[PATCH net-next 0/2] tcp: Destroy TCP-AO, TCP-MD5 keys in .sk_destruct()
From: Dmitry Safonov via B4 Relay
Date: Fri Aug 22 2025 - 00:57:07 EST
On one side a minor/cosmetic issue, especially nowadays when
TCP-AO/TCP-MD5 signature verification failures aren't logged to dmesg.
Yet, I think worth addressing for two reasons:
- unsigned RST gets ignored by the peer and the connection is alive for
longer (keep-alive interval)
- netstat counters increase and trace events report that trusted BGP peer
is sending unsigned/incorrectly signed segments, which can ring alarm
on monitoring.
Signed-off-by: Dmitry Safonov <dima@xxxxxxxxxx>
---
Dmitry Safonov (2):
tcp: Destroy TCP-AO, TCP-MD5 keys in .sk_destruct()
tcp: Free TCP-AO/TCP-MD5 info/keys without RCU
net/ipv4/tcp.c | 18 ++++++++++++++++++
net/ipv4/tcp_ao.c | 5 ++---
net/ipv4/tcp_ipv4.c | 29 ++---------------------------
net/ipv4/tcp_minisocks.c | 19 +++++--------------
4 files changed, 27 insertions(+), 44 deletions(-)
---
base-commit: a7bd72158063740212344fad5d99dcef45bc70d6
change-id: 20250822-b4-tcp-ao-md5-rst-finwait2-e632b4d8f58d
Best regards,
--
Dmitry Safonov <dima@xxxxxxxxxx>