From: Ivan Delalande <colona@arista.com>
To: David Miller <davem@davemloft.net>
Cc: eric.dumazet@gmail.com, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 2/2] tcp: md5: extend the tcp_md5sig struct to specify a key address prefix
Date: Tue, 13 Jun 2017 00:49:12 +0200 [thread overview]
Message-ID: <20170612224912.GE17030@ycc.fr> (raw)
In-Reply-To: <20170610.185811.1771245027556677313.davem@davemloft.net>
On Sat, Jun 10, 2017 at 06:58:11PM -0400, David Miller wrote:
> From: Ivan Delalande <colona@arista.com>
> Date: Fri, 9 Jun 2017 19:14:49 -0700
>
> > Add a flag field and address prefix length at the end of the tcp_md5sig
> > structure so users can configure an address prefix length along with a
> > key. Make sure shorter option values are still accepted in
> > tcp_v4_parse_md5_keys and tcp_v6_parse_md5_keys to maintain backward
> > compatibility.
> >
> > Signed-off-by: Bob Gilligan <gilligan@arista.com>
> > Signed-off-by: Eric Mowat <mowat@arista.com>
> > Signed-off-by: Ivan Delalande <colona@arista.com>
>
> As I believe was previously stated, the problem with this approach is
> that if a new tool requests the prefix length and is run on an older
> kernel, the kernel will return success even though the prefix length
> was not taken into account.
>
> We do not want to get a success back when the operation requested was
> not performed.
Ah yeah that's right, sorry, definitely not great.
So I guess our only other option is to add a new socket option, like
TCP_MD5SIG_EXT which would use the extended version of struct tcp_md5sig
from this patch. Is it justified for this feature, or do you see any
other way to achieve this?
Thanks,
--
Ivan Delalande
Arista Networks
next prev parent reply other threads:[~2017-06-12 22:49 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-07 0:54 [PATCH 1/2] tcp: md5: add an address prefix for key lookup Ivan Delalande
2017-06-07 0:54 ` [PATCH 2/2] tcp: md5: add fields to the tcp_md5sig struct to set a key address prefix Ivan Delalande
2017-06-07 4:08 ` Eric Dumazet
2017-06-07 6:13 ` Ivan Delalande
2017-06-07 12:51 ` Eric Dumazet
2017-06-10 2:14 ` [PATCH v2 1/2] tcp: md5: add an address prefix for key lookup Ivan Delalande
2017-06-10 2:14 ` [PATCH v2 2/2] tcp: md5: extend the tcp_md5sig struct to specify a key address prefix Ivan Delalande
2017-06-10 22:58 ` David Miller
2017-06-12 22:49 ` Ivan Delalande [this message]
2017-06-12 1:20 ` [PATCH v2 1/2] tcp: md5: add an address prefix for key lookup kbuild test robot
2017-06-16 1:07 ` [PATCH v3 " Ivan Delalande
2017-06-16 1:07 ` [PATCH v3 2/2] tcp: md5: add TCP_MD5SIG_EXT socket option to set a key address prefix Ivan Delalande
2017-06-19 17:52 ` David Miller
2017-06-19 17:51 ` [PATCH v3 1/2] tcp: md5: add an address prefix for key lookup David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170612224912.GE17030@ycc.fr \
--to=colona@arista.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.