tcp: Don't flag tcp_sk(sk)->rx_opt.saw_unknown for TCP AO.

When we process segments with TCP AO, we don't check it in tcp_parse_options(). Thus, opt_rx->saw_unknown is set to 1, which unconditionally triggers the BPF TCP option parser. Let's avoid the unnecessary BPF invocation. Fixes: 0a3a809089eb ("net/tcp: Verify inbound TCP-AO signed segments") Signed-off-by: Kuniyuki Iwashima <[email protected]> Reviewed-by: Eric Dumazet <[email protected]> Acked-by: Dmitry Safonov <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Paolo Abeni <[email protected]>
author: Kuniyuki Iwashima <[email protected]> 2024-07-02 20:35:08 -0700
committer: Paolo Abeni <[email protected]> 2024-07-04 11:56:12 +0200
commit: 4b74726c01b7a0b5e1029e1e9247fd81590da726 (patch)
tree: 61acac47111feb419d2b48c0a20e86925cc6f4e8
parent: aa09b7e0c12e8d7a5e098fa8a45015beb00f5c20 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index e67cbeeeb95b..77294fd5fd3e 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4224,6 +4224,13 @@ void tcp_parse_options(const struct net *net,
 				 */
 				break;
 #endif
+#ifdef CONFIG_TCP_AO
+			case TCPOPT_AO:
+				/* TCP AO has already been checked
+				 * (see tcp_inbound_ao_hash()).
+				 */
+				break;
+#endif
 			case TCPOPT_FASTOPEN:
 				tcp_parse_fastopen_option(
 					opsize - TCPOLEN_FASTOPEN_BASE,
author	Kuniyuki Iwashima <[email protected]>	2024-07-02 20:35:08 -0700
committer	Paolo Abeni <[email protected]>	2024-07-04 11:56:12 +0200
commit	4b74726c01b7a0b5e1029e1e9247fd81590da726 (patch)
tree	61acac47111feb419d2b48c0a20e86925cc6f4e8
parent	aa09b7e0c12e8d7a5e098fa8a45015beb00f5c20 (diff)