsockopt on the fallback socket and US can
create the MPTCP connection later.
Cheers,
Paolo
^ permalink raw reply [flat|nested] 3+ messages in thread
* [MPTCP] Re: [PATCH 1/4] mptcp: disable mptcp when md5sig is set on socket
@ 2019-11-11 17:06 Paolo Abeni
0 siblings, 0 replies; 3+ messages in thread
From: Paolo Abeni @ 2019-11-11 17:06 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 1204 bytes --]
On Mon, 2019-11-11 at 17:53 +0100, Paolo Abeni wrote:
> As per last public mtg discussion, md5sig will cause TCP option space
> exaustion. Without md5sig we can't exhaust the TCP option space.
>
> This series explcitly disable MPTCP when md5sig is set, and cleanup
> later option len checks with the assumption that TCP option space exhaustion
> is not expected - add a single WARN_ON() for that.
>
> Paolo Abeni (1):
> mptcp: move mp_capable initialization at subflow_init_req() start
> mptcp: disable on req sk if MD5SIG is enabled
> mptcp: warn once if exceeding tcp opt space for dss/mp_capable
> mptcp: remove unneeded check in mptcp_established_options_mp()
>
> net/mptcp/subflow.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Addenda:
- I dumbly edited this series manually and ended-up with the wrong
prefix on this cover letter [PATCH 1/4] instead of [PATCH 0/4], I'm
sorry.
- the selftests run successful on a build from the patched git
tree@"mptcp: add basic kselftest for mptcp".
- I'm wondering about adding an explicit self-test vs md5sig - easier
way would be checking the MIB counters after the transfer completes
successfully.
/P
^ permalink raw reply [flat|nested] 3+ messages in thread
* [MPTCP] Re: [PATCH 1/4] mptcp: disable mptcp when md5sig is set on socket
@ 2019-11-11 16:58 Florian Westphal
0 siblings, 0 replies; 3+ messages in thread
From: Florian Westphal @ 2019-11-11 16:58 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 358 bytes --]
Paolo Abeni <pabeni(a)redhat.com> wrote:
> As per last public mtg discussion, md5sig will cause TCP option space
> exaustion. Without md5sig we can't exhaust the TCP option space.
How can you enable MD5SIG on an mptcp socket? I don't think its
possible, as we don't expose the subflow tcp sockets to userspace and
we don't allow setsockotps anymore.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-11 17:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-11 17:09 [MPTCP] Re: [PATCH 1/4] mptcp: disable mptcp when md5sig is set on socket Paolo Abeni
-- strict thread matches above, loose matches on Subject: below --
2019-11-11 17:06 Paolo Abeni
2019-11-11 16:58 Florian Westphal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.