Hi Eric,

thanks once again for taking a look :)

On 10/11/23 18:53, Eric Dumazet wrote:

On Tue, Oct 10, 2023 at 1:07 AM Dmitry Safonov [off-list ref] wrote:

[..]

quoted

+bool tcp_ao_ignore_icmp(const struct sock *sk, int type, int code)
+{
+       bool ignore_icmp = false;
+       struct tcp_ao_info *ao;
+
+       /* RFC5925, 7.8:
+        * >> A TCP-AO implementation MUST default to ignore incoming ICMPv4
+        * messages of Type 3 (destination unreachable), Codes 2-4 (protocol
+        * unreachable, port unreachable, and fragmentation needed -- ’hard
+        * errors’), and ICMPv6 Type 1 (destination unreachable), Code 1
+        * (administratively prohibited) and Code 4 (port unreachable) intended
+        * for connections in synchronized states (ESTABLISHED, FIN-WAIT-1, FIN-
+        * WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK, TIME-WAIT) that match MKTs.
+        */
+       if (READ_ONCE(sk->sk_family) == AF_INET) {

You can not use sk->sk_family to make this decision.

 It could be AF_INET6 and yet the flow could be IPv4.  (dual stack)

Let the caller pass this information ?

 tcp_ao_ignore_icmp(sk, AF_INET, type, code);

 tcp_ao_ignore_icmp(sk, AF_INET6, type, code);

Yes, I thought about it when added READ_ONCE(), but than probably got
distracted over possible IPV6_ADDRFORM races, rather than on correctness.

Looking at other places:
tcp_ao_prepare_reset() seems to do a proper thing for dual stack, but I
see it reads sk->sk_family twice, which needs to be addressed as well.
tcp_ao_connect_init() seems to do the right thing as well, but that is
hidden in tcp_ao_key_cmp().

Will fix in the next version.

Thanks,
             Dmitry