On 8/18/22 19:59, Dmitry Safonov wrote:
Add Sequence Number Extension (SNE) extension for TCP-AO. This is needed to protect long-living TCP-AO connections from replaying attacks after sequence number roll-over, see RFC5925 (6.2).
+#ifdef CONFIG_TCP_AO + ao = rcu_dereference_protected(tp->ao_info, + lockdep_sock_is_held((struct sock *)tp)); + if (ao) { + if (ack < ao->snd_sne_seq) + ao->snd_sne++; + ao->snd_sne_seq = ack; + } +#endif tp->snd_una = ack; }
... snip ...
+#ifdef CONFIG_TCP_AO + ao = rcu_dereference_protected(tp->ao_info, + lockdep_sock_is_held((struct sock *)tp)); + if (ao) { + if (seq < ao->rcv_sne_seq) + ao->rcv_sne++; + ao->rcv_sne_seq = seq; + } +#endif WRITE_ONCE(tp->rcv_nxt, seq);
It should always be the case that (rcv_nxt == rcv_sne_seq) and (snd_una == snd_sne_seq) so the _sne_seq fields are redundant. It's possible to avoid those extra fields.
However 8 bytes per TCP-AO socket is inconsequential. -- Regards, Leonard