tcp: Don't flag tcp_sk(sk)->rx_opt.saw_unknown for TCP AO.

When we process segments with TCP AO, we don't check it in tcp_parse_options(). Thus, opt_rx->saw_unknown is set to 1, which unconditionally triggers the BPF TCP option parser. Let's avoid the unnecessary BPF invocation. Fixes: 0a3a809089eb ("net/tcp: Verify inbound TCP-AO signed segments") Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Acked-by: Dmitry Safonov <0x7f454c46@gmail.com> Link: https://patch.msgid.link/20240703033508.6321-1-kuniyu@amazon.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
author: Kuniyuki Iwashima <kuniyu@amazon.com> 2024-07-02 20:35:08 -0700
committer: Paolo Abeni <pabeni@redhat.com> 2024-07-04 11:56:12 +0200
commit: 4b74726c01b7a0b5e1029e1e9247fd81590da726 (patch)
tree: 61acac47111feb419d2b48c0a20e86925cc6f4e8
parent: aa09b7e0c12e8d7a5e098fa8a45015beb00f5c20 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index e67cbeeeb95b..77294fd5fd3e 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4224,6 +4224,13 @@ void tcp_parse_options(const struct net *net,
 				 */
 				break;
 #endif
+#ifdef CONFIG_TCP_AO
+			case TCPOPT_AO:
+				/* TCP AO has already been checked
+				 * (see tcp_inbound_ao_hash()).
+				 */
+				break;
+#endif
 			case TCPOPT_FASTOPEN:
 				tcp_parse_fastopen_option(
 					opsize - TCPOLEN_FASTOPEN_BASE,
author	Kuniyuki Iwashima <kuniyu@amazon.com>	2024-07-02 20:35:08 -0700
committer	Paolo Abeni <pabeni@redhat.com>	2024-07-04 11:56:12 +0200
commit	4b74726c01b7a0b5e1029e1e9247fd81590da726 (patch)
tree	61acac47111feb419d2b48c0a20e86925cc6f4e8
parent	aa09b7e0c12e8d7a5e098fa8a45015beb00f5c20 (diff)