linux_dsm_epyc7002/net/ipv4
Eric Dumazet 1ca0fafd73 tcp: md5: allow changing MD5 keys in all socket states
This essentially reverts commit 7212303268 ("tcp: md5: reject TCP_MD5SIG
or TCP_MD5SIG_EXT on established sockets")

Mathieu reported that many vendors BGP implementations can
actually switch TCP MD5 on established flows.

Quoting Mathieu :
   Here is a list of a few network vendors along with their behavior
   with respect to TCP MD5:

   - Cisco: Allows for password to be changed, but within the hold-down
     timer (~180 seconds).
   - Juniper: When password is initially set on active connection it will
     reset, but after that any subsequent password changes no network
     resets.
   - Nokia: No notes on if they flap the tcp connection or not.
   - Ericsson/RedBack: Allows for 2 password (old/new) to co-exist until
     both sides are ok with new passwords.
   - Meta-Switch: Expects the password to be set before a connection is
     attempted, but no further info on whether they reset the TCP
     connection on a change.
   - Avaya: Disable the neighbor, then set password, then re-enable.
   - Zebos: Would normally allow the change when socket connected.

We can revert my prior change because commit 9424e2e7ad ("tcp: md5: fix potential
overestimation of TCP option space") removed the leak of 4 kernel bytes to
the wire that was the main reason for my patch.

While doing my investigations, I found a bug when a MD5 key is changed, leading
to these commits that stable teams want to consider before backporting this revert :

 Commit 6a2febec33 ("tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()")
 Commit e6ced831ef ("tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers")

Fixes: 7212303268 "tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets"
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-07-02 14:07:49 -07:00
..
bpfilter
netfilter netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c. 2020-06-25 00:50:31 +02:00
af_inet.c
ah4.c
arp.c
bpf_tcp_ca.c
cipso_ipv4.c
datagram.c
devinet.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-31 17:48:46 -07:00
esp4_offload.c net: Add MODULE_DESCRIPTION entries to network modules 2020-06-20 21:33:57 -07:00
esp4.c
fib_frontend.c
fib_lookup.h
fib_notifier.c
fib_rules.c
fib_semantics.c net: Fix the arp error in some cases 2020-06-18 20:21:51 -07:00
fib_trie.c
fou.c net: Add MODULE_DESCRIPTION entries to network modules 2020-06-20 21:33:57 -07:00
gre_demux.c
gre_offload.c
icmp.c ip: Fix SO_MARK in RST, ACK and ICMP packets 2020-07-01 17:38:30 -07:00
igmp.c
inet_connection_sock.c inet_connection_sock: clear inet_num out of destroy helper 2020-06-04 15:59:56 -07:00
inet_diag.c
inet_fragment.c
inet_hashtables.c
inet_timewait_sock.c
inetpeer.c
ip_forward.c
ip_fragment.c
ip_gre.c
ip_input.c
ip_options.c
ip_output.c ip: Fix SO_MARK in RST, ACK and ICMP packets 2020-07-01 17:38:30 -07:00
ip_sockglue.c ipv4: add ip_sock_set_pktinfo 2020-05-28 11:11:45 -07:00
ip_tunnel_core.c net: ip_tunnel: add header_ops for layer 3 devices 2020-06-30 12:29:39 -07:00
ip_tunnel.c ip_tunnel: fix use-after-free in ip_tunnel_lookup() 2020-06-18 20:12:34 -07:00
ip_vti.c net: vti: implement header_ops->parse_protocol for AF_PACKET 2020-06-30 12:29:39 -07:00
ipcomp.c
ipconfig.c
ipip.c net: ipip: implement header_ops->parse_protocol for AF_PACKET 2020-06-30 12:29:39 -07:00
ipmr_base.c
ipmr.c
Kconfig Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2020-06-19 13:03:47 -07:00
Makefile
metrics.c
netfilter.c
netlink.c
nexthop.c nexthop: Fix fdb labeling for groups 2020-06-10 13:18:40 -07:00
ping.c
proc.c
protocol.c
raw_diag.c
raw.c
route.c net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() 2020-06-27 18:02:32 -07:00
syncookies.c
sysctl_net_ipv4.c
tcp_bbr.c
tcp_bic.c
tcp_bpf.c bpf: tcp: Recv() should return 0 when the peer socket is closed 2020-06-12 15:10:12 -07:00
tcp_cdg.c
tcp_cong.c
tcp_cubic.c tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT 2020-06-25 16:08:47 -07:00
tcp_dctcp.c
tcp_dctcp.h
tcp_diag.c
tcp_fastopen.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: fix SO_RCVLOWAT possible hangs under high mem pressure 2020-07-01 17:46:04 -07:00
tcp_ipv4.c tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers 2020-07-01 17:29:45 -07:00
tcp_lp.c
tcp_metrics.c
tcp_minisocks.c
tcp_nv.c
tcp_offload.c
tcp_output.c tcp: md5: do not send silly options in SYNCOOKIES 2020-07-01 17:36:23 -07:00
tcp_rate.c
tcp_recovery.c
tcp_scalable.c
tcp_timer.c
tcp_ulp.c
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tcp.c tcp: md5: allow changing MD5 keys in all socket states 2020-07-02 14:07:49 -07:00
tunnel4.c
udp_bpf.c
udp_diag.c
udp_impl.h
udp_offload.c
udp_tunnel.c net: Make locking in sock_bindtoindex optional 2020-06-01 14:57:14 -07:00
udp.c
udplite.c
xfrm4_input.c
xfrm4_output.c
xfrm4_policy.c
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c