From: Eric Dumazet <edumazet@google.com>
To: "David S . Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>
Cc: Simon Horman <horms@kernel.org>,
Neal Cardwell <ncardwell@google.com>,
Kuniyuki Iwashima <kuniyu@google.com>,
netdev@vger.kernel.org, eric.dumazet@gmail.com,
Eric Dumazet <edumazet@google.com>
Subject: [PATCH net-next] tcp: move tcp_do_parse_auth_options() to net/ipv4/tcp.c
Date: Tue, 3 Mar 2026 19:12:43 +0000 [thread overview]
Message-ID: <20260303191243.557245-1-edumazet@google.com> (raw)
tcp_do_parse_auth_options() fast path user is tcp_inbound_hash().
Move tcp_do_parse_auth_options() right before tcp_inbound_hash()
so that it can be (auto)inlined by the compiler.
As a bonus, stack canary is removed from tcp_inbound_hash().
Also use EXPORT_IPV6_MOD(tcp_do_parse_auth_options).
$ scripts/bloat-o-meter -t vmlinux.0 vmlinux
add/remove: 0/0 grow/shrink: 1/0 up/down: 131/0 (131)
Function old new delta
tcp_inbound_hash 565 696 +131
Total: Before=25223788, After=25223919, chg +0.00%
Signed-off-by: Eric Dumazet <edumazet@google.com>
---
net/ipv4/tcp.c | 54 ++++++++++++++++++++++++++++++++++++++++++++
net/ipv4/tcp_input.c | 54 --------------------------------------------
2 files changed, 54 insertions(+), 54 deletions(-)
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 1790d2fa75ade77cda8d0a593e689ea4432734dd..5997e0fb7a45fe74b692009f7275bec7671b5341 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -4987,6 +4987,60 @@ tcp_inbound_md5_hash(const struct sock *sk, const struct sk_buff *skb,
#endif
+#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
+/*
+ * Parse Signature options
+ */
+int tcp_do_parse_auth_options(const struct tcphdr *th,
+ const u8 **md5_hash, const u8 **ao_hash)
+{
+ int length = (th->doff << 2) - sizeof(*th);
+ const u8 *ptr = (const u8 *)(th + 1);
+ unsigned int minlen = TCPOLEN_MD5SIG;
+
+ if (IS_ENABLED(CONFIG_TCP_AO))
+ minlen = sizeof(struct tcp_ao_hdr) + 1;
+
+ *md5_hash = NULL;
+ *ao_hash = NULL;
+
+ /* If not enough data remaining, we can short cut */
+ while (length >= minlen) {
+ int opcode = *ptr++;
+ int opsize;
+
+ switch (opcode) {
+ case TCPOPT_EOL:
+ return 0;
+ case TCPOPT_NOP:
+ length--;
+ continue;
+ default:
+ opsize = *ptr++;
+ if (opsize < 2 || opsize > length)
+ return -EINVAL;
+ if (opcode == TCPOPT_MD5SIG) {
+ if (opsize != TCPOLEN_MD5SIG)
+ return -EINVAL;
+ if (unlikely(*md5_hash || *ao_hash))
+ return -EEXIST;
+ *md5_hash = ptr;
+ } else if (opcode == TCPOPT_AO) {
+ if (opsize <= sizeof(struct tcp_ao_hdr))
+ return -EINVAL;
+ if (unlikely(*md5_hash || *ao_hash))
+ return -EEXIST;
+ *ao_hash = ptr;
+ }
+ }
+ ptr += opsize - 2;
+ length -= opsize;
+ }
+ return 0;
+}
+EXPORT_IPV6_MOD(tcp_do_parse_auth_options);
+#endif
+
/* Called with rcu_read_lock() */
enum skb_drop_reason
tcp_inbound_hash(struct sock *sk, const struct request_sock *req,
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 9079bc963f818924831298fdf35a2ba7c317fd1d..c27d11c3470bc90f7694938ed22c50ca3d1e4409 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4714,60 +4714,6 @@ static bool tcp_fast_parse_options(const struct net *net,
return true;
}
-#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
-/*
- * Parse Signature options
- */
-int tcp_do_parse_auth_options(const struct tcphdr *th,
- const u8 **md5_hash, const u8 **ao_hash)
-{
- int length = (th->doff << 2) - sizeof(*th);
- const u8 *ptr = (const u8 *)(th + 1);
- unsigned int minlen = TCPOLEN_MD5SIG;
-
- if (IS_ENABLED(CONFIG_TCP_AO))
- minlen = sizeof(struct tcp_ao_hdr) + 1;
-
- *md5_hash = NULL;
- *ao_hash = NULL;
-
- /* If not enough data remaining, we can short cut */
- while (length >= minlen) {
- int opcode = *ptr++;
- int opsize;
-
- switch (opcode) {
- case TCPOPT_EOL:
- return 0;
- case TCPOPT_NOP:
- length--;
- continue;
- default:
- opsize = *ptr++;
- if (opsize < 2 || opsize > length)
- return -EINVAL;
- if (opcode == TCPOPT_MD5SIG) {
- if (opsize != TCPOLEN_MD5SIG)
- return -EINVAL;
- if (unlikely(*md5_hash || *ao_hash))
- return -EEXIST;
- *md5_hash = ptr;
- } else if (opcode == TCPOPT_AO) {
- if (opsize <= sizeof(struct tcp_ao_hdr))
- return -EINVAL;
- if (unlikely(*md5_hash || *ao_hash))
- return -EEXIST;
- *ao_hash = ptr;
- }
- }
- ptr += opsize - 2;
- length -= opsize;
- }
- return 0;
-}
-EXPORT_SYMBOL(tcp_do_parse_auth_options);
-#endif
-
/* Sorry, PAWS as specified is broken wrt. pure-ACKs -DaveM
*
* It is not fatal. If this ACK does _not_ change critical state (seqs, window)
--
2.53.0.473.g4a7958ca14-goog
next reply other threads:[~2026-03-03 19:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-03 19:12 Eric Dumazet [this message]
2026-03-04 8:00 ` [PATCH net-next] tcp: move tcp_do_parse_auth_options() to net/ipv4/tcp.c Kuniyuki Iwashima
2026-03-05 2:40 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260303191243.557245-1-edumazet@google.com \
--to=edumazet@google.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=kuniyu@google.com \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox