linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Leonard Crestez <cdleonard@gmail.com>
To: Jakub Kicinski <kuba@kernel.org>
Cc: Dmitry Safonov <0x7f454c46@gmail.com>,
	David Ahern <dsahern@kernel.org>, Shuah Khan <shuah@kernel.org>,
	Eric Dumazet <edumazet@google.com>,
	"David S. Miller" <davem@davemloft.net>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Kuniyuki Iwashima <kuniyu@amazon.co.jp>,
	Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
	Yuchung Cheng <ycheng@google.com>,
	Francesco Ruggeri <fruggeri@arista.com>,
	Mat Martineau <mathew.j.martineau@linux.intel.com>,
	Christoph Paasch <cpaasch@apple.com>,
	Ivan Delalande <colona@arista.com>,
	Priyaranjan Jha <priyarjha@google.com>,
	Menglong Dong <dong.menglong@zte.com.cn>,
	netdev@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 00/19] tcp: Initial support for RFC5925 auth option
Date: Thu, 23 Sep 2021 10:49:53 +0300	[thread overview]
Message-ID: <f84a32c9-ee7e-6e72-ccb2-69ac0210dc34@gmail.com> (raw)
In-Reply-To: <20210921161327.10b29c88@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>

On 9/22/21 2:13 AM, Jakub Kicinski wrote:
> On Tue, 21 Sep 2021 19:14:43 +0300 Leonard Crestez wrote:
>> This is similar to TCP MD5 in functionality but it's sufficiently
>> different that wire formats are incompatible. Compared to TCP-MD5 more
>> algorithms are supported and multiple keys can be used on the same
>> connection but there is still no negotiation mechanism.
> 
> Hopefully there will be some feedback / discussion, but even if
> everyone acks this you'll need to fix all the transient build
> failures, and kdoc warnings added - and repost.
> git rebase --exec='make' and scripts/kernel-doc are your allies.

Hello,

I already went through several round of testing with git rebase 
--exec='$test' but it seems I introduced a few new failures after 
several rounds of squashing fixes. I'll need to check kernel-doc 
comments for source files not referenced in documenation.

Many of the patch splits were artificially created in order to ease 
review, for example "signing packets" doesn't do anything without also 
"hooking in the tcp stack". Some static functions will trigger warnings 
because they're unused until the next patch, not clear what the 
preferred solution would be here. I could remove the "static" marker 
until the next patch or reverse the order and have the initial "tcp 
integration" patches call crypto code that just returns an error and 
fills-in a signature of zeros.

A large amount of the code is just selftests and much of it is not 
completely specific to TCP-AO. Maybe I could try to repost the parts 
that verify handling of timewait corners and resets in a variant that 
only handles "md5" and "unsigned"?

I already tried posting my scapy implementation of TCP-AO and MD5 to 
scapy upstream because it is not specific to linux .

--
Regards,
Leonard

  reply	other threads:[~2021-09-23  7:50 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-21 16:14 [PATCH 00/19] tcp: Initial support for RFC5925 auth option Leonard Crestez
2021-09-21 16:14 ` [PATCH 01/19] tcp: authopt: Initial support and key management Leonard Crestez
2021-09-21 16:14 ` [PATCH 02/19] docs: Add user documentation for tcp_authopt Leonard Crestez
2021-09-21 16:14 ` [PATCH 03/19] selftests: Initial tcp_authopt test module Leonard Crestez
2021-09-21 16:14 ` [PATCH 04/19] selftests: tcp_authopt: Initial sockopt manipulation Leonard Crestez
2021-09-21 16:14 ` [PATCH 05/19] tcp: authopt: Add crypto initialization Leonard Crestez
2021-09-21 16:14 ` [PATCH 06/19] tcp: authopt: Compute packet signatures Leonard Crestez
2021-09-21 16:14 ` [PATCH 07/19] tcp: authopt: Hook into tcp core Leonard Crestez
2021-09-21 16:14 ` [PATCH 08/19] tcp: authopt: Disable via sysctl by default Leonard Crestez
2021-09-25  1:57   ` David Ahern
2021-09-25 14:14     ` Leonard Crestez
2021-09-21 16:14 ` [PATCH 09/19] selftests: tcp_authopt: Test key address binding Leonard Crestez
2021-09-21 16:14 ` [PATCH 10/19] tcp: ipv6: Add AO signing for tcp_v6_send_response Leonard Crestez
2021-09-21 16:14 ` [PATCH 11/19] tcp: authopt: Add support for signing skb-less replies Leonard Crestez
2021-09-21 16:14 ` [PATCH 12/19] tcp: ipv4: Add AO signing for " Leonard Crestez
2021-09-21 16:14 ` [PATCH 13/19] selftests: tcp_authopt: Add scapy-based packet signing code Leonard Crestez
2021-09-21 16:14 ` [PATCH 14/19] selftests: tcp_authopt: Add packet-level tests Leonard Crestez
2021-09-21 16:14 ` [PATCH 15/19] selftests: Initial tcp_authopt support for nettest Leonard Crestez
2021-09-21 16:14 ` [PATCH 16/19] selftests: Initial tcp_authopt support for fcnal-test Leonard Crestez
2021-09-21 16:15 ` [PATCH 17/19] selftests: Add -t tcp_authopt option for fcnal-test.sh Leonard Crestez
2021-09-25  1:52   ` David Ahern
2021-09-25 14:38     ` Leonard Crestez
2021-09-21 16:15 ` [PATCH 18/19] tcp: authopt: Add key selection controls Leonard Crestez
2021-09-21 16:15 ` [PATCH 19/19] selftests: tcp_authopt: Add tests for rollover Leonard Crestez
2021-09-21 23:13 ` [PATCH 00/19] tcp: Initial support for RFC5925 auth option Jakub Kicinski
2021-09-23  7:49   ` Leonard Crestez [this message]
2021-09-23 13:58     ` Jakub Kicinski
2021-09-25 14:25       ` Leonard Crestez
2021-09-22 20:23 ` Francesco Ruggeri
2021-09-23  7:38   ` Leonard Crestez
2021-09-25  1:35     ` David Ahern
2021-09-25 14:21       ` Leonard Crestez

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f84a32c9-ee7e-6e72-ccb2-69ac0210dc34@gmail.com \
    --to=cdleonard@gmail.com \
    --cc=0x7f454c46@gmail.com \
    --cc=colona@arista.com \
    --cc=cpaasch@apple.com \
    --cc=davem@davemloft.net \
    --cc=dong.menglong@zte.com.cn \
    --cc=dsahern@kernel.org \
    --cc=edumazet@google.com \
    --cc=fruggeri@arista.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=kuba@kernel.org \
    --cc=kuniyu@amazon.co.jp \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=mathew.j.martineau@linux.intel.com \
    --cc=netdev@vger.kernel.org \
    --cc=priyarjha@google.com \
    --cc=shuah@kernel.org \
    --cc=ycheng@google.com \
    --cc=yoshfuji@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).