Skip to content

Commit 7916b33

Browse files
q2vengregkh
authored andcommitted
tcp: Don't flag tcp_sk(sk)->rx_opt.saw_unknown for TCP AO.
[ Upstream commit 4b74726 ] When we process segments with TCP AO, we don't check it in tcp_parse_options(). Thus, opt_rx->saw_unknown is set to 1, which unconditionally triggers the BPF TCP option parser. Let's avoid the unnecessary BPF invocation. Fixes: 0a3a809 ("net/tcp: Verify inbound TCP-AO signed segments") Signed-off-by: Kuniyuki Iwashima <[email protected]> Reviewed-by: Eric Dumazet <[email protected]> Acked-by: Dmitry Safonov <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Paolo Abeni <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
1 parent 785c871 commit 7916b33

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

net/ipv4/tcp_input.c

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4220,6 +4220,13 @@ void tcp_parse_options(const struct net *net,
42204220
* checked (see tcp_v{4,6}_rcv()).
42214221
*/
42224222
break;
4223+
#endif
4224+
#ifdef CONFIG_TCP_AO
4225+
case TCPOPT_AO:
4226+
/* TCP AO has already been checked
4227+
* (see tcp_inbound_ao_hash()).
4228+
*/
4229+
break;
42234230
#endif
42244231
case TCPOPT_FASTOPEN:
42254232
tcp_parse_fastopen_option(

0 commit comments

Comments
 (0)