From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eric Dumazet <eric.dumazet@gmail.com>
Subject: Re: [PATCH net-next 2/5] tcp: TFO: search for correct cookie and
 accept data
Date: Sun, 16 Dec 2018 22:30:51 -0800
Message-ID: <80ac109a-6e97-e24b-beea-37c047be4f55@gmail.com>
References: <20181214224007.54813-1-cpaasch@apple.com>
 <20181214224007.54813-3-cpaasch@apple.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: Eric Dumazet <edumazet@google.com>,
        Yuchung Cheng <ycheng@google.com>,
        David Miller <davem@davemloft.net>
To: Christoph Paasch <cpaasch@apple.com>, netdev@vger.kernel.org
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-wr1-f65.google.com ([209.85.221.65]:46094 "EHLO
        mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726256AbeLQGaz (ORCPT
        <rfc822;netdev@vger.kernel.org>); Mon, 17 Dec 2018 01:30:55 -0500
Received: by mail-wr1-f65.google.com with SMTP id l9so10976588wrt.13
        for <netdev@vger.kernel.org>; Sun, 16 Dec 2018 22:30:54 -0800 (PST)
In-Reply-To: <20181214224007.54813-3-cpaasch@apple.com>
Content-Language: en-US
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>



On 12/14/2018 02:40 PM, Christoph Paasch wrote:
> This change allows to search for the right cookie and accepts old ones
> (announcing a new one if it has changed).
> 
> __tcp_fastopen_cookie_gen_with_ctx() allows to generate a cookie based
> on a given TFO-context. A later patch will cleanup the duplicate code.

How long is kept the secondary (old) context ?

I do not know exact crypto_cipher_encrypt_one() cost, but it looks like
your patch could double the cost of some TFO based attacks ?