On Fri, Aug 15, 2025 at 3:09 PM Jakub Kicinski <kuba@xxxxxxxxxx> wrote: > > On Tue, 12 Aug 2025 21:01:21 -0700 Eric Biggers wrote: > > + if (net->sctp.cookie_auth_enable) > > + tbl.data = (char *)"sha256"; > > + else > > + tbl.data = (char *)"none"; > > + tbl.maxlen = strlen(tbl.data); > > + return proc_dostring(&tbl, 0, buffer, lenp, ppos); > > I wonder if someone out there expects to read back what they wrote, > but let us find out. I feel it's a bit weird to have: # sysctl net.sctp.cookie_hmac_alg="md5" net.sctp.cookie_hmac_alg = md5 # sysctl net.sctp.cookie_hmac_alg net.sctp.cookie_hmac_alg = sha256 This patch deprecates md5 and sha1 use there. So generally, for situations like this, should we also issue a warning, or just fail it? Paolo, what do you think? > > It'd be great to get an ack / review from SCTP maintainers, otherwise > we'll apply by Monday.. Other than that, LGTM. Sorry for the late reply, I was running some SCTP-auth related tests against the patchset.
