Commit 4b74726c authored by Kuniyuki Iwashima's avatar Kuniyuki Iwashima Committed by Paolo Abeni
Browse files

tcp: Don't flag tcp_sk(sk)->rx_opt.saw_unknown for TCP AO. 



When we process segments with TCP AO, we don't check it in
tcp_parse_options().  Thus, opt_rx->saw_unknown is set to 1,
which unconditionally triggers the BPF TCP option parser.

Let's avoid the unnecessary BPF invocation.

Fixes: 0a3a8090 ("net/tcp: Verify inbound TCP-AO signed segments")
Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
Acked-by: default avatarDmitry Safonov <0x7f454c46@gmail.com>
Link: https://patch.msgid.link/20240703033508.6321-1-kuniyu@amazon.com


Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parent aa09b7e0

net/ipv4/tcp_input.c

+7 −0
Original line number Diff line number Diff line
@@ -4223,6 +4223,13 @@ void tcp_parse_options(const struct net *net, 
				 * checked (see tcp_v{4,6}_rcv()).

				 */

				break;

#endif

#ifdef CONFIG_TCP_AO

			case TCPOPT_AO:

				/* TCP AO has already been checked

				 * (see tcp_inbound_ao_hash()).

				 */

				break;

#endif

			case TCPOPT_FASTOPEN:

				tcp_parse_fastopen_option(