Lines Matching full:ao
3 * INET An implementation of the TCP Authentication Option (TCP-AO).
54 struct tcp_ao_info *ao;
60 * >> A TCP-AO implementation MUST default to ignore incoming ICMPv4
83 ao = rcu_dereference(tcp_twsk(sk)->ao_info);
95 ao = rcu_dereference(tcp_sk(sk)->ao_info);
98 if (ao && !ao->accept_icmps) {
101 atomic64_inc(&ao->counters.dropped_icmp);
113 struct tcp_ao_info *ao,
118 hlist_for_each_entry_rcu(key, &ao->head, node, lockdep_sock_is_held(sk)) {
199 struct tcp_ao_info *ao;
204 ao = rcu_dereference_check(tcp_sk(sk)->ao_info,
206 if (!ao)
209 hlist_for_each_entry_rcu(key, &ao->head, node, lockdep_sock_is_held(sk)) {
228 struct tcp_ao_info *ao;
230 ao = kzalloc(sizeof(*ao), flags);
231 if (!ao)
233 INIT_HLIST_HEAD(&ao->head);
234 refcount_set(&ao->refcnt, 1);
236 return ao;
239 static void tcp_ao_link_mkt(struct tcp_ao_info *ao, struct tcp_ao_key *mkt)
241 hlist_add_head_rcu(&mkt->node, &ao->head);
273 struct tcp_ao_info *ao = container_of(head, struct tcp_ao_info, rcu);
277 hlist_for_each_entry_safe(key, n, &ao->head, node) {
282 kfree(ao);
286 static void tcp_ao_sk_omem_free(struct sock *sk, struct tcp_ao_info *ao)
291 hlist_for_each_entry(key, &ao->head, node)
298 struct tcp_ao_info *ao;
301 ao = rcu_dereference_protected(tcp_twsk(sk)->ao_info, 1);
304 ao = rcu_dereference_protected(tcp_sk(sk)->ao_info, 1);
308 if (!ao || !refcount_dec_and_test(&ao->refcnt))
312 tcp_ao_sk_omem_free(sk, ao);
313 call_rcu(&ao->rcu, tcp_ao_info_free_rcu);
359 memcpy(tmp->label, "TCP-AO", 6);
548 /* zero out tcp-ao hash */
737 * Linux TCP-AO support provides TCP_AO_ADD_KEY and TCP_AO_REPAIR
815 struct tcp_ao_info *ao;
820 ao = rcu_dereference_protected(tcp_sk(sk)->ao_info,
833 disn = ao->risn;
836 sk, ao->lisn, disn, true);
838 sne = tcp_ao_compute_sne(READ_ONCE(ao->snd_sne), READ_ONCE(tp->snd_una),
892 /* Key not found, continue without TCP-AO */
1055 WARN_ONCE(1, "TCP-AO: Unexpected sk_state %d", state);
1077 struct tcp_ao_info *ao,
1084 ao->lisn, ao->risn, true);
1090 ao->lisn, ao->risn, false);
1149 * at least one tcp-ao key that matches the remote peer.
1159 struct tcp_ao_info *ao;
1162 ao = rcu_dereference_protected(tcp_sk(sk)->ao_info,
1164 if (!ao)
1167 hlist_for_each_entry_rcu(key, &ao->head, node, lockdep_sock_is_held(sk))
1168 tcp_ao_cache_traffic_keys(sk, ao, key);
1173 struct tcp_ao_info *ao;
1176 ao = rcu_dereference_protected(tcp_sk(sk)->ao_info,
1178 if (!ao)
1181 WRITE_ONCE(ao->risn, tcp_hdr(skb)->seq);
1182 ao->rcv_sne = 0;
1184 hlist_for_each_entry_rcu(key, &ao->head, node, lockdep_sock_is_held(sk))
1185 tcp_ao_cache_traffic_keys(sk, ao, key);
1193 struct tcp_ao_info *new_ao, *ao;
1199 ao = rcu_dereference(tcp_sk(sk)->ao_info);
1200 if (!ao)
1203 /* New socket without TCP-AO on it */
1212 new_ao->ao_required = ao->ao_required;
1213 new_ao->accept_icmps = ao->accept_icmps;
1228 hlist_for_each_entry_rcu(key, &ao->head, node) {
1242 /* RFC5925 (7.4.1) specifies that the TCP-AO status
1244 * At this point the connection was TCP-AO enabled, so
1357 /* Check: maclen + tcp-ao header <= (MAX_TCP_OPTION_SPACE - mss
1362 * In order to allow D-SACK with TCP-AO, the header size should be:
1374 * TCP-AO continues to consume 16 bytes in non-SYN segments,
1378 * such as to handle D-SACK, a smaller TCP-AO MAC would be required
1653 * non peer-matching key on an established TCP-AO
1666 net_warn_ratelimited("AO key ifindex %d != sk bound ifindex %d\n",
1674 * (that will make them match AO key with
1933 /* cmd.ao_required makes a socket TCP-AO only.
2323 struct tcp_ao_info *ao;
2343 ao = setsockopt_ao_info(sk);
2344 if (IS_ERR(ao))
2345 return PTR_ERR(ao);
2346 if (!ao)
2350 out.ao_required = ao->ao_required;
2351 out.accept_icmps = ao->accept_icmps;
2352 out.pkt_good = atomic64_read(&ao->counters.pkt_good);
2353 out.pkt_bad = atomic64_read(&ao->counters.pkt_bad);
2354 out.pkt_key_not_found = atomic64_read(&ao->counters.key_not_found);
2355 out.pkt_ao_required = atomic64_read(&ao->counters.ao_required);
2356 out.pkt_dropped_icmp = atomic64_read(&ao->counters.dropped_icmp);
2358 current_key = READ_ONCE(ao->current_key);
2363 if (ao->rnext_key) {
2365 out.rnext = ao->rnext_key->rcvid;
2379 struct tcp_ao_info *ao;
2392 ao = setsockopt_ao_info(sk);
2393 if (IS_ERR(ao))
2394 return PTR_ERR(ao);
2395 if (!ao)
2398 WRITE_ONCE(ao->lisn, cmd.snt_isn);
2399 WRITE_ONCE(ao->risn, cmd.rcv_isn);
2400 WRITE_ONCE(ao->snd_sne, cmd.snd_sne);
2401 WRITE_ONCE(ao->rcv_sne, cmd.rcv_sne);
2403 hlist_for_each_entry_rcu(key, &ao->head, node, lockdep_sock_is_held(sk))
2404 tcp_ao_cache_traffic_keys(sk, ao, key);
2413 struct tcp_ao_info *ao;
2426 ao = getsockopt_ao_info(sk);
2427 if (IS_ERR_OR_NULL(ao)) {
2429 return ao ? PTR_ERR(ao) : -ENOENT;
2432 opt.snt_isn = ao->lisn;
2433 opt.rcv_isn = ao->risn;
2434 opt.snd_sne = READ_ONCE(ao->snd_sne);
2435 opt.rcv_sne = READ_ONCE(ao->rcv_sne);