From: Eric Biggers <ebiggers@kernel.org>
To: netdev@vger.kernel.org
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Eric Dumazet <edumazet@google.com>,
Neal Cardwell <ncardwell@google.com>,
Kuniyuki Iwashima <kuniyu@google.com>,
"David S . Miller" <davem@davemloft.net>,
David Ahern <dsahern@kernel.org>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>, Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Dmitry Safonov <0x7f454c46@gmail.com>,
Eric Biggers <ebiggers@kernel.org>
Subject: [RFC PATCH 4/8] net/tcp-ao: Return void from functions that can no longer fail
Date: Sat, 7 Mar 2026 14:43:37 -0800 [thread overview]
Message-ID: <20260307224341.5644-5-ebiggers@kernel.org> (raw)
In-Reply-To: <20260307224341.5644-1-ebiggers@kernel.org>
Since tcp-ao now uses the crypto library API instead of crypto_ahash,
and MACs and keys now have a statically-known maximum size, many tcp-ao
functions can no longer fail. Propagate this change up into the return
types of various functions.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
include/net/tcp.h | 8 +--
include/net/tcp_ao.h | 44 +++++++--------
net/ipv4/tcp_ao.c | 128 ++++++++++++++++++++++--------------------
net/ipv4/tcp_output.c | 10 +---
net/ipv6/tcp_ao.c | 65 ++++++++++-----------
5 files changed, 123 insertions(+), 132 deletions(-)
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 978eea2d5df04..18fb675d05bc4 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -2426,13 +2426,13 @@ struct tcp_sock_af_ops {
#ifdef CONFIG_TCP_AO
int (*ao_parse)(struct sock *sk, int optname, sockptr_t optval, int optlen);
struct tcp_ao_key *(*ao_lookup)(const struct sock *sk,
struct sock *addr_sk,
int sndid, int rcvid);
- int (*ao_calc_key_sk)(struct tcp_ao_key *mkt, u8 *key,
- const struct sock *sk,
- __be32 sisn, __be32 disn, bool send);
+ void (*ao_calc_key_sk)(struct tcp_ao_key *mkt, u8 *key,
+ const struct sock *sk,
+ __be32 sisn, __be32 disn, bool send);
int (*calc_ao_hash)(char *location, struct tcp_ao_key *ao,
const struct sock *sk, const struct sk_buff *skb,
const u8 *tkey, int hash_offset, u32 sne);
#endif
};
@@ -2449,11 +2449,11 @@ struct tcp_request_sock_ops {
#endif
#ifdef CONFIG_TCP_AO
struct tcp_ao_key *(*ao_lookup)(const struct sock *sk,
struct request_sock *req,
int sndid, int rcvid);
- int (*ao_calc_key)(struct tcp_ao_key *mkt, u8 *key, struct request_sock *sk);
+ void (*ao_calc_key)(struct tcp_ao_key *mkt, u8 *key, struct request_sock *sk);
int (*ao_synack_hash)(char *ao_hash, struct tcp_ao_key *mkt,
struct request_sock *req, const struct sk_buff *skb,
int hash_offset, u32 sne);
#endif
#ifdef CONFIG_SYN_COOKIES
diff --git a/include/net/tcp_ao.h b/include/net/tcp_ao.h
index f845bc631bc1e..2f20c57ea46b2 100644
--- a/include/net/tcp_ao.h
+++ b/include/net/tcp_ao.h
@@ -180,13 +180,13 @@ struct tcp6_ao_context {
/* Established states are fast-path and there always is current_key/rnext_key */
#define TCP_AO_ESTABLISHED (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_FIN_WAIT2 | \
TCPF_CLOSE_WAIT | TCPF_LAST_ACK | TCPF_CLOSING)
-int tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
- struct tcp_ao_key *key, struct tcphdr *th,
- __u8 *hash_location);
+void tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
+ struct tcp_ao_key *key, struct tcphdr *th,
+ __u8 *hash_location);
void tcp_ao_mac_update(struct tcp_ao_mac_ctx *mac_ctx, const void *data,
size_t data_len);
int tcp_ao_hash_skb(unsigned short int family,
char *ao_hash, struct tcp_ao_key *key,
const struct sock *sk, const struct sk_buff *skb,
@@ -231,32 +231,33 @@ int tcp_v4_parse_ao(struct sock *sk, int cmd, sockptr_t optval, int optlen);
struct tcp_ao_key *tcp_v4_ao_lookup(const struct sock *sk, struct sock *addr_sk,
int sndid, int rcvid);
int tcp_v4_ao_synack_hash(char *ao_hash, struct tcp_ao_key *mkt,
struct request_sock *req, const struct sk_buff *skb,
int hash_offset, u32 sne);
-int tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
- const struct sock *sk,
- __be32 sisn, __be32 disn, bool send);
-int tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
- struct request_sock *req);
+void tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
+ const struct sock *sk,
+ __be32 sisn, __be32 disn, bool send);
+void tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
+ struct request_sock *req);
struct tcp_ao_key *tcp_v4_ao_lookup_rsk(const struct sock *sk,
struct request_sock *req,
int sndid, int rcvid);
int tcp_v4_ao_hash_skb(char *ao_hash, struct tcp_ao_key *key,
const struct sock *sk, const struct sk_buff *skb,
const u8 *tkey, int hash_offset, u32 sne);
/* ipv6 specific functions */
-int tcp_v6_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx,
- const struct in6_addr *daddr,
- const struct in6_addr *saddr, int nbytes);
-int tcp_v6_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
- const struct sk_buff *skb, __be32 sisn, __be32 disn);
-int tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
- const struct sock *sk, __be32 sisn,
- __be32 disn, bool send);
-int tcp_v6_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
- struct request_sock *req);
+void tcp_v6_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx,
+ const struct in6_addr *daddr,
+ const struct in6_addr *saddr, int nbytes);
+void tcp_v6_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
+ const struct sk_buff *skb, __be32 sisn,
+ __be32 disn);
+void tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
+ const struct sock *sk, __be32 sisn,
+ __be32 disn, bool send);
+void tcp_v6_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
+ struct request_sock *req);
struct tcp_ao_key *tcp_v6_ao_lookup(const struct sock *sk,
struct sock *addr_sk, int sndid, int rcvid);
struct tcp_ao_key *tcp_v6_ao_lookup_rsk(const struct sock *sk,
struct request_sock *req,
int sndid, int rcvid);
@@ -272,15 +273,14 @@ void tcp_ao_finish_connect(struct sock *sk, struct sk_buff *skb);
void tcp_ao_connect_init(struct sock *sk);
void tcp_ao_syncookie(struct sock *sk, const struct sk_buff *skb,
struct request_sock *req, unsigned short int family);
#else /* CONFIG_TCP_AO */
-static inline int tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
- struct tcp_ao_key *key, struct tcphdr *th,
- __u8 *hash_location)
+static inline void tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
+ struct tcp_ao_key *key,
+ struct tcphdr *th, __u8 *hash_location)
{
- return 0;
}
static inline void tcp_ao_syncookie(struct sock *sk, const struct sk_buff *skb,
struct request_sock *req, unsigned short int family)
{
diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c
index 69f1d6d26562e..36a64c1cd8c99 100644
--- a/net/ipv4/tcp_ao.c
+++ b/net/ipv4/tcp_ao.c
@@ -433,14 +433,14 @@ void tcp_ao_time_wait(struct tcp_timewait_sock *tcptw, struct tcp_sock *tp)
tcptw->ao_info = NULL;
}
}
/* 4 tuple and ISNs are expected in NBO */
-static int tcp_v4_ao_calc_key(struct tcp_ao_key *mkt, u8 *key,
- __be32 saddr, __be32 daddr,
- __be16 sport, __be16 dport,
- __be32 sisn, __be32 disn)
+static void tcp_v4_ao_calc_key(struct tcp_ao_key *mkt, u8 *key,
+ __be32 saddr, __be32 daddr,
+ __be16 sport, __be16 dport,
+ __be32 sisn, __be32 disn)
{
/* See RFC5926 3.1.1 */
struct kdf_input_block {
u8 counter;
u8 label[6];
@@ -459,91 +459,92 @@ static int tcp_v4_ao_calc_key(struct tcp_ao_key *mkt, u8 *key,
},
.outlen = htons(tcp_ao_digest_size(mkt) * 8), /* in bits */
};
tcp_ao_calc_traffic_key(mkt, key, &input, sizeof(input));
- return 0;
}
-int tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
- const struct sock *sk,
- __be32 sisn, __be32 disn, bool send)
+void tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
+ const struct sock *sk,
+ __be32 sisn, __be32 disn, bool send)
{
if (send)
- return tcp_v4_ao_calc_key(mkt, key, sk->sk_rcv_saddr,
- sk->sk_daddr, htons(sk->sk_num),
- sk->sk_dport, sisn, disn);
+ tcp_v4_ao_calc_key(mkt, key, sk->sk_rcv_saddr, sk->sk_daddr,
+ htons(sk->sk_num), sk->sk_dport, sisn, disn);
else
- return tcp_v4_ao_calc_key(mkt, key, sk->sk_daddr,
- sk->sk_rcv_saddr, sk->sk_dport,
- htons(sk->sk_num), disn, sisn);
+ tcp_v4_ao_calc_key(mkt, key, sk->sk_daddr, sk->sk_rcv_saddr,
+ sk->sk_dport, htons(sk->sk_num), disn, sisn);
}
static int tcp_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
const struct sock *sk,
__be32 sisn, __be32 disn, bool send)
{
- if (mkt->family == AF_INET)
- return tcp_v4_ao_calc_key_sk(mkt, key, sk, sisn, disn, send);
+ if (mkt->family == AF_INET) {
+ tcp_v4_ao_calc_key_sk(mkt, key, sk, sisn, disn, send);
+ return 0;
+ }
#if IS_ENABLED(CONFIG_IPV6)
- else if (mkt->family == AF_INET6)
- return tcp_v6_ao_calc_key_sk(mkt, key, sk, sisn, disn, send);
+ if (mkt->family == AF_INET6) {
+ tcp_v6_ao_calc_key_sk(mkt, key, sk, sisn, disn, send);
+ return 0;
+ }
#endif
- else
- return -EOPNOTSUPP;
+ return -EOPNOTSUPP;
}
-int tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
- struct request_sock *req)
+void tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
+ struct request_sock *req)
{
struct inet_request_sock *ireq = inet_rsk(req);
- return tcp_v4_ao_calc_key(mkt, key,
- ireq->ir_loc_addr, ireq->ir_rmt_addr,
- htons(ireq->ir_num), ireq->ir_rmt_port,
- htonl(tcp_rsk(req)->snt_isn),
- htonl(tcp_rsk(req)->rcv_isn));
+ tcp_v4_ao_calc_key(mkt, key, ireq->ir_loc_addr, ireq->ir_rmt_addr,
+ htons(ireq->ir_num), ireq->ir_rmt_port,
+ htonl(tcp_rsk(req)->snt_isn),
+ htonl(tcp_rsk(req)->rcv_isn));
}
-static int tcp_v4_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
- const struct sk_buff *skb,
- __be32 sisn, __be32 disn)
+static void tcp_v4_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
+ const struct sk_buff *skb,
+ __be32 sisn, __be32 disn)
{
const struct iphdr *iph = ip_hdr(skb);
const struct tcphdr *th = tcp_hdr(skb);
- return tcp_v4_ao_calc_key(mkt, key, iph->saddr, iph->daddr,
- th->source, th->dest, sisn, disn);
+ tcp_v4_ao_calc_key(mkt, key, iph->saddr, iph->daddr, th->source,
+ th->dest, sisn, disn);
}
static int tcp_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
const struct sk_buff *skb,
__be32 sisn, __be32 disn, int family)
{
- if (family == AF_INET)
- return tcp_v4_ao_calc_key_skb(mkt, key, skb, sisn, disn);
+ if (family == AF_INET) {
+ tcp_v4_ao_calc_key_skb(mkt, key, skb, sisn, disn);
+ return 0;
+ }
#if IS_ENABLED(CONFIG_IPV6)
- else if (family == AF_INET6)
- return tcp_v6_ao_calc_key_skb(mkt, key, skb, sisn, disn);
+ if (family == AF_INET6) {
+ tcp_v6_ao_calc_key_skb(mkt, key, skb, sisn, disn);
+ return 0;
+ }
#endif
return -EAFNOSUPPORT;
}
-static int tcp_v4_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx,
- __be32 daddr, __be32 saddr,
- int nbytes)
+static void tcp_v4_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx,
+ __be32 daddr, __be32 saddr, int nbytes)
{
struct tcp4_pseudohdr phdr = {
.saddr = saddr,
.daddr = daddr,
.pad = 0,
.protocol = IPPROTO_TCP,
.len = cpu_to_be16(nbytes),
};
tcp_ao_mac_update(mac_ctx, &phdr, sizeof(phdr));
- return 0;
}
static int tcp_ao_hash_pseudoheader(unsigned short int family,
const struct sock *sk,
const struct sk_buff *skb,
@@ -551,35 +552,42 @@ static int tcp_ao_hash_pseudoheader(unsigned short int family,
{
const struct tcphdr *th = tcp_hdr(skb);
/* TODO: Can we rely on checksum being zero to mean outbound pkt? */
if (!th->check) {
- if (family == AF_INET)
- return tcp_v4_ao_hash_pseudoheader(mac_ctx, sk->sk_daddr,
- sk->sk_rcv_saddr, skb->len);
+ if (family == AF_INET) {
+ tcp_v4_ao_hash_pseudoheader(mac_ctx, sk->sk_daddr,
+ sk->sk_rcv_saddr, skb->len);
+ return 0;
+ }
#if IS_ENABLED(CONFIG_IPV6)
- else if (family == AF_INET6)
- return tcp_v6_ao_hash_pseudoheader(mac_ctx, &sk->sk_v6_daddr,
- &sk->sk_v6_rcv_saddr, skb->len);
+ if (family == AF_INET6) {
+ tcp_v6_ao_hash_pseudoheader(mac_ctx, &sk->sk_v6_daddr,
+ &sk->sk_v6_rcv_saddr,
+ skb->len);
+ return 0;
+ }
#endif
- else
- return -EAFNOSUPPORT;
+ return -EAFNOSUPPORT;
}
if (family == AF_INET) {
const struct iphdr *iph = ip_hdr(skb);
- return tcp_v4_ao_hash_pseudoheader(mac_ctx, iph->daddr,
- iph->saddr, skb->len);
+ tcp_v4_ao_hash_pseudoheader(mac_ctx, iph->daddr, iph->saddr,
+ skb->len);
+ return 0;
+ }
#if IS_ENABLED(CONFIG_IPV6)
- } else if (family == AF_INET6) {
+ if (family == AF_INET6) {
const struct ipv6hdr *iph = ipv6_hdr(skb);
- return tcp_v6_ao_hash_pseudoheader(mac_ctx, &iph->daddr,
- &iph->saddr, skb->len);
-#endif
+ tcp_v6_ao_hash_pseudoheader(mac_ctx, &iph->daddr, &iph->saddr,
+ skb->len);
+ return 0;
}
+#endif
return -EAFNOSUPPORT;
}
u32 tcp_ao_compute_sne(u32 next_sne, u32 next_seq, u32 seq)
{
@@ -738,15 +746,12 @@ int tcp_v4_ao_hash_skb(char *ao_hash, struct tcp_ao_key *key,
int tcp_v4_ao_synack_hash(char *ao_hash, struct tcp_ao_key *ao_key,
struct request_sock *req, const struct sk_buff *skb,
int hash_offset, u32 sne)
{
u8 tkey_buf[TCP_AO_MAX_TRAFFIC_KEY_LEN];
- int err;
- err = tcp_v4_ao_calc_key_rsk(ao_key, tkey_buf, req);
- if (err)
- return err;
+ tcp_v4_ao_calc_key_rsk(ao_key, tkey_buf, req);
return tcp_ao_hash_skb(AF_INET, ao_hash, ao_key, req_to_sk(req), skb,
tkey_buf, hash_offset, sne);
}
@@ -855,13 +860,13 @@ int tcp_ao_prepare_reset(const struct sock *sk, struct sk_buff *skb,
snd_basis, seq);
}
return 0;
}
-int tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
- struct tcp_ao_key *key, struct tcphdr *th,
- __u8 *hash_location)
+void tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
+ struct tcp_ao_key *key, struct tcphdr *th,
+ __u8 *hash_location)
{
struct tcp_skb_cb *tcb = TCP_SKB_CB(skb);
u8 tkey_buf[TCP_AO_MAX_TRAFFIC_KEY_LEN];
struct tcp_sock *tp = tcp_sk(sk);
struct tcp_ao_info *ao;
@@ -885,11 +890,10 @@ int tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb,
}
sne = tcp_ao_compute_sne(READ_ONCE(ao->snd_sne), READ_ONCE(tp->snd_una),
ntohl(th->seq));
tp->af_specific->calc_ao_hash(hash_location, key, sk, skb, traffic_key,
hash_location - (u8 *)th, sne);
- return 0;
}
static struct tcp_ao_key *tcp_ao_inbound_lookup(unsigned short int family,
const struct sock *sk, const struct sk_buff *skb,
int sndid, int rcvid, int l3index)
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 326b58ff1118d..8145f9aad77b3 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1644,18 +1644,12 @@ static int __tcp_transmit_skb(struct sock *sk, struct sk_buff *skb,
sk_gso_disable(sk);
tp->af_specific->calc_md5_hash(opts.hash_location,
key.md5_key, sk, skb);
#endif
} else if (tcp_key_is_ao(&key)) {
- int err;
-
- err = tcp_ao_transmit_skb(sk, skb, key.ao_key, th,
- opts.hash_location);
- if (err) {
- sk_skb_reason_drop(sk, skb, SKB_DROP_REASON_NOT_SPECIFIED);
- return -ENOMEM;
- }
+ tcp_ao_transmit_skb(sk, skb, key.ao_key, th,
+ opts.hash_location);
}
/* BPF prog is the last one writing header option */
bpf_skops_write_hdr_opt(sk, skb, NULL, NULL, 0, &opts);
diff --git a/net/ipv6/tcp_ao.c b/net/ipv6/tcp_ao.c
index bf30b970181d7..01a8472805d1d 100644
--- a/net/ipv6/tcp_ao.c
+++ b/net/ipv6/tcp_ao.c
@@ -10,15 +10,15 @@
#include <linux/tcp.h>
#include <net/tcp.h>
#include <net/ipv6.h>
-static int tcp_v6_ao_calc_key(struct tcp_ao_key *mkt, u8 *key,
- const struct in6_addr *saddr,
- const struct in6_addr *daddr,
- __be16 sport, __be16 dport,
- __be32 sisn, __be32 disn)
+static void tcp_v6_ao_calc_key(struct tcp_ao_key *mkt, u8 *key,
+ const struct in6_addr *saddr,
+ const struct in6_addr *daddr,
+ __be16 sport, __be16 dport,
+ __be32 sisn, __be32 disn)
{
struct kdf_input_block {
u8 counter;
u8 label[6];
struct tcp6_ao_context ctx;
@@ -36,49 +36,46 @@ static int tcp_v6_ao_calc_key(struct tcp_ao_key *mkt, u8 *key,
},
.outlen = htons(tcp_ao_digest_size(mkt) * 8), /* in bits */
};
tcp_ao_calc_traffic_key(mkt, key, &input, sizeof(input));
- return 0;
}
-int tcp_v6_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
- const struct sk_buff *skb,
- __be32 sisn, __be32 disn)
+void tcp_v6_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key,
+ const struct sk_buff *skb, __be32 sisn, __be32 disn)
{
const struct ipv6hdr *iph = ipv6_hdr(skb);
const struct tcphdr *th = tcp_hdr(skb);
- return tcp_v6_ao_calc_key(mkt, key, &iph->saddr,
- &iph->daddr, th->source,
- th->dest, sisn, disn);
+ tcp_v6_ao_calc_key(mkt, key, &iph->saddr, &iph->daddr, th->source,
+ th->dest, sisn, disn);
}
-int tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
- const struct sock *sk, __be32 sisn,
- __be32 disn, bool send)
+void tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key,
+ const struct sock *sk, __be32 sisn,
+ __be32 disn, bool send)
{
if (send)
- return tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_rcv_saddr,
- &sk->sk_v6_daddr, htons(sk->sk_num),
- sk->sk_dport, sisn, disn);
+ tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_rcv_saddr,
+ &sk->sk_v6_daddr, htons(sk->sk_num),
+ sk->sk_dport, sisn, disn);
else
- return tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_daddr,
- &sk->sk_v6_rcv_saddr, sk->sk_dport,
- htons(sk->sk_num), disn, sisn);
+ tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_daddr,
+ &sk->sk_v6_rcv_saddr, sk->sk_dport,
+ htons(sk->sk_num), disn, sisn);
}
-int tcp_v6_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
- struct request_sock *req)
+void tcp_v6_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key,
+ struct request_sock *req)
{
struct inet_request_sock *ireq = inet_rsk(req);
- return tcp_v6_ao_calc_key(mkt, key,
- &ireq->ir_v6_loc_addr, &ireq->ir_v6_rmt_addr,
- htons(ireq->ir_num), ireq->ir_rmt_port,
- htonl(tcp_rsk(req)->snt_isn),
- htonl(tcp_rsk(req)->rcv_isn));
+ tcp_v6_ao_calc_key(mkt, key,
+ &ireq->ir_v6_loc_addr, &ireq->ir_v6_rmt_addr,
+ htons(ireq->ir_num), ireq->ir_rmt_port,
+ htonl(tcp_rsk(req)->snt_isn),
+ htonl(tcp_rsk(req)->rcv_isn));
}
struct tcp_ao_key *tcp_v6_ao_lookup(const struct sock *sk,
struct sock *addr_sk,
int sndid, int rcvid)
@@ -102,24 +99,23 @@ struct tcp_ao_key *tcp_v6_ao_lookup_rsk(const struct sock *sk,
l3index = l3mdev_master_ifindex_by_index(sock_net(sk), ireq->ir_iif);
return tcp_ao_do_lookup(sk, l3index, (union tcp_ao_addr *)addr,
AF_INET6, sndid, rcvid);
}
-int tcp_v6_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx,
- const struct in6_addr *daddr,
- const struct in6_addr *saddr, int nbytes)
+void tcp_v6_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx,
+ const struct in6_addr *daddr,
+ const struct in6_addr *saddr, int nbytes)
{
/* 1. TCP pseudo-header (RFC2460) */
struct tcp6_pseudohdr phdr = {
.saddr = *saddr,
.daddr = *daddr,
.len = cpu_to_be32(nbytes),
.protocol = cpu_to_be32(IPPROTO_TCP),
};
tcp_ao_mac_update(mac_ctx, &phdr, sizeof(phdr));
- return 0;
}
int tcp_v6_ao_hash_skb(char *ao_hash, struct tcp_ao_key *key,
const struct sock *sk, const struct sk_buff *skb,
const u8 *tkey, int hash_offset, u32 sne)
@@ -137,14 +133,11 @@ int tcp_v6_parse_ao(struct sock *sk, int cmd,
int tcp_v6_ao_synack_hash(char *ao_hash, struct tcp_ao_key *ao_key,
struct request_sock *req, const struct sk_buff *skb,
int hash_offset, u32 sne)
{
u8 tkey_buf[TCP_AO_MAX_TRAFFIC_KEY_LEN];
- int err;
- err = tcp_v6_ao_calc_key_rsk(ao_key, tkey_buf, req);
- if (err)
- return err;
+ tcp_v6_ao_calc_key_rsk(ao_key, tkey_buf, req);
return tcp_ao_hash_skb(AF_INET6, ao_hash, ao_key, req_to_sk(req), skb,
tkey_buf, hash_offset, sne);
}
--
2.53.0
next prev parent reply other threads:[~2026-03-07 22:46 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-07 22:43 [RFC PATCH 0/8] Reimplement TCP-AO using crypto library Eric Biggers
2026-03-07 22:43 ` [RFC PATCH 1/8] net/tcp-ao: Drop support for most non-RFC-specified algorithms Eric Biggers
2026-03-07 22:43 ` [RFC PATCH 2/8] net/tcp-ao: Use crypto library API instead of crypto_ahash Eric Biggers
2026-03-07 22:43 ` [RFC PATCH 3/8] net/tcp-ao: Use stack-allocated MAC and traffic_key buffers Eric Biggers
2026-03-07 22:43 ` Eric Biggers [this message]
2026-03-07 22:43 ` [RFC PATCH 5/8] net/tcp: Remove tcp_sigpool Eric Biggers
2026-03-07 22:43 ` [RFC PATCH 6/8] crypto: hash - Remove support for cloning hash tfms Eric Biggers
2026-03-07 22:43 ` [RFC PATCH 7/8] crypto: cipher - Remove support for cloning cipher tfms Eric Biggers
2026-03-07 22:43 ` [RFC PATCH 8/8] crypto: api - Remove core support for cloning tfms Eric Biggers
2026-03-09 8:17 ` [RFC PATCH 0/8] Reimplement TCP-AO using crypto library Ard Biesheuvel
2026-03-09 22:33 ` Dmitry Safonov
2026-03-09 23:30 ` Eric Biggers
2026-03-10 7:42 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260307224341.5644-5-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=0x7f454c46@gmail.com \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=kuniyu@google.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox