From: Jakub Kicinski <kuba@kernel.org>
Date: Fri, 12 Sep 2025 02:05:59 +0000 (-0700)
Subject: Merge branch 'tcp-destroy-tcp-ao-tcp-md5-keys-in-sk_destruct'
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=999337afa51d9bd7941f6ace24923ba64690380f;p=users%2Fhch%2Fmisc.git

Merge branch 'tcp-destroy-tcp-ao-tcp-md5-keys-in-sk_destruct'

Dmitry Safonov says:

====================
tcp: Destroy TCP-AO, TCP-MD5 keys in .sk_destruct()

On one side a minor/cosmetic issue, especially nowadays when
TCP-AO/TCP-MD5 signature verification failures aren't logged to dmesg.

Yet, I think worth addressing for two reasons:
- unsigned RST gets ignored by the peer and the connection is alive for
  longer (keep-alive interval)
- netstat counters increase and trace events report that trusted BGP peer
  is sending unsigned/incorrectly signed segments, which can ring alarm
  on monitoring.
====================

Link: https://patch.msgid.link/20250909-b4-tcp-ao-md5-rst-finwait2-v5-0-9ffaaaf8b236@arista.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---

999337afa51d9bd7941f6ace24923ba64690380f