----- On Jun 30, 2020, at 8:34 PM, Eric Dumazet eduma...@google.com wrote: > On Tue, Jun 30, 2020 at 5:27 PM Mathieu Desnoyers > <mathieu.desnoy...@efficios.com> wrote: >> >> ----- On Jun 30, 2020, at 7:50 PM, Eric Dumazet eduma...@google.com wrote: >> >> > On Tue, Jun 30, 2020 at 4:47 PM Mathieu Desnoyers >> > <mathieu.desnoy...@efficios.com> wrote: >> >> >> >> ----- On Jun 30, 2020, at 7:41 PM, Eric Dumazet eduma...@google.com wrote: >> >> >> >> > MD5 keys are read with RCU protection, and tcp_md5_do_add() >> >> > might update in-place a prior key. >> >> > >> >> > Normally, typical RCU updates would allocate a new piece >> >> > of memory. In this case only key->key and key->keylen might >> >> > be updated, and we do not care if an incoming packet could >> >> > see the old key, the new one, or some intermediate value, >> >> > since changing the key on a live flow is known to be problematic >> >> > anyway. >> >> >> >> What makes it acceptable to observe an intermediate bogus key during the >> >> transition ? >> > >> > If you change a key while packets are in flight, the result is that : >> > >> > 1) Either your packet has the correct key and is handled >> > >> > 2) Or the key do not match, packet is dropped. >> > >> > Sender will retransmit eventually. >> >> This train of thoughts seem to apply to incoming traffic, what about >> outgoing ? > > > Outgoing path is protected by the socket lock. > > You can not change the TCP MD5 key while xmit is in progress.
Allright, this is the part I missed, thanks! Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com
