net/tcp: Sign SYN-ACK segments with TCP-AO

Similarly to RST segments, wire SYN-ACKs to TCP-AO. tcp_rsk_used_ao() is handy here to check if the request socket used AO and needs a signature on the outgoing segments. Co-developed-by: Francesco Ruggeri <fruggeri@arista.com> Signed-off-by: Francesco Ruggeri <fruggeri@arista.com> Co-developed-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Dmitry Safonov <dima@arista.com> Acked-by: David Ahern <dsahern@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Dmitry Safonov <dima@arista.com> 2023-10-23 20:22:03 +0100
committer: David S. Miller <davem@davemloft.net> 2023-10-27 10:35:45 +0100
commit: 9427c6aa3ec92f66b3d38f5d5f7af6b94b648a66 (patch)
tree: 8be6f14d20cbef124e5b570e4a78bc9a0c9ba8fd /include/net/tcp.h
parent: 06b22ef29591f625ef877ae00d82192938e29e60 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/tcp.h b/include/net/tcp.h
index d0bea102b523..c7f80cc94d71 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -2221,6 +2221,9 @@ struct tcp_request_sock_ops {
 					struct request_sock *req,
 					int sndid, int rcvid);
 	int (*ao_calc_key)(struct tcp_ao_key *mkt, u8 *key, struct request_sock *sk);
+	int (*ao_synack_hash)(char *ao_hash, struct tcp_ao_key *mkt,
+			      struct request_sock *req, const struct sk_buff *skb,
+			      int hash_offset, u32 sne);
 #endif
 #ifdef CONFIG_SYN_COOKIES
 	__u32 (*cookie_init_seq)(const struct sk_buff *skb,
author	Dmitry Safonov <dima@arista.com>	2023-10-23 20:22:03 +0100
committer	David S. Miller <davem@davemloft.net>	2023-10-27 10:35:45 +0100
commit	9427c6aa3ec92f66b3d38f5d5f7af6b94b648a66 (patch)
tree	8be6f14d20cbef124e5b570e4a78bc9a0c9ba8fd /include/net/tcp.h
parent	06b22ef29591f625ef877ae00d82192938e29e60 (diff)