On 12/14/2018 02:40 PM, Christoph Paasch wrote: > This change allows to search for the right cookie and accepts old ones > (announcing a new one if it has changed). > > __tcp_fastopen_cookie_gen_with_ctx() allows to generate a cookie based > on a given TFO-context. A later patch will cleanup the duplicate code. How long is kept the secondary (old) context ? I do not know exact crypto_cipher_encrypt_one() cost, but it looks like your patch could double the cost of some TFO based attacks ?
- [PATCH net-next 1/5] tcp: Create list of TFO-contexts Christoph Paasch
- Re: [PATCH net-next 1/5] tcp: Create list of TFO-con... Eric Dumazet
- Re: [PATCH net-next 1/5] tcp: Create list of TFO... Christoph Paasch
- Re: [PATCH net-next 1/5] tcp: Create list of... Eric Dumazet
- Re: [PATCH net-next 1/5] tcp: Create list of TFO-con... Eric Dumazet
- Re: [PATCH net-next 1/5] tcp: Create list of TFO... Christoph Paasch
- Re: [PATCH net-next 1/5] tcp: Create list of... Eric Dumazet
- Re: [PATCH net-next 1/5] tcp: Create lis... Christoph Paasch
- [PATCH net-next 4/5] tcp: Allow getsockopt of listener's ... Christoph Paasch
- [PATCH net-next 2/5] tcp: TFO: search for correct cookie ... Christoph Paasch
- Re: [PATCH net-next 2/5] tcp: TFO: search for correc... Eric Dumazet
- Re: [PATCH net-next 2/5] tcp: TFO: search for co... Christoph Paasch
- Re: [PATCH net-next 0/5] tcp: Introduce a TFO key-pool fo... David Miller
