Re: [PATCH net-next v2 1/5] net/tcp-ao: Drop support for most non-RFC-specified algorithms

Next message: Minchan Kim: "[PATCH v2] mm: process_mrelease: introduce PROCESS_MRELEASE_REAP_KILL flag"
Previous message: Daniel Walker (danielwa): "Re: [PATCH] mm/madvise: preserve uprobe breakpoints across MADV_DONTNEED"
In reply to: Eric Biggers: "Re: [PATCH net-next v2 1/5] net/tcp-ao: Drop support for most non-RFC-specified algorithms"
Next in thread: Eric Biggers: "[PATCH net-next v2 3/5] net/tcp-ao: Use stack-allocated MAC and traffic_key buffers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Wed Apr 29 2026 - 17:13:17 EST

On Wed, Apr 29, 2026 at 07:44:56PM +0000, Eric Biggers wrote:
> > One more question, on the commit message and documentation rather than the
> > diff: Documentation/networking/tcp_ao.rst still describes TCP-AO as "May
> > support any hashing algorithm"
>
> That "May support any hashing algorithm" statement has always been
> incorrect, so I wouldn't pay much attention to it. It also appears in a
> table describing TCP-AO as a protocol, not the kernel's implementation.
>
> > and does not mention the newly enforced
> > whitelist or the -ENOENT failure mode. Should tcp_ao.rst be updated in
> > this patch to list the accepted algorithm strings and the rationale (e.g.
> > the 20-byte TCP option MAC cap), so userspace has a documented contract?
>
> As stated in the commit message, the list of MAC algorithms supported by
> the kernel's implementation of TCP-AO has always been undocumented. It
> should be documented, but I would suggest documentation improvements
> belong in a separate patch.

The missing documentation is added in
https://lore.kernel.org/netdev/20260429210856.725667-1-ebiggers@xxxxxxxxxx/

- Eric