Hi, Christoph, Igor, and I have worked on an API that facilitates TFO key rotation. This is a follow up to the series that Christoph previously posted, with an API that meets both of our use-cases. Here's a link to the previous work: https://patchwork.ozlabs.org/cover/1013753/
Thanks, -Jason Christoph Paasch (1): tcp: introduce __tcp_fastopen_cookie_gen_cipher() Jason Baron (5): tcp: add backup TFO key infrastructure tcp: add support to TCP_FASTOPEN_KEY for optional backup key tcp: add support for optional TFO backup key to /proc/sys/net/ipv4/tcp_fastopen_key Documentation: ip-sysctl.txt: Document tcp_fastopen_key selftests/net: add TFO key rotation selftest Documentation/networking/ip-sysctl.txt | 20 ++ include/net/tcp.h | 41 ++- include/uapi/linux/snmp.h | 1 + net/ipv4/proc.c | 1 + net/ipv4/sysctl_net_ipv4.c | 93 ++++-- net/ipv4/tcp.c | 29 +- net/ipv4/tcp_fastopen.c | 233 +++++++++----- tools/testing/selftests/net/.gitignore | 1 + tools/testing/selftests/net/Makefile | 3 +- .../selftests/net/tcp_fastopen_backup_key.c | 336 +++++++++++++++++++++ .../selftests/net/tcp_fastopen_backup_key.sh | 55 ++++ 11 files changed, 694 insertions(+), 119 deletions(-) create mode 100644 tools/testing/selftests/net/tcp_fastopen_backup_key.c create mode 100644 tools/testing/selftests/net/tcp_fastopen_backup_key.sh -- 2.7.4
