From: Florian Westphal <fw at strlen.de>
To: mptcp at lists.01.org
Subject: [MPTCP] [RFC v2 03/10] mptcp: token: rename token_join_response
Date: Thu, 29 Aug 2019 11:06:52 +0200 [thread overview]
Message-ID: <20190829090659.766-4-fw@strlen.de> (raw)
In-Reply-To: 20190829090659.766-1-fw@strlen.de
[-- Attachment #1: Type: text/plain, Size: 4553 bytes --]
This function validates the truncated hmac and computes a hmac for use
in the ack packet. Rename it, place it where its used, and do the
hmac computation in the caller.
This also adds a pr_fmt specifier, so the included pr_debug will
auto-gain 'MPTCP' prefix.
v2: change name and place hmac calculation in the caller (Peter)
add pr_fmt too
squash two pr_debug() into one.
Signed-off-by: Florian Westphal <fw(a)strlen.de>
---
net/mptcp/protocol.h | 1 -
net/mptcp/subflow.c | 34 ++++++++++++++++++++++++++++++----
net/mptcp/token.c | 31 -------------------------------
3 files changed, 30 insertions(+), 36 deletions(-)
diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index 1655283dbd6a..89bd68f85856 100644
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -227,7 +227,6 @@ void mptcp_finish_join(struct sock *sk);
void token_new_request(struct request_sock *req, const struct sk_buff *skb);
int token_join_request(struct request_sock *req, const struct sk_buff *skb);
-int token_join_response(struct sock *sk);
int token_join_valid(struct request_sock *req,
struct tcp_options_received *rx_opt);
void token_destroy_request(u32 token);
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index fc507e091cf5..8a8109466487 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -4,6 +4,8 @@
* Copyright (c) 2017 - 2019, Intel Corporation.
*/
+#define pr_fmt(fmt) "MPTCP: " fmt
+
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netdevice.h>
@@ -96,6 +98,25 @@ static void subflow_v4_init_req(struct request_sock *req,
}
}
+/* validate received truncated hmac and create hmac for third ACK */
+static bool subflow_thmac_valid(struct subflow_context *subflow)
+{
+ u8 hmac[MPTCPOPT_HMAC_LEN];
+ u64 thmac;
+
+ crypto_hmac_sha1(subflow->remote_key, subflow->local_key,
+ subflow->remote_nonce, subflow->local_nonce,
+ (u32 *)hmac);
+
+ thmac = get_unaligned_be64(hmac);
+ pr_debug("subflow=%p, token=%u, thmac=%llu, subflow->thmac=%llu\n",
+ subflow, subflow->token,
+ (unsigned long long)thmac,
+ (unsigned long long)subflow->thmac);
+
+ return thmac == subflow->thmac;
+}
+
static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb)
{
struct subflow_context *subflow = subflow_ctx(sk);
@@ -119,13 +140,18 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb)
pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u",
subflow_ctx(sk), subflow->thmac,
subflow->remote_nonce);
- if (token_join_response(sk)) {
+ if (!subflow_thmac_valid(subflow)) {
subflow->mp_join = 0;
// @@ need to trigger RST
- } else {
- mptcp_finish_join(sk);
- subflow->conn_finished = 1;
+ return;
}
+
+ crypto_hmac_sha1(subflow->local_key, subflow->remote_key,
+ subflow->local_nonce, subflow->remote_nonce,
+ (u32 *)subflow->hmac);
+
+ mptcp_finish_join(sk);
+ subflow->conn_finished = 1;
}
}
diff --git a/net/mptcp/token.c b/net/mptcp/token.c
index b63ce35c9ed3..3163832d8ebf 100644
--- a/net/mptcp/token.c
+++ b/net/mptcp/token.c
@@ -93,28 +93,6 @@ static void new_req_join(struct request_sock *req, struct sock *sk,
subflow_req->thmac);
}
-static int new_rsp_join(struct sock *sk)
-{
- struct subflow_context *subflow = subflow_ctx(sk);
- u8 hmac[MPTCPOPT_HMAC_LEN];
- u64 thmac;
-
- crypto_hmac_sha1(subflow->remote_key, subflow->local_key,
- subflow->remote_nonce, subflow->local_nonce,
- (u32 *)hmac);
-
- thmac = get_unaligned_be64(hmac);
- pr_debug("thmac=%llu", thmac);
- if (thmac != subflow->thmac)
- return -1;
-
- crypto_hmac_sha1(subflow->local_key, subflow->remote_key,
- subflow->local_nonce, subflow->remote_nonce,
- (u32 *)subflow->hmac);
-
- return 0;
-}
-
static int new_join_valid(struct request_sock *req, struct sock *sk,
struct tcp_options_received *rx_opt)
{
@@ -239,15 +217,6 @@ int token_join_request(struct request_sock *req, const struct sk_buff *skb)
return 0;
}
-/* validate received truncated hmac and create hmac for third ACK */
-int token_join_response(struct sock *sk)
-{
- struct subflow_context *subflow = subflow_ctx(sk);
-
- pr_debug("subflow=%p, token=%u", subflow, subflow->token);
- return new_rsp_join(sk);
-}
-
/* validate hmac received in third ACK */
int token_join_valid(struct request_sock *req,
struct tcp_options_received *rx_opt)
--
2.21.0
next reply other threads:[~2019-08-29 9:06 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-29 9:06 Florian Westphal [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-08-29 10:11 [MPTCP] [RFC v2 03/10] mptcp: token: rename token_join_response Matthieu Baerts
2019-08-29 10:19 Florian Westphal
2019-08-29 10:25 Matthieu Baerts
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190829090659.766-4-fw@strlen.de \
--to=unknown@example.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.