{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":55075936,"defaultBranch":"master","name":"linux","ownerLogin":"0x7f454c46","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2016-03-30T15:45:16.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/8302449?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1726693977.0","currentOid":""},"activityList":{"items":[{"before":null,"after":"49d4c4a7f0eab37511b30ef300d86e8746624e4e","ref":"refs/heads/tmp/netns-test","pushedAt":"2024-09-18T21:12:57.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"tmp: an ugly test for socket in foreign net namespace\n\nSigned-off-by: Dmitry Safonov <0x7f454c46@gmail.com>","shortMessageHtmlLink":"tmp: an ugly test for socket in foreign net namespace"}},{"before":"98b1cc82c4affc16f5598d4fa14b1858671b2263","after":"4a39ac5b7d62679c07a3e3d12b0f6982377d8a7d","ref":"refs/heads/master","pushedAt":"2024-09-18T21:12:43.000Z","pushType":"push","commitsCount":10000,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"Merge tag 'random-6.12-rc1-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random\n\nPull random number generator updates from Jason Donenfeld:\n \"Originally I'd planned on sending each of the vDSO getrandom()\n  architecture ports to their respective arch trees. But as we started\n  to work on this, we found lots of interesting issues in the shared\n  code and infrastructure, the fixes for which the various archs needed\n  to base their work.\n\n  So in the end, this turned into a nice collaborative effort fixing up\n  issues and porting to 5 new architectures -- arm64, powerpc64,\n  powerpc32, s390x, and loongarch64 -- with everybody pitching in and\n  commenting on each other's code. It was a fun development cycle.\n\n  This contains:\n\n   - Numerous fixups to the vDSO selftest infrastructure, getting it\n     running successfully on more platforms, and fixing bugs in it.\n\n   - Additions to the vDSO getrandom & chacha selftests. Basically every\n     time manual review unearthed a bug in a revision of an arch patch,\n     or an ambiguity, the tests were augmented.\n\n     By the time the last arch was submitted for review, s390x, v1 of\n     the series was essentially fine right out of the gate.\n\n   - Fixes to the the generic C implementation of vDSO getrandom, to\n     build and run successfully on all archs, decoupling it from\n     assumptions we had (unintentionally) made on x86_64 that didn't\n     carry through to the other architectures.\n\n   - Port of vDSO getrandom to LoongArch64, from Xi Ruoyao and acked by\n     Huacai Chen.\n\n   - Port of vDSO getrandom to ARM64, from Adhemerval Zanella and acked\n     by Will Deacon.\n\n   - Port of vDSO getrandom to PowerPC, in both 32-bit and 64-bit\n     varieties, from Christophe Leroy and acked by Michael Ellerman.\n\n   - Port of vDSO getrandom to S390X from Heiko Carstens, the arch\n     maintainer.\n\n  While it'd be natural for there to be things to fix up over the course\n  of the development cycle, these patches got a decent amount of review\n  from a fairly diverse crew of folks on the mailing lists, and, for the\n  most part, they've been cooking in linux-next, which has been helpful\n  for ironing out build issues.\n\n  In terms of architectures, I think that mostly takes care of the\n  important 64-bit archs with hardware still being produced and running\n  production loads in settings where vDSO getrandom is likely to help.\n\n  Arguably there's still RISC-V left, and we'll see for 6.13 whether\n  they find it useful and submit a port\"\n\n* tag 'random-6.12-rc1-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random: (47 commits)\n  selftests: vDSO: check cpu caps before running chacha test\n  s390/vdso: Wire up getrandom() vdso implementation\n  s390/vdso: Move vdso symbol handling to separate header file\n  s390/vdso: Allow alternatives in vdso code\n  s390/module: Provide find_section() helper\n  s390/facility: Let test_facility() generate static branch if possible\n  s390/alternatives: Remove ALT_FACILITY_EARLY\n  s390/facility: Disable compile time optimization for decompressor code\n  selftests: vDSO: fix vdso_config for s390\n  selftests: vDSO: fix ELF hash table entry size for s390x\n  powerpc/vdso: Wire up getrandom() vDSO implementation on VDSO64\n  powerpc/vdso: Wire up getrandom() vDSO implementation on VDSO32\n  powerpc/vdso: Refactor CFLAGS for CVDSO build\n  powerpc/vdso32: Add crtsavres\n  mm: Define VM_DROPPABLE for powerpc/32\n  powerpc/vdso: Fix VDSO data access when running in a non-root time namespace\n  selftests: vDSO: don't include generated headers for chacha test\n  arm64: vDSO: Wire up getrandom() vDSO implementation\n  arm64: alternative: make alternative_has_cap_likely() VDSO compatible\n  selftests: vDSO: also test counter in vdso_test_chacha\n  ...","shortMessageHtmlLink":"Merge tag 'random-6.12-rc1-for-linus' of git://git.kernel.org/pub/scm…"}},{"before":"91789ef6cc67aa6e850822e4035d6cd12f9e8177","after":"85dc9bc676985d81f9043fd9c3a506f30851597b","ref":"refs/heads/tcp-ao-selftests-v1","pushedAt":"2023-12-15T02:28:17.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"selftests/net: Add TCP-AO key-management test\n\nCheck multiple keys on a socket:\n- rotation on closed socket\n- current/rnext operations shouldn't be possible on listen sockets\n- current/rnext key set should be the one, that's used on connect()\n- key rotations with pseudo-random generated keys\n- copying matching keys on connect() and on accept()\n\nAt this moment there are 3 tests that are \"expected\" to fail: a kernel\nfix is needed to improve the situation, they are marked XFAIL.\n\nSample output:\n> # ./key-management_ipv4\n> 1..120\n> # 1601[lib/setup.c:239] rand seed 1700526653\n> TAP version 13\n> ok 1 closed socket, delete a key: the key was deleted\n> ok 2 closed socket, delete all keys: the key was deleted\n> ok 3 closed socket, delete current key: key deletion was prevented\n> ok 4 closed socket, delete rnext key: key deletion was prevented\n> ok 5 closed socket, delete a key + set current/rnext: the key was deleted\n> ok 6 closed socket, force-delete current key: the key was deleted\n> ok 7 closed socket, force-delete rnext key: the key was deleted\n> ok 8 closed socket, delete current+rnext key: key deletion was prevented\n> ok 9 closed socket, add + change current key\n> ok 10 closed socket, add + change rnext key\n> ok 11 listen socket, delete a key: the key was deleted\n> ok 12 listen socket, delete all keys: the key was deleted\n> ok 13 listen socket, setting current key not allowed\n> ok 14 listen socket, setting rnext key not allowed\n> ok 15 # XFAIL listen() after current/rnext keys set: the socket has current/rnext keys: 100:200\n> ok 16 # XFAIL listen socket, delete current key from before listen(): failed to delete the key 100:100 -16\n> ok 17 # XFAIL listen socket, delete rnext key from before listen(): failed to delete the key 200:200 -16\n> ok 18 listen socket, getsockopt(TCP_AO_REPAIR) is restricted\n> ok 19 listen socket, setsockopt(TCP_AO_REPAIR) is restricted\n> ok 20 listen socket, delete a key + set current/rnext: key deletion was prevented\n> ok 21 listen socket, force-delete current key: key deletion was prevented\n> ok 22 listen socket, force-delete rnext key: key deletion was prevented\n> ok 23 listen socket, delete a key: the key was deleted\n> ok 24 listen socket, add + change current key\n> ok 25 listen socket, add + change rnext key\n> ok 26 server: Check current/rnext keys unset before connect(): The socket keys are consistent with the expectations\n> ok 27 client: Check current/rnext keys unset before connect(): current key 19 as expected\n> ok 28 client: Check current/rnext keys unset before connect(): rnext key 146 as expected\n> ok 29 server: Check current/rnext keys unset before connect(): server alive\n> ok 30 server: Check current/rnext keys unset before connect(): passed counters checks\n> ok 31 client: Check current/rnext keys unset before connect(): The socket keys are consistent with the expectations\n> ok 32 server: Check current/rnext keys unset before connect(): The socket keys are consistent with the expectations\n> ok 33 server: Check current/rnext keys unset before connect(): passed counters checks\n> ok 34 client: Check current/rnext keys unset before connect(): passed counters checks\n> ok 35 server: Check current/rnext keys set before connect(): The socket keys are consistent with the expectations\n> ok 36 server: Check current/rnext keys set before connect(): server alive\n> ok 37 server: Check current/rnext keys set before connect(): passed counters checks\n> ok 38 client: Check current/rnext keys set before connect(): current key 10 as expected\n> ok 39 client: Check current/rnext keys set before connect(): rnext key 137 as expected\n> ok 40 server: Check current/rnext keys set before connect(): The socket keys are consistent with the expectations\n> ok 41 client: Check current/rnext keys set before connect(): The socket keys are consistent with the expectations\n> ok 42 client: Check current/rnext keys set before connect(): passed counters checks\n> ok 43 server: Check current/rnext keys set before connect(): passed counters checks\n> ok 44 server: Check current != rnext keys set before connect(): The socket keys are consistent with the expectations\n> ok 45 server: Check current != rnext keys set before connect(): server alive\n> ok 46 server: Check current != rnext keys set before connect(): passed counters checks\n> ok 47 client: Check current != rnext keys set before connect(): current key 10 as expected\n> ok 48 client: Check current != rnext keys set before connect(): rnext key 132 as expected\n> ok 49 server: Check current != rnext keys set before connect(): The socket keys are consistent with the expectations\n> ok 50 client: Check current != rnext keys set before connect(): The socket keys are consistent with the expectations\n> ok 51 client: Check current != rnext keys set before connect(): passed counters checks\n> ok 52 server: Check current != rnext keys set before connect(): passed counters checks\n> ok 53 server: Check current flapping back on peer's RnextKey request: The socket keys are consistent with the expectations\n> ok 54 server: Check current flapping back on peer's RnextKey request: server alive\n> ok 55 server: Check current flapping back on peer's RnextKey request: passed counters checks\n> ok 56 client: Check current flapping back on peer's RnextKey request: current key 10 as expected\n> ok 57 client: Check current flapping back on peer's RnextKey request: rnext key 132 as expected\n> ok 58 server: Check current flapping back on peer's RnextKey request: The socket keys are consistent with the expectations\n> ok 59 client: Check current flapping back on peer's RnextKey request: The socket keys are consistent with the expectations\n> ok 60 server: Check current flapping back on peer's RnextKey request: passed counters checks\n> ok 61 client: Check current flapping back on peer's RnextKey request: passed counters checks\n> ok 62 server: Rotate over all different keys: The socket keys are consistent with the expectations\n> ok 63 server: Rotate over all different keys: server alive\n> ok 64 server: Rotate over all different keys: passed counters checks\n> ok 65 server: Rotate over all different keys: current key 128 as expected\n> ok 66 client: Rotate over all different keys: rnext key 128 as expected\n> ok 67 server: Rotate over all different keys: current key 129 as expected\n> ok 68 client: Rotate over all different keys: rnext key 129 as expected\n> ok 69 server: Rotate over all different keys: current key 130 as expected\n> ok 70 client: Rotate over all different keys: rnext key 130 as expected\n> ok 71 server: Rotate over all different keys: current key 131 as expected\n> ok 72 client: Rotate over all different keys: rnext key 131 as expected\n> ok 73 server: Rotate over all different keys: current key 132 as expected\n> ok 74 client: Rotate over all different keys: rnext key 132 as expected\n> ok 75 server: Rotate over all different keys: current key 133 as expected\n> ok 76 client: Rotate over all different keys: rnext key 133 as expected\n> ok 77 server: Rotate over all different keys: current key 134 as expected\n> ok 78 client: Rotate over all different keys: rnext key 134 as expected\n> ok 79 server: Rotate over all different keys: current key 135 as expected\n> ok 80 client: Rotate over all different keys: rnext key 135 as expected\n> ok 81 server: Rotate over all different keys: current key 136 as expected\n> ok 82 client: Rotate over all different keys: rnext key 136 as expected\n> ok 83 server: Rotate over all different keys: current key 137 as expected\n> ok 84 client: Rotate over all different keys: rnext key 137 as expected\n> ok 85 server: Rotate over all different keys: current key 138 as expected\n> ok 86 client: Rotate over all different keys: rnext key 138 as expected\n> ok 87 server: Rotate over all different keys: current key 139 as expected\n> ok 88 client: Rotate over all different keys: rnext key 139 as expected\n> ok 89 server: Rotate over all different keys: current key 140 as expected\n> ok 90 client: Rotate over all different keys: rnext key 140 as expected\n> ok 91 server: Rotate over all different keys: current key 141 as expected\n> ok 92 client: Rotate over all different keys: rnext key 141 as expected\n> ok 93 server: Rotate over all different keys: current key 142 as expected\n> ok 94 client: Rotate over all different keys: rnext key 142 as expected\n> ok 95 server: Rotate over all different keys: current key 143 as expected\n> ok 96 client: Rotate over all different keys: rnext key 143 as expected\n> ok 97 server: Rotate over all different keys: current key 144 as expected\n> ok 98 client: Rotate over all different keys: rnext key 144 as expected\n> ok 99 server: Rotate over all different keys: current key 145 as expected\n> ok 100 client: Rotate over all different keys: rnext key 145 as expected\n> ok 101 server: Rotate over all different keys: current key 146 as expected\n> ok 102 client: Rotate over all different keys: rnext key 146 as expected\n> ok 103 server: Rotate over all different keys: current key 127 as expected\n> ok 104 client: Rotate over all different keys: rnext key 127 as expected\n> ok 105 client: Rotate over all different keys: current key 0 as expected\n> ok 106 client: Rotate over all different keys: rnext key 127 as expected\n> ok 107 server: Rotate over all different keys: The socket keys are consistent with the expectations\n> ok 108 client: Rotate over all different keys: The socket keys are consistent with the expectations\n> ok 109 client: Rotate over all different keys: passed counters checks\n> ok 110 server: Rotate over all different keys: passed counters checks\n> ok 111 server: Check accept() => established key matching: The socket keys are consistent with the expectations\n> ok 112 Can't add a key with non-matching ip-address for established sk\n> ok 113 Can't add a key with non-matching VRF for established sk\n> ok 114 server: Check accept() => established key matching: server alive\n> ok 115 server: Check accept() => established key matching: passed counters checks\n> ok 116 client: Check connect() => established key matching: current key 0 as expected\n> ok 117 client: Check connect() => established key matching: rnext key 128 as expected\n> ok 118 client: Check connect() => established key matching: The socket keys are consistent with the expectations\n> ok 119 server: Check accept() => established key matching: The socket keys are consistent with the expectations\n> ok 120 server: Check accept() => established key matching: passed counters checks\n> # Totals: pass:120 fail:0 xfail:0 xpass:0 skip:0 error:0\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"selftests/net: Add TCP-AO key-management test"}},{"before":null,"after":"91789ef6cc67aa6e850822e4035d6cd12f9e8177","ref":"refs/heads/tcp-ao-selftests-v1","pushedAt":"2023-12-15T02:28:01.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"selftests/net: Add TCP-AO tests\n\nHi,\n\nAn essential part of any big kernel submissions is selftests.\nAt the beginning of TCP-AO project, I made patches to fcnal-test.sh\nand nettest.c to have the benefits of easy refactoring, early noticing\nbreakages, putting a moat around the code, documenting\nand designing uAPI.\n\nWhile tests based on fcnal-test.sh/nettest.c provided initial testing*\nand were very easy to add, the pile of TCP-AO quickly grew out of\none-binary + shell-script testing.\n\nThe design of the TCP-AO testing is a bit different than one-big\nselftest binary as I did previously in net/ipsec.c. I found it\nbeneficial to avoid implementing a tests runner/scheduler and delegate\nit to the user or Makefile. The approach is very influenced\nby CRIU/ZDTM testing[1]: it provides a static library with helper\nfunctions and selftest binaries that create specific scenarios.\nI also tried to utilize kselftest.h.\n\ntest_init() function does all needed preparations. To not leave\nany traces after a selftest exists, it creates a network namespace\nand if the test wants to establish a TCP connection, a child netns.\nThe parent and child netns have veth pair with proper ip addresses\nand routes set up. Both peers, the client and server are different\npthreads. The treading model was chosen over forking mostly by easiness\nof cleanup on a failure: no need to search for children, handle SIGCHLD,\nmake sure not to wait for a dead peer to perform anything, etc.\nAny thread that does exit() naturally kills the tests, sweet!\nThe selftests are compiled currently in two variants: ipv4 and ipv6.\nIpv4-mapped-ipv6 addresses might be a third variant to add, but it's not\nthere in this version. As pretty much all tests are shared between two\naddress families, most of the code can be shared, too. To differ in code\nwhat kind of test is running, Makefile supplies -DIPV6_TEST to compiler\nand ifdeffery in tests can do things that have to be different between\naddress families. This is similar to TARGETS_C_BOTHBITS in x86 selftests\nand also to tests code sharing in CRIU/ZDTM.\n\nThe total number of tests is 832.\nFrom them rst_ipv{4,6} has currently one flaky subtest, that may fail:\n> not ok 9 client connection was not reset: 0\nI'll investigate what happens there. Also, unsigned-md5_ipv{4,6}\nare flaky because of netns counter checks: it doesn't expect that\nthere may be retransmitted TCP segments from a previous sub-selftest.\nThat will be fixed. Besides, key-management_ipv{4,6} has 3 sub-tests\npassing with XFAIL:\n> ok 15 # XFAIL listen() after current/rnext keys set: the socket has current/rnext keys: 100:200\n> ok 16 # XFAIL listen socket, delete current key from before listen(): failed to delete the key 100:100 -16\n> ok 17 # XFAIL listen socket, delete rnext key from before listen(): failed to delete the key 200:200 -16\n...\n> # Totals: pass:117 fail:0 xfail:3 xpass:0 skip:0 error:0\nThose need some more kernel work to pass instead of xfail.\n\nThe overview of selftests (see the diffstat at the bottom):\n├── lib\n│   ├── aolib.h\n│   │   The header for all selftests to include.\n│   ├── kconfig.c\n│   │   Kernel kconfig detector to SKIP tests that depend on something.\n│   ├── netlink.c\n│   │   Netlink helper to add/modify/delete VETH/IPs/routes/VRFs\n│   │   I considered just using libmnl, but this is around 400 lines\n│   │   and avoids selftests dependency on out-of-tree sources/packets.\n│   ├── proc.c\n│   │   SNMP/netstat procfs parser and the counters comparator.\n│   ├── repair.c\n│   │   Heavily influenced by libsoccr and reduced to minimum TCP\n│   │   socket checkpoint/repair. Shouldn't be used out of selftests,\n│   │   though.\n│   ├── setup.c\n│   │   All the needed netns/veth/ips/etc preparations for test init.\n│   ├── sock.c\n│   │   Socket helpers: {s,g}etsockopt()s/connect()/listen()/etc.\n│   └── utils.c\n│       Random stuff (a pun intended).\n├── bench-lookups.c\n│   The only benchmark in selftests currently: checks how well TCP-AO\n│   setsockopt()s perform, depending on the amount of keys on a socket.\n├── connect.c\n│   Trivial sample, can be used as a boilerplate to write a new test.\n├── connect-deny.c\n│   More-or-less what could be expected for TCP-AO in fcnal-test.sh\n├── icmps-accept.c -> icmps-discard.c\n├── icmps-discard.c\n│   Verifies RFC5925 (7.8) by checking that TCP-AO connection can be\n│   broken if ICMPs are accepted and survives when ::accept_icmps = 0\n├── key-management.c\n│   Key manipulations, rotations between randomized hashing algorithms\n│   and counter checks for those scenarios.\n├── restore.c\n│   TCP_AO_REPAIR: verifies that a socket can be re-created without\n│   TCP-AO connection being interrupted.\n├── rst.c\n│   As RST segments are signed on a separate code-path in kernel,\n│   verifies passive/active TCP send_reset().\n├── self-connect.c\n│   Verifies that TCP self-connect and also simultaneous open work.\n├── seq-ext.c\n│   Utilizes TCP_AO_REPAIR to check that on SEQ roll-over SNE\n│   increment is performed and segments with different SNEs fail to\n│   pass verification.\n├── setsockopt-closed.c\n│   Checks that {s,g}etsockopt()s are extendable syscalls and common\n│   error-paths for them.\n└── unsigned-md5.c\n    Checks listen() socket for (non-)matching peers with: AO/MD5/none\n    keys. As well as their interaction with VRFs and AO_REQUIRED flag.\n\nThere are certainly more test scenarios that can be added, but even so,\nI'm pretty happy that this much of TCP-AO functionality and uAPIs got\ncovered. These selftests were iteratively developed by me during TCP-AO\nkernel upstreaming and the resulting kernel patches would have been\nworse without having these tests. They provided the user-side\nperspective but also allowed safer refactoring with less possibility\nof introducing a regression. Now it's time to use them to dig\na moat around the TCP-AO code!\n\nThere are also people from other network companies that work on TCP-AO\n(+testing), so sharing these selftests will allow them to contribute\nand may benefit from their efforts.\n\n* Planning to submit basic TCP-AO tests to fcnal-test.sh/nettest.c\n  separately.\n\n[1]: https://github.com/checkpoint-restore/criu/tree/criu-dev/test/zdtm/static\n\nTo: Shuah Khan <shuah@kernel.org>\nTo: David Ahern <dsahern@kernel.org>\nTo: David S. Miller <davem@davemloft.net>\nTo: Eric Dumazet <edumazet@google.com>\nTo: Jakub Kicinski <kuba@kernel.org>\nTo: Paolo Abeni <pabeni@redhat.com>\nCc: Salam Noureddine <noureddine@arista.com>\nCc: Bob Gilligan <gilligan@arista.com>\nCc:  <linux-kernel@vger.kernel.org>\nCc:  <linux-kselftest@vger.kernel.org>\nCc:  <netdev@vger.kernel.org>\nSigned-off-by: Dmitry Safonov <dima@arista.com>\n\n--- b4-submit-tracking ---\n# This section is used internally by b4 prep for tracking purposes.\n{\n  \"series\": {\n    \"revision\": 1,\n    \"change-id\": \"20231213-tcp-ao-selftests-d0f323006667\",\n    \"prefixes\": [],\n    \"base-branch\": \"master\"\n  }\n}","shortMessageHtmlLink":"selftests/net: Add TCP-AO tests"}},{"before":"494ae1112039050de9c922984c0952a3a49106f9","after":"13504cef7e321700d930e9c005db6759c21981a3","ref":"refs/heads/tcp-ao-post-merge-v5","pushedAt":"2023-12-04T18:56:50.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"net/tcp: Don't store TCP-AO maclen on reqsk\n\nThis extra check doesn't work for a handshake when SYN segment has\n(current_key.maclen != rnext_key.maclen). It could be amended to\npreserve rnext_key.maclen instead of current_key.maclen, but that\nrequires a lookup on listen socket.\n\nOriginally, this extra maclen check was introduced just because it was\ncheap. Drop it and convert tcp_request_sock::maclen into boolean\ntcp_request_sock::used_tcp_ao.\n\nFixes: 06b22ef29591 (\"net/tcp: Wire TCP-AO to request sockets\")\nSigned-off-by: Dmitry Safonov <dima@arista.com>\nReviewed-by: Eric Dumazet <edumazet@google.com>","shortMessageHtmlLink":"net/tcp: Don't store TCP-AO maclen on reqsk"}},{"before":null,"after":"494ae1112039050de9c922984c0952a3a49106f9","ref":"refs/heads/tcp-ao-post-merge-v5","pushedAt":"2023-12-04T18:56:35.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"cover-letter\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"cover-letter"}},{"before":"c0f222bced5529385a3bc7c7ab51bec415179721","after":"adb1a6e8d2034c1e17b6a84a512c71aa4c41c1d2","ref":"refs/heads/tcp-ao-post-merge-v4","pushedAt":"2023-11-29T16:54:18.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"net/tcp: Don't store TCP-AO maclen on reqsk\n\nThis extra check doesn't work for a handshake when SYN segment has\n(current_key.maclen != rnext_key.maclen). It could be amended to\npreserve rnext_key.maclen instead of current_key.maclen, but that\nrequires a lookup on listen socket.\n\nOriginally, this extra maclen check was introduced just because it was\ncheap. Drop it and convert tcp_request_sock::maclen into boolean\ntcp_request_sock::used_tcp_ao.\n\nFixes: 06b22ef29591 (\"net/tcp: Wire TCP-AO to request sockets\")\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"net/tcp: Don't store TCP-AO maclen on reqsk"}},{"before":null,"after":"c0f222bced5529385a3bc7c7ab51bec415179721","ref":"refs/heads/tcp-ao-post-merge-v4","pushedAt":"2023-11-29T16:53:49.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"cover-letter\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"cover-letter"}},{"before":"4978eb3bfba7289790e88e6ca25156c913ddc169","after":"822e6f2d14a1e1de98835fcc3940c04d28582656","ref":"refs/heads/tcp-ao-post-merge-v3","pushedAt":"2023-11-28T18:53:42.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"net/tcp: Don't store TCP-AO maclen on reqsk\n\nThis extra check doesn't work for a handshake when SYN segment has\n(current_key.maclen != rnext_key.maclen). It could be amended to\npreserve rnext_key.maclen instead of current_key.maclen, but that\nrequires a lookup on listen socket.\n\nOriginally, this extra maclen check was introduced just because it was\ncheap. Drop it and convert tcp_request_sock::maclen into boolean\ntcp_request_sock::used_tcp_ao.\n\nFixes: 06b22ef29591 (\"net/tcp: Wire TCP-AO to request sockets\")\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"net/tcp: Don't store TCP-AO maclen on reqsk"}},{"before":null,"after":"4978eb3bfba7289790e88e6ca25156c913ddc169","ref":"refs/heads/tcp-ao-post-merge-v3","pushedAt":"2023-11-28T18:53:20.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"cover-letter\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"cover-letter"}},{"before":"bb2492e9386a719954c2204f3679a0b6e590b553","after":"c5e4cecfcdc7f996acae740812d9ab2ebcd90517","ref":"refs/heads/tcp-ao-post-merge-v2","pushedAt":"2023-11-24T00:17:23.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"net/tcp: Don't store TCP-AO maclen on reqsk\n\nThis extra check doesn't work for a handshake when SYN segment has\n(current_key.maclen != rnext_key.maclen). It could be amended to\npreserve rnext_key.maclen instead of current_key.maclen, but that\nrequires a lookup on listen socket.\n\nOriginally, this extra maclen check was introduced just because it was\ncheap. Drop it and convert tcp_request_sock::maclen into boolean\ntcp_request_sock::used_tcp_ao.\n\nFixes: 06b22ef29591 (\"net/tcp: Wire TCP-AO to request sockets\")\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"net/tcp: Don't store TCP-AO maclen on reqsk"}},{"before":null,"after":"bb2492e9386a719954c2204f3679a0b6e590b553","ref":"refs/heads/tcp-ao-post-merge-v2","pushedAt":"2023-11-24T00:14:13.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"cover-letter\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"cover-letter"}},{"before":null,"after":"1f39f9bd0e6896d49c67ceafad2aa792242a8820","ref":"refs/heads/tcp-ao-selftests","pushedAt":"2023-11-21T02:24:06.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"selftests/fcnal-test.sh: Add TCP-AO VRFs tests\n\nThis is mostly copy'n'paste of TCP-MD5 VRF tests.\nProbably, it would be better to have a common helper function that\ndepending on argument does TCP-AO or TCP-MD5.\n\nSample output:\nTEST: TCP-AO: VRF: Single address config                                      [ OK ]\nTEST: TCP-AO: VRF: Server no config, client uses password                     [ OK ]\nTEST: TCP-AO: VRF: Client uses wrong password                                 [ OK ]\nTEST: TCP-AO: VRF: Client address does not match address configured with password  [ OK ]\nTEST: TCP-AO: VRF: Prefix config                                              [ OK ]\nTEST: TCP-AO: VRF: Prefix config, client uses wrong password                  [ OK ]\nTEST: TCP-AO: VRF: Prefix config, client address not in configured prefix     [ OK ]\nTEST: TCP-AO: Different key ids                                               [ OK ]\nTEST: TCP-AO: Wrong keyid                                                     [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in VRF  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in default VRF  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in VRF          [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in default VRF  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Device must be a VRF - single address                      [ OK ]\nTEST: TCP-AO: VRF: Device must be a VRF - prefix                              [ OK ]\nTEST: TCP-AO: VRF: VRF-bound server, unbound key accepts connection           [ OK ]\nTEST: TCP-AO: VRF: VRF-bound server, bound key accepts connection             [ OK ]\nSYSCTL: net.ipv4.tcp_l3mdev_accept=1\n\nTEST: TCP-AO: VRF: Global server, Key bound to ifindex=0 rejects VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key not bound to ifindex accepts VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key not bound to ifindex accepts non-VRF connection  [ OK ]\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"selftests/fcnal-test.sh: Add TCP-AO VRFs tests"}},{"before":"ff29f4a38d0cf8c9a86f29aeaeffacdb6b0985cb","after":"4555b5b8d11f4d19ef32a761e2d87dd378e9a435","ref":"refs/heads/tcp-ao-post-merge","pushedAt":"2023-11-21T01:50:41.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"net/tcp: Don't store TCP-AO maclen on reqsk\n\nThis extra check doesn't work for a handshake when SYN segment has\n(current_key.maclen != rnext_key.maclen). It could be amended to\npreserve rnext_key.maclen instead of current_key.maclen, but that\nrequires a lookup on listen socket.\n\nOriginally, this extra maclen check was introduced just because it was\ncheap. Drop it and convert tcp_request_sock::maclen into boolean\ntcp_request_sock::used_tcp_ao.\n\nFixes: 06b22ef29591 (\"net/tcp: Wire TCP-AO to request sockets\")\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"net/tcp: Don't store TCP-AO maclen on reqsk"}},{"before":"47a2ee5d4a0bda05decdda7be0a77e792cdb09a3","after":"98b1cc82c4affc16f5598d4fa14b1858671b2263","ref":"refs/heads/master","pushedAt":"2023-11-21T01:50:30.000Z","pushType":"push","commitsCount":10000,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"Linux 6.7-rc2","shortMessageHtmlLink":"Linux 6.7-rc2"}},{"before":null,"after":"ff29f4a38d0cf8c9a86f29aeaeffacdb6b0985cb","ref":"refs/heads/tcp-ao-post-merge","pushedAt":"2023-11-21T01:50:21.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"cover-letter\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"cover-letter"}},{"before":"47e0e05cf47bb87793057053959bac633e03d264","after":"8e2a1cc7d911be89d98eb2f5cc7326708ebf7727","ref":"refs/heads/tcp-ao-v16-with-selftests","pushedAt":"2023-10-23T19:15:28.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"selftests/fcnal-test.sh: Add TCP-AO VRFs tests\n\nThis is mostly copy'n'paste of TCP-MD5 VRF tests.\nProbably, it would be better to have a common helper function that\ndepending on argument does TCP-AO or TCP-MD5.\n\nSample output:\nTEST: TCP-AO: VRF: Single address config                                      [ OK ]\nTEST: TCP-AO: VRF: Server no config, client uses password                     [ OK ]\nTEST: TCP-AO: VRF: Client uses wrong password                                 [ OK ]\nTEST: TCP-AO: VRF: Client address does not match address configured with password  [ OK ]\nTEST: TCP-AO: VRF: Prefix config                                              [ OK ]\nTEST: TCP-AO: VRF: Prefix config, client uses wrong password                  [ OK ]\nTEST: TCP-AO: VRF: Prefix config, client address not in configured prefix     [ OK ]\nTEST: TCP-AO: Different key ids                                               [ OK ]\nTEST: TCP-AO: Wrong keyid                                                     [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in VRF  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in default VRF  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in VRF          [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in default VRF  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Device must be a VRF - single address                      [ OK ]\nTEST: TCP-AO: VRF: Device must be a VRF - prefix                              [ OK ]\nTEST: TCP-AO: VRF: VRF-bound server, unbound key accepts connection           [ OK ]\nTEST: TCP-AO: VRF: VRF-bound server, bound key accepts connection             [ OK ]\nSYSCTL: net.ipv4.tcp_l3mdev_accept=1\n\nTEST: TCP-AO: VRF: Global server, Key bound to ifindex=0 rejects VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key not bound to ifindex accepts VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key not bound to ifindex accepts non-VRF connection  [ OK ]\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"selftests/fcnal-test.sh: Add TCP-AO VRFs tests"}},{"before":"47e0e05cf47bb87793057053959bac633e03d264","after":"4d4eb816c47537ba31912dd5c8d7a68a69694fc6","ref":"refs/heads/tcp-ao-v16","pushedAt":"2023-10-23T19:15:15.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"Documentation/tcp: Add TCP-AO documentation\n\nIt has Frequently Asked Questions (FAQ) on RFC 5925 - I found it very\nuseful answering those before writing the actual code. It provides answers\nto common questions that arise on a quick read of the RFC, as well as how\nthey were answered. There's also comparison to TCP-MD5 option,\nevaluation of per-socket vs in-kernel-DB approaches and description of\nuAPI provided.\n\nHopefully, it will be as useful for reviewing the code as it was for writing.\n\nCc: Jonathan Corbet <corbet@lwn.net>\nCc: linux-doc@vger.kernel.org\nSigned-off-by: Dmitry Safonov <dima@arista.com>\nAcked-by: David Ahern <dsahern@kernel.org>","shortMessageHtmlLink":"Documentation/tcp: Add TCP-AO documentation"}},{"before":null,"after":"47e0e05cf47bb87793057053959bac633e03d264","ref":"refs/heads/tcp-ao-v16","pushedAt":"2023-10-23T19:14:48.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"Add the cover letter\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"Add the cover letter"}},{"before":null,"after":"47e0e05cf47bb87793057053959bac633e03d264","ref":"refs/heads/tcp-ao-v16-with-selftests","pushedAt":"2023-10-23T19:14:38.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"Add the cover letter\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"Add the cover letter"}},{"before":"6878e76c3c150b8440719757bf81217d462ca7fc","after":"b789cff736367232d02eaf52ede74890daf81baf","ref":"refs/heads/tcp-ao-v15-with-selftests","pushedAt":"2023-10-18T20:50:36.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"selftests/fcnal-test.sh: Add TCP-AO VRFs tests\n\nThis is mostly copy'n'paste of TCP-MD5 VRF tests.\nProbably, it would be better to have a common helper function that\ndepending on argument does TCP-AO or TCP-MD5.\n\nSample output:\nTEST: TCP-AO: VRF: Single address config                                      [ OK ]\nTEST: TCP-AO: VRF: Server no config, client uses password                     [ OK ]\nTEST: TCP-AO: VRF: Client uses wrong password                                 [ OK ]\nTEST: TCP-AO: VRF: Client address does not match address configured with password  [ OK ]\nTEST: TCP-AO: VRF: Prefix config                                              [ OK ]\nTEST: TCP-AO: VRF: Prefix config, client uses wrong password                  [ OK ]\nTEST: TCP-AO: VRF: Prefix config, client address not in configured prefix     [ OK ]\nTEST: TCP-AO: Different key ids                                               [ OK ]\nTEST: TCP-AO: Wrong keyid                                                     [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in VRF  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in default VRF  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in VRF          [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in default VRF  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Device must be a VRF - single address                      [ OK ]\nTEST: TCP-AO: VRF: Device must be a VRF - prefix                              [ OK ]\nTEST: TCP-AO: VRF: VRF-bound server, unbound key accepts connection           [ OK ]\nTEST: TCP-AO: VRF: VRF-bound server, bound key accepts connection             [ OK ]\nSYSCTL: net.ipv4.tcp_l3mdev_accept=1\n\nTEST: TCP-AO: VRF: Global server, Key bound to ifindex=0 rejects VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key not bound to ifindex accepts VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key not bound to ifindex accepts non-VRF connection  [ OK ]\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"selftests/fcnal-test.sh: Add TCP-AO VRFs tests"}},{"before":"6878e76c3c150b8440719757bf81217d462ca7fc","after":"70168f1d401f70f0a952f9738f62e45acba6ae9f","ref":"refs/heads/tcp-ao-v15","pushedAt":"2023-10-18T20:50:20.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"Documentation/tcp: Add TCP-AO documentation\n\nIt has Frequently Asked Questions (FAQ) on RFC 5925 - I found it very\nuseful answering those before writing the actual code. It provides answers\nto common questions that arise on a quick read of the RFC, as well as how\nthey were answered. There's also comparison to TCP-MD5 option,\nevaluation of per-socket vs in-kernel-DB approaches and description of\nuAPI provided.\n\nHopefully, it will be as useful for reviewing the code as it was for writing.\n\nCc: Jonathan Corbet <corbet@lwn.net>\nCc: linux-doc@vger.kernel.org\nSigned-off-by: Dmitry Safonov <dima@arista.com>\nAcked-by: David Ahern <dsahern@kernel.org>","shortMessageHtmlLink":"Documentation/tcp: Add TCP-AO documentation"}},{"before":null,"after":"6878e76c3c150b8440719757bf81217d462ca7fc","ref":"refs/heads/tcp-ao-v15-with-selftests","pushedAt":"2023-10-18T20:50:01.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"Add the cover letter\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"Add the cover letter"}},{"before":null,"after":"6878e76c3c150b8440719757bf81217d462ca7fc","ref":"refs/heads/tcp-ao-v15","pushedAt":"2023-10-18T20:49:49.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"Add the cover letter\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"Add the cover letter"}},{"before":"0472483142be091882c863ecb4256deb4386327e","after":"96bb042e9c02221dbb16a30fac36a445b080bd83","ref":"refs/heads/tcp-ao-v14-with-selftests","pushedAt":"2023-10-09T22:58:11.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"selftests/fcnal-test.sh: Add TCP-AO VRFs tests\n\nThis is mostly copy'n'paste of TCP-MD5 VRF tests.\nProbably, it would be better to have a common helper function that\ndepending on argument does TCP-AO or TCP-MD5.\n\nSample output:\nTEST: TCP-AO: VRF: Single address config                                      [ OK ]\nTEST: TCP-AO: VRF: Server no config, client uses password                     [ OK ]\nTEST: TCP-AO: VRF: Client uses wrong password                                 [ OK ]\nTEST: TCP-AO: VRF: Client address does not match address configured with password  [ OK ]\nTEST: TCP-AO: VRF: Prefix config                                              [ OK ]\nTEST: TCP-AO: VRF: Prefix config, client uses wrong password                  [ OK ]\nTEST: TCP-AO: VRF: Prefix config, client address not in configured prefix     [ OK ]\nTEST: TCP-AO: Different key ids                                               [ OK ]\nTEST: TCP-AO: Wrong keyid                                                     [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in VRF  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in default VRF  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in VRF          [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in default VRF  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Device must be a VRF - single address                      [ OK ]\nTEST: TCP-AO: VRF: Device must be a VRF - prefix                              [ OK ]\nTEST: TCP-AO: VRF: VRF-bound server, unbound key accepts connection           [ OK ]\nTEST: TCP-AO: VRF: VRF-bound server, bound key accepts connection             [ OK ]\nSYSCTL: net.ipv4.tcp_l3mdev_accept=1\n\nTEST: TCP-AO: VRF: Global server, Key bound to ifindex=0 rejects VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key not bound to ifindex accepts VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key not bound to ifindex accepts non-VRF connection  [ OK ]\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"selftests/fcnal-test.sh: Add TCP-AO VRFs tests"}},{"before":"0472483142be091882c863ecb4256deb4386327e","after":"e7b89a5efe68fc78ef8bc3be2bce60a9d35ac4be","ref":"refs/heads/tcp-ao-v14","pushedAt":"2023-10-09T22:57:57.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"Documentation/tcp: Add TCP-AO documentation\n\nIt has Frequently Asked Questions (FAQ) on RFC 5925 - I found it very\nuseful answering those before writing the actual code. It provides answers\nto common questions that arise on a quick read of the RFC, as well as how\nthey were answered. There's also comparison to TCP-MD5 option,\nevaluation of per-socket vs in-kernel-DB approaches and description of\nuAPI provided.\n\nHopefully, it will be as useful for reviewing the code as it was for writing.\n\nCc: Jonathan Corbet <corbet@lwn.net>\nCc: linux-doc@vger.kernel.org\nSigned-off-by: Dmitry Safonov <dima@arista.com>\nAcked-by: David Ahern <dsahern@kernel.org>","shortMessageHtmlLink":"Documentation/tcp: Add TCP-AO documentation"}},{"before":null,"after":"0472483142be091882c863ecb4256deb4386327e","ref":"refs/heads/tcp-ao-v14-with-selftests","pushedAt":"2023-10-09T22:57:35.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"Add the cover letter\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"Add the cover letter"}},{"before":null,"after":"0472483142be091882c863ecb4256deb4386327e","ref":"refs/heads/tcp-ao-v14","pushedAt":"2023-10-09T22:57:17.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"Add the cover letter\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"Add the cover letter"}},{"before":"0c9d15f7035f2fc162c712f30b9ed867a05d6451","after":"dfd8d1df4562cd7a3a94a5e813a902f66a312672","ref":"refs/heads/tcp-ao-v13","pushedAt":"2023-10-04T22:27:04.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"Documentation/tcp: Add TCP-AO documentation\n\nIt has Frequently Asked Questions (FAQ) on RFC 5925 - I found it very\nuseful answering those before writing the actual code. It provides answers\nto common questions that arise on a quick read of the RFC, as well as how\nthey were answered. There's also comparison to TCP-MD5 option,\nevaluation of per-socket vs in-kernel-DB approaches and description of\nuAPI provided.\n\nHopefully, it will be as useful for reviewing the code as it was for writing.\n\nCc: Jonathan Corbet <corbet@lwn.net>\nCc: linux-doc@vger.kernel.org\nSigned-off-by: Dmitry Safonov <dima@arista.com>\nAcked-by: David Ahern <dsahern@kernel.org>","shortMessageHtmlLink":"Documentation/tcp: Add TCP-AO documentation"}},{"before":"0c9d15f7035f2fc162c712f30b9ed867a05d6451","after":"26e8515eabf07be6aebe28e667952e40fe6c44b8","ref":"refs/heads/tcp-ao-v13-with-selftests","pushedAt":"2023-10-04T22:26:23.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"0x7f454c46","name":"Dmitry Safonov","path":"/0x7f454c46","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8302449?s=80&v=4"},"commit":{"message":"selftests/fcnal-test.sh: Add TCP-AO VRFs tests\n\nThis is mostly copy'n'paste of TCP-MD5 VRF tests.\nProbably, it would be better to have a common helper function that\ndepending on argument does TCP-AO or TCP-MD5.\n\nSample output:\nTEST: TCP-AO: VRF: Single address config                                      [ OK ]\nTEST: TCP-AO: VRF: Server no config, client uses password                     [ OK ]\nTEST: TCP-AO: VRF: Client uses wrong password                                 [ OK ]\nTEST: TCP-AO: VRF: Client address does not match address configured with password  [ OK ]\nTEST: TCP-AO: VRF: Prefix config                                              [ OK ]\nTEST: TCP-AO: VRF: Prefix config, client uses wrong password                  [ OK ]\nTEST: TCP-AO: VRF: Prefix config, client address not in configured prefix     [ OK ]\nTEST: TCP-AO: Different key ids                                               [ OK ]\nTEST: TCP-AO: Wrong keyid                                                     [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in VRF  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in default VRF  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in VRF          [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in default VRF  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw  [ OK ]\nTEST: TCP-AO: VRF: Device must be a VRF - single address                      [ OK ]\nTEST: TCP-AO: VRF: Device must be a VRF - prefix                              [ OK ]\nTEST: TCP-AO: VRF: VRF-bound server, unbound key accepts connection           [ OK ]\nTEST: TCP-AO: VRF: VRF-bound server, bound key accepts connection             [ OK ]\nSYSCTL: net.ipv4.tcp_l3mdev_accept=1\n\nTEST: TCP-AO: VRF: Global server, Key bound to ifindex=0 rejects VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key not bound to ifindex accepts VRF connection  [ OK ]\nTEST: TCP-AO: VRF: Global server, key not bound to ifindex accepts non-VRF connection  [ OK ]\n\nSigned-off-by: Dmitry Safonov <dima@arista.com>","shortMessageHtmlLink":"selftests/fcnal-test.sh: Add TCP-AO VRFs tests"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xOFQyMToxMjo1Ny4wMDAwMDBazwAAAAS6K0Zu","startCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xOFQyMToxMjo1Ny4wMDAwMDBazwAAAAS6K0Zu","endCursor":"Y3Vyc29yOnYyOpK7MjAyMy0xMC0wNFQyMjoyNjoyMy4wMDAwMDBazwAAAAOPqWEz"}},"title":"Activity · 0x7f454c46/linux"}