Re: [PATCH v2 2/4] tcp: md5: Allow MD5SIG_FLAG_IFINDEX with ifindex=0

From: David Ahern
Date: Thu Oct 14 2021 - 10:23:07 EST

Next message: Thomas Gleixner: "Re: [patch 13/31] x86/fpu: Move KVMs FPU swapping to FPU core"
Previous message: Suzuki K Poulose: "[PATCH v2] coresight: trbe: Defer the probe on offline CPUs"
In reply to: Leonard Crestez: "Re: [PATCH v2 2/4] tcp: md5: Allow MD5SIG_FLAG_IFINDEX with ifindex=0"
Next in thread: Leonard Crestez: "[PATCH v2 3/4] selftests: nettest: Add --{do,no}-bind-key-ifindex"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/13/21 12:50 AM, Leonard Crestez wrote:
> Multiple VRFs are generally meant to be "separate" but right now md5
> keys for the default VRF also affect connections inside VRFs if the IP
> addresses happen to overlap.
>
> So far the combination of TCP_MD5SIG_IFINDEX with tcpm_ifindex == 0
> was an error, accept this to mean "key only applies to default VRF".
> This is what applications using VRFs for traffic separation want.
>
> Signed-off-by: Leonard Crestez <cdleonard@xxxxxxxxx>
> ---
> include/net/tcp.h | 5 +++--
> net/ipv4/tcp_ipv4.c | 26 ++++++++++++++++----------
> net/ipv6/tcp_ipv6.c | 15 +++++++++------
> 3 files changed, 28 insertions(+), 18 deletions(-)
>

Reviewed-by: David Ahern <dsahern@xxxxxxxxxx>

Next message: Thomas Gleixner: "Re: [patch 13/31] x86/fpu: Move KVMs FPU swapping to FPU core"
Previous message: Suzuki K Poulose: "[PATCH v2] coresight: trbe: Defer the probe on offline CPUs"
In reply to: Leonard Crestez: "Re: [PATCH v2 2/4] tcp: md5: Allow MD5SIG_FLAG_IFINDEX with ifindex=0"
Next in thread: Leonard Crestez: "[PATCH v2 3/4] selftests: nettest: Add --{do,no}-bind-key-ifindex"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]