Hi Leonard, thanks for taking on this task! > I'm especially interested in feedback regarding ABI and testing. I noticed that the TCP connection identifier is not part of the representation of the MKT (tcp_authopt_key_info). This could cause some issues if, for example 2 MKTs with different <remote IP, remote TCP port> in the TCP connection identifier but same KeyID (recv_id) are installed on a socket. In that case tcp_authopt_inbound_key_lookup() may not pick the correct MKT for the connection. Matching incoming segments only based on recv_id may not comply with the RFC. I think there may be other cases where TCP connection identifiers may be needed to resolve conflicts, but I have to look at your patch in more detail. It would be helpful if you could split your patch into smaller incremental chunks. Francesco On Mon, Jul 26, 2021 at 6:07 PM David Ahern <dsahern@xxxxxxxxx> wrote: > > On 7/19/21 5:24 AM, Leonard Crestez wrote: > > I'm especially interested in feedback regarding ABI and testing. > > Please add tests -- both positive and negative -- to > tools/testing/selftests/net/fcnal-test.sh. That script already covers > the MD5 permutations. You can add the uapi support needed to nettest.c
