| Message ID | 20231211120309.20752-1-max@internet.ru (mailing list archive) |
|---|---|
| Headers | show |
| Series | more sockopts for ephemeral ports | expand |
Hi Maxim, Mat, On 11/12/2023 13:03, Maxim Galaganov wrote: > Support useful sockopts that allow fine control over ephemeral port > usage. > > v3: > - Change patch 2/3 with regards to commit d9f28735af87 ("Use > READ/WRITE_ONCE() for IP local_port_range.") > - Drop Mat's Reviewed-By tag in patch 2/3 because of changes Thank you for the patches and the reviews! Please note that 'b4' is telling me that your emails are not properly signed by your SMTP server: BADSIG: DKIM/internet.ru That's not blocking here, but it could be a sign someone is trying to forge the sender address. These patches have been added in our tree: feat. for net-next. New patches for t/upstream: - 250382904050: mptcp: rename mptcp_setsockopt_sol_ip_set_transparent() - be6fee83fad1: mptcp: sockopt: support IP_LOCAL_PORT_RANGE and IP_BIND_ADDRESS_NO_PORT - 5df30926310b: selftests/net: add MPTCP coverage for IP_LOCAL_PORT_RANGE - Results: e2b8a59f008f..84d8fb414b2a (export) Tests are now in progress: https://cirrus-ci.com/github/multipath-tcp/mptcp_net-next/export/20231215T134806 Cheers, Matt
On 15.12.2023 16:56, Matthieu Baerts wrote: > Hi Maxim, Mat, > > On 11/12/2023 13:03, Maxim Galaganov wrote: >> Support useful sockopts that allow fine control over ephemeral port >> usage. >> >> v3: >> - Change patch 2/3 with regards to commit d9f28735af87 ("Use >> READ/WRITE_ONCE() for IP local_port_range.") >> - Drop Mat's Reviewed-By tag in patch 2/3 because of changes > > Thank you for the patches and the reviews! > > Please note that 'b4' is telling me that your emails are not properly > signed by your SMTP server: > > BADSIG: DKIM/internet.ru > > That's not blocking here, but it could be a sign someone is trying to > forge the sender address. This is because of DKIM expiration (DKIM-Signature header contains t= and x= tags, that make signature invalid after some time). It is reasonably effective to prevent DKIM replay attacks, also can be done by rotating DKIM selectors (gmail does that, IIRC). Running b4 with -d flag tells: DKIM: x= value is past (b'1702386232') Otherwise header and body hashes should verify OK here.. > > These patches have been added in our tree: feat. for net-next. > > New patches for t/upstream: > - 250382904050: mptcp: rename mptcp_setsockopt_sol_ip_set_transparent() > - be6fee83fad1: mptcp: sockopt: support IP_LOCAL_PORT_RANGE and > IP_BIND_ADDRESS_NO_PORT > - 5df30926310b: selftests/net: add MPTCP coverage for IP_LOCAL_PORT_RANGE > - Results: e2b8a59f008f..84d8fb414b2a (export) > > Tests are now in progress: > > https://cirrus-ci.com/github/multipath-tcp/mptcp_net-next/export/20231215T134806 > > Cheers, > Matt
Hi Maxim, On 15/12/2023 15:15, Maxim Galaganov wrote: > On 15.12.2023 16:56, Matthieu Baerts wrote: >> Hi Maxim, Mat, >> >> On 11/12/2023 13:03, Maxim Galaganov wrote: >>> Support useful sockopts that allow fine control over ephemeral port >>> usage. >>> >>> v3: >>> - Change patch 2/3 with regards to commit d9f28735af87 ("Use >>> READ/WRITE_ONCE() for IP local_port_range.") >>> - Drop Mat's Reviewed-By tag in patch 2/3 because of changes >> >> Thank you for the patches and the reviews! >> >> Please note that 'b4' is telling me that your emails are not properly >> signed by your SMTP server: >> >> BADSIG: DKIM/internet.ru >> >> That's not blocking here, but it could be a sign someone is trying to >> forge the sender address. > > This is because of DKIM expiration (DKIM-Signature header contains t= > and x= tags, that make signature invalid after some time). It is > reasonably effective to prevent DKIM replay attacks, also can be done by > rotating DKIM selectors (gmail does that, IIRC). > > Running b4 with -d flag tells: > DKIM: x= value is past (b'1702386232') > > Otherwise header and body hashes should verify OK here.. Thank you for having checked that! I already saw that before [1], but I forgot about that! [1] https://lore.kernel.org/tools/ddeefd4d0323df0948565fea2ffb55793fdcc8dc@linux.dev/ Cheers, Matt
Support useful sockopts that allow fine control over ephemeral port usage. v3: - Change patch 2/3 with regards to commit d9f28735af87 ("Use READ/WRITE_ONCE() for IP local_port_range.") - Drop Mat's Reviewed-By tag in patch 2/3 because of changes v2: - Add patch 1/3 with function name change (Mat) - Fixup checkpatch errors in patch 2/3 (Mat) Maxim Galaganov (3): mptcp: rename mptcp_setsockopt_sol_ip_set_transparent() mptcp: sockopt: support IP_LOCAL_PORT_RANGE and IP_BIND_ADDRESS_NO_PORT selftests/net: add MPTCP coverage for IP_LOCAL_PORT_RANGE net/mptcp/sockopt.c | 27 ++++++++++++++++--- .../selftests/net/ip_local_port_range.c | 12 +++++++++ 2 files changed, 35 insertions(+), 4 deletions(-)