Re: [PATCH v2 01/25] tcp: authopt: Initial support and key management

Leonard Crestez <cdleonard@xxxxxxxxx> · Fri, 5 Nov 2021 14:10:58 +0200

On 11/3/21 4:29 AM, David Ahern wrote:
On 11/1/21 10:34 AM, Leonard Crestez wrote:

diff --git a/net/ipv4/tcp_authopt.c b/net/ipv4/tcp_authopt.c
new file mode 100644
index 000000000000..c412a712f229
--- /dev/null
+++ b/net/ipv4/tcp_authopt.c
@@ -0,0 +1,263 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+#include <linux/kernel.h>
+#include <net/tcp.h>
+#include <net/tcp_authopt.h>
+#include <crypto/hash.h>
+
+/* checks that ipv4 or ipv6 addr matches. */
+static bool ipvx_addr_match(struct sockaddr_storage *a1,
+			    struct sockaddr_storage *a2)
+{
+	if (a1->ss_family != a2->ss_family)
+		return false;
+	if (a1->ss_family == AF_INET &&
+	    (((struct sockaddr_in *)a1)->sin_addr.s_addr !=
+	     ((struct sockaddr_in *)a2)->sin_addr.s_addr))
+		return false;
+	if (a1->ss_family == AF_INET6 &&
+	    !ipv6_addr_equal(&((struct sockaddr_in6 *)a1)->sin6_addr,
+			     &((struct sockaddr_in6 *)a2)->sin6_addr))
+		return false;

The above 2 could just be

	if (a1->ss_family == AF_INET)
		return (((struct sockaddr_in *)a1)->sin_addr.s_addr ==
			((struct sockaddr_in *)a2)->sin_addr.s_addr))

OK. The function is a little weird that it has a final "return true" 
which is technically also reachable if AF is unexpected but that 
situation is prevented from higher up.

--
Regards,
Leonard






