5 Nov
2021
5 Nov
'21
1:53 a.m.
On 11/1/21 16:34, Leonard Crestez wrote: [..]
+static int skb_shash_frags(struct shash_desc *desc,
struct sk_buff *skb)+{
- struct sk_buff *frag_iter;
- int err, i;
- for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
skb_frag_t *f = &skb_shinfo(skb)->frags[i];u32 p_off, p_len, copied;struct page *p;u8 *vaddr;skb_frag_foreach_page(f, skb_frag_off(f), skb_frag_size(f),p, p_off, p_len, copied) {vaddr = kmap_atomic(p);err = crypto_shash_update(desc, vaddr + p_off, p_len);kunmap_atomic(vaddr);if (err)return err;}- }
- skb_walk_frags(skb, frag_iter) {
err = skb_shash_frags(desc, frag_iter);if (err)return err;- }
- return 0;
+}
This seems quite sub-optimal: IIUC, shash should only be used for small amount of hashing. That's why tcp-md5 uses ahash with scatterlists. Which drives me to the question: why not reuse tcp_md5sig_pool code?
And it seems that you can avoid TCP_AUTHOPT_ALG_* enum and just supply to crypto the string from socket option (like xfrm does).
Here is my idea: https://lore.kernel.org/all/20211105014953.972946-6-dima@arista.com/T/#u
Thanks, Dmitry