1. Patchew
  2. MPTCP
  3. View series

[PATCH v3 mptcp-next 0/3] more sockopts for ephemeral ports

Maxim Galaganov posted 3 patches 5 months, 1 week ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/multipath-tcp/mptcp_net-next tags/patchew/20231211120309.20752-1-max@internet.ru
Maintainers: Matthieu Baerts <matttbe@kernel.org>, Mat Martineau <martineau@kernel.org>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Shuah Khan <shuah@kernel.org>
net/mptcp/sockopt.c                           | 27 ++++++++++++++++---
.../selftests/net/ip_local_port_range.c       | 12 +++++++++
2 files changed, 35 insertions(+), 4 deletions(-)
[PATCH v3 mptcp-next 0/3] more sockopts for ephemeral ports
Posted by Maxim Galaganov 5 months, 1 week ago 
Support useful sockopts that allow fine control over ephemeral port
usage.

v3:
 - Change patch 2/3 with regards to commit d9f28735af87 ("Use
   READ/WRITE_ONCE() for IP local_port_range.")
 - Drop Mat's Reviewed-By tag in patch 2/3 because of changes
v2:
 - Add patch 1/3 with function name change (Mat)
 - Fixup checkpatch errors in patch 2/3 (Mat)

Maxim Galaganov (3):
  mptcp: rename mptcp_setsockopt_sol_ip_set_transparent()
  mptcp: sockopt: support IP_LOCAL_PORT_RANGE and
    IP_BIND_ADDRESS_NO_PORT
  selftests/net: add MPTCP coverage for IP_LOCAL_PORT_RANGE

 net/mptcp/sockopt.c                           | 27 ++++++++++++++++---
 .../selftests/net/ip_local_port_range.c       | 12 +++++++++
 2 files changed, 35 insertions(+), 4 deletions(-)

-- 
2.43.0
Re: [PATCH v3 mptcp-next 0/3] more sockopts for ephemeral ports
Posted by Matthieu Baerts 5 months ago 
Hi Maxim, Mat,

On 11/12/2023 13:03, Maxim Galaganov wrote:
> Support useful sockopts that allow fine control over ephemeral port
> usage.
> 
> v3:
>  - Change patch 2/3 with regards to commit d9f28735af87 ("Use
>    READ/WRITE_ONCE() for IP local_port_range.")
>  - Drop Mat's Reviewed-By tag in patch 2/3 because of changes

Thank you for the patches and the reviews!

Please note that 'b4' is telling me that your emails are not properly
signed by your SMTP server:

  BADSIG: DKIM/internet.ru

That's not blocking here, but it could be a sign someone is trying to
forge the sender address.

These patches have been added in our tree: feat. for net-next.

New patches for t/upstream:
- 250382904050: mptcp: rename mptcp_setsockopt_sol_ip_set_transparent()
- be6fee83fad1: mptcp: sockopt: support IP_LOCAL_PORT_RANGE and
IP_BIND_ADDRESS_NO_PORT
- 5df30926310b: selftests/net: add MPTCP coverage for IP_LOCAL_PORT_RANGE
- Results: e2b8a59f008f..84d8fb414b2a (export)

Tests are now in progress:

https://cirrus-ci.com/github/multipath-tcp/mptcp_net-next/export/20231215T134806

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.
Re: [PATCH v3 mptcp-next 0/3] more sockopts for ephemeral ports
Posted by Maxim Galaganov 5 months ago 
On 15.12.2023 16:56, Matthieu Baerts wrote:
> Hi Maxim, Mat,
> 
> On 11/12/2023 13:03, Maxim Galaganov wrote:
>> Support useful sockopts that allow fine control over ephemeral port
>> usage.
>>
>> v3:
>>   - Change patch 2/3 with regards to commit d9f28735af87 ("Use
>>     READ/WRITE_ONCE() for IP local_port_range.")
>>   - Drop Mat's Reviewed-By tag in patch 2/3 because of changes
> 
> Thank you for the patches and the reviews!
> 
> Please note that 'b4' is telling me that your emails are not properly
> signed by your SMTP server:
> 
>    BADSIG: DKIM/internet.ru
> 
> That's not blocking here, but it could be a sign someone is trying to
> forge the sender address.

This is because of DKIM expiration (DKIM-Signature header contains t= 
and x= tags, that make signature invalid after some time). It is 
reasonably effective to prevent DKIM replay attacks, also can be done by 
rotating DKIM selectors (gmail does that, IIRC).

Running b4 with -d flag tells:
DKIM: x= value is past (b'1702386232')

Otherwise header and body hashes should verify OK here..

> 
> These patches have been added in our tree: feat. for net-next.
> 
> New patches for t/upstream:
> - 250382904050: mptcp: rename mptcp_setsockopt_sol_ip_set_transparent()
> - be6fee83fad1: mptcp: sockopt: support IP_LOCAL_PORT_RANGE and
> IP_BIND_ADDRESS_NO_PORT
> - 5df30926310b: selftests/net: add MPTCP coverage for IP_LOCAL_PORT_RANGE
> - Results: e2b8a59f008f..84d8fb414b2a (export)
> 
> Tests are now in progress:
> 
> https://cirrus-ci.com/github/multipath-tcp/mptcp_net-next/export/20231215T134806
> 
> Cheers,
> Matt
Re: [PATCH v3 mptcp-next 0/3] more sockopts for ephemeral ports
Posted by Matthieu Baerts 5 months ago 
Hi Maxim,

On 15/12/2023 15:15, Maxim Galaganov wrote:
> On 15.12.2023 16:56, Matthieu Baerts wrote:
>> Hi Maxim, Mat,
>>
>> On 11/12/2023 13:03, Maxim Galaganov wrote:
>>> Support useful sockopts that allow fine control over ephemeral port
>>> usage.
>>>
>>> v3:
>>>   - Change patch 2/3 with regards to commit d9f28735af87 ("Use
>>>     READ/WRITE_ONCE() for IP local_port_range.")
>>>   - Drop Mat's Reviewed-By tag in patch 2/3 because of changes
>>
>> Thank you for the patches and the reviews!
>>
>> Please note that 'b4' is telling me that your emails are not properly
>> signed by your SMTP server:
>>
>>    BADSIG: DKIM/internet.ru
>>
>> That's not blocking here, but it could be a sign someone is trying to
>> forge the sender address.
> 
> This is because of DKIM expiration (DKIM-Signature header contains t=
> and x= tags, that make signature invalid after some time). It is
> reasonably effective to prevent DKIM replay attacks, also can be done by
> rotating DKIM selectors (gmail does that, IIRC).
> 
> Running b4 with -d flag tells:
> DKIM: x= value is past (b'1702386232')
> 
> Otherwise header and body hashes should verify OK here..

Thank you for having checked that! I already saw that before [1], but I
forgot about that!

[1]
https://lore.kernel.org/tools/ddeefd4d0323df0948565fea2ffb55793fdcc8dc@linux.dev/

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.