Merge tag 'net-6.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

a Message Authentication Code (MAC). MACs are produced from the content

of a TCP segment using a hashing function with a password known to both peers.

The intent of TCP-AO is to deprecate TCP-MD5 providing better security,

key rotation and support for variety of hashing algorithms.

key rotation and support for a variety of hashing algorithms.

1. Introduction

===============

       is not available, no action is required (RNextKeyID of a received

       segment needs to match the MKT’s SendID).

Q: How current_key is set and when does it change? It is a user-triggered

change, or is it by a request from the remote peer? Is it set by the user

explicitly, or by a matching rule?

Q: How is current_key set, and when does it change? Is it a user-triggered

change, or is it triggered by a request from the remote peer? Is it set by the

user explicitly, or by a matching rule?

A: current_key is set by RNextKeyID [6.1]::

Q: Can a non-TCP-AO connection become a TCP-AO-enabled one?

A: No: for already established non-TCP-AO connection it would be impossible

to switch using TCP-AO as the traffic key generation requires the initial

A: No: for an already established non-TCP-AO connection it would be impossible

to switch to using TCP-AO, as the traffic key generation requires the initial

sequence numbers. Paraphrasing, starting using TCP-AO would require

re-establishing the TCP connection.

Linux provides a set of ``setsockopt()s`` and ``getsockopt()s`` that let

userspace manage TCP-AO on a per-socket basis. In order to add/delete MKTs

``TCP_AO_ADD_KEY`` and ``TCP_AO_DEL_KEY`` TCP socket options must be used

``TCP_AO_ADD_KEY`` and ``TCP_AO_DEL_KEY`` TCP socket options must be used.

It is not allowed to add a key on an established non-TCP-AO connection

as well as to remove the last key from TCP-AO connection.

4. ``setsockopt()`` vs ``accept()`` race

========================================

In contrast with TCP-MD5 established connection which has just one key,

In contrast with an established TCP-MD5 connection which has just one key,

TCP-AO connections may have many keys, which means that accepted connections

on a listen socket may have any amount of keys as well. As copying all those

keys on a first properly signed SYN would make the request socket bigger, that

hanging in the accept queue.

The reverse is valid as well: if userspace adds a new key for a peer on

a listener socket, the established sockets in accept queue won't

a listener socket, the established sockets in the accept queue won't

have the new keys.

At this moment, the resolution for the two races:

and ``setsockopt(TCP_AO_DEL_KEY)`` vs ``accept()`` is delegated to userspace.

This means that it's expected that userspace would check the MKTs on the socket

that was returned by ``accept()`` to verify that any key rotation that

happened on listen socket is reflected on the newly established connection.

happened on the listen socket is reflected on the newly established connection.

This is a similar "do-nothing" approach to TCP-MD5 from the kernel side and

may be changed later by introducing new flags to ``tcp_ao_add``

with better review coverage. Re-posting large series also increases the mailing

list traffic.

.. _rcs:

Local variable ordering ("reverse xmas tree", "RCS")

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

``__free()`` within networking core and drivers is discouraged.

Similar guidance applies to declaring variables mid-function.

Clean-up patches

~~~~~~~~~~~~~~~~

Netdev discourages patches which perform simple clean-ups, which are not in

the context of other work. For example:

* Addressing ``checkpatch.pl`` warnings

* Addressing :ref:`Local variable ordering<rcs>` issues

* Conversions to device-managed APIs (``devm_`` helpers)

This is because it is felt that the churn that such changes produce comes

at a greater cost than the value of such clean-ups.

Conversely, spelling and grammar fixes are not discouraged.

Resending after review

~~~~~~~~~~~~~~~~~~~~~~

F:	drivers/bus/hisi_lpc.c

HISILICON NETWORK SUBSYSTEM 3 DRIVER (HNS3)

M:	Yisen Zhuang <yisen.zhuang@huawei.com>

M:	Jian Shen <shenjian15@huawei.com>

M:	Salil Mehta <salil.mehta@huawei.com>

M:	Jijie Shao <shaojijie@huawei.com>

L:	netdev@vger.kernel.org

F:	drivers/net/ethernet/hisilicon/hns3/

HISILICON NETWORK SUBSYSTEM DRIVER

M:	Yisen Zhuang <yisen.zhuang@huawei.com>

M:	Jian Shen <shenjian15@huawei.com>

M:	Salil Mehta <salil.mehta@huawei.com>

L:	netdev@vger.kernel.org

S:	Maintained

F:	net/

F:	tools/net/

F:	tools/testing/selftests/net/

X:	Documentation/networking/mac80211-injection.rst

X:	Documentation/networking/mac80211_hwsim/

X:	Documentation/networking/regulatory.rst

X:	include/net/cfg80211.h

X:	include/net/ieee80211_radiotap.h

X:	include/net/iw_handler.h

X:	include/net/mac80211.h

X:	include/net/wext.h

X:	net/9p/

X:	net/bluetooth/

X:	net/mac80211/

X:	net/rfkill/

X:	net/wireless/

NETWORKING [IPSEC]

M:	Steffen Klassert <steffen.klassert@secunet.com>

USER DATAGRAM PROTOCOL (UDP)

M:	Willem de Bruijn <willemdebruijn.kernel@gmail.com>

L:	netdev@vger.kernel.org

S:	Maintained

F:	include/linux/udp.h

F:	include/net/udp.h

F:	include/trace/events/udp.h

F:	include/uapi/linux/udp.h

F:	net/ipv4/udp.c

F:	net/ipv6/udp.c

static int btusb_suspend(struct usb_interface *intf, pm_message_t message)

{

	struct btusb_data *data = usb_get_intfdata(intf);

	int err;

	BT_DBG("intf %p", intf);

	/* Don't suspend if there are connections */

	if (hci_conn_count(data->hdev))

	/* Don't auto-suspend if there are connections; external suspend calls

	 * shall never fail.

	 */

	if (PMSG_IS_AUTO(message) && hci_conn_count(data->hdev))

		return -EBUSY;

	if (data->suspend_count++)

		return 0;

	/* Notify Host stack to suspend; this has to be done before stopping

	 * the traffic since the hci_suspend_dev itself may generate some

	 * traffic.

	 */

	err = hci_suspend_dev(data->hdev);

	if (err) {

		data->suspend_count--;

		return err;

	}

	spin_lock_irq(&data->txlock);

	if (!(PMSG_IS_AUTO(message) && data->tx_in_flight)) {

		set_bit(BTUSB_SUSPENDING, &data->flags);

	} else {

		spin_unlock_irq(&data->txlock);

		data->suspend_count--;

		hci_resume_dev(data->hdev);

		return -EBUSY;

	}

	spin_unlock_irq(&data->txlock);

	schedule_work(&data->work);

	hci_resume_dev(data->hdev);

	return 0;

failed:

#include <linux/phylink.h>

#include <linux/etherdevice.h>

#include <linux/if_bridge.h>

#include <linux/if_vlan.h>

#include <net/dsa.h>

#include "b53_regs.h"

#define B53_MIBS_58XX_SIZE	ARRAY_SIZE(b53_mibs_58xx)

#define B53_MAX_MTU_25		(1536 - ETH_HLEN - VLAN_HLEN - ETH_FCS_LEN)

#define B53_MAX_MTU		(9720 - ETH_HLEN - VLAN_HLEN - ETH_FCS_LEN)

static int b53_do_vlan_op(struct b53_device *dev, u8 op)

{

	unsigned int i;

	bool allow_10_100;

	if (is5325(dev) || is5365(dev))

		return -EOPNOTSUPP;

		return 0;

	if (!dsa_is_cpu_port(ds, port))

		return 0;

	enable_jumbo = (mtu >= JMS_MIN_SIZE);

	allow_10_100 = (dev->chip_id == BCM583XX_DEVICE_ID);

	enable_jumbo = (mtu > ETH_DATA_LEN);

	allow_10_100 = !is63xx(dev);

	return b53_set_jumbo(dev, enable_jumbo, allow_10_100);

}

static int b53_get_max_mtu(struct dsa_switch *ds, int port)

{

	return JMS_MAX_SIZE;

	struct b53_device *dev = ds->priv;

	if (is5325(dev) || is5365(dev))

		return B53_MAX_MTU_25;

	return B53_MAX_MTU;

}

static const struct phylink_mac_ops b53_phylink_mac_ops = {