On Tue, Aug 23, 2022 at 7:50 AM Leonard Crestez <cdleonard@xxxxxxxxx> wrote: > > On 8/18/22 19:59, Dmitry Safonov wrote: > > Add Sequence Number Extension (SNE) extension for TCP-AO. > > This is needed to protect long-living TCP-AO connections from replaying > > attacks after sequence number roll-over, see RFC5925 (6.2). > > > +#ifdef CONFIG_TCP_AO > > + ao = rcu_dereference_protected(tp->ao_info, > > + lockdep_sock_is_held((struct sock *)tp)); > > + if (ao) { > > + if (ack < ao->snd_sne_seq) > > + ao->snd_sne++; > > + ao->snd_sne_seq = ack; > > + } > > +#endif > > tp->snd_una = ack; > > } > > ... snip ... > > > +#ifdef CONFIG_TCP_AO > > + ao = rcu_dereference_protected(tp->ao_info, > > + lockdep_sock_is_held((struct sock *)tp)); > > + if (ao) { > > + if (seq < ao->rcv_sne_seq) > > + ao->rcv_sne++; > > + ao->rcv_sne_seq = seq; > > + } > > +#endif > > WRITE_ONCE(tp->rcv_nxt, seq); > > It should always be the case that (rcv_nxt == rcv_sne_seq) and (snd_una > == snd_sne_seq) so the _sne_seq fields are redundant. It's possible to > avoid those extra fields. There are cases where rcv_nxt and snd_una are set outside of tcp_rcv_nxt_update() and tcp_snd_una_update(), mostly during the initial handshake, so those cases would have to be taken care of explicitly, especially wrt rollovers. I see your point though, there may be a potential for some cleaning up here. Francesco