[net-next,2/9] net: tcp: add skb drop reasons to tcp_v4_rcv()

Commit Message

Menglong Dong Feb. 16, 2022, 3:54 a.m. UTC

From: Menglong Dong <imagedong@tencent.com>

Use kfree_skb_reason() for some path in tcp_v4_rcv() that missed before,
including:

SKB_DROP_REASON_SOCKET_FILTER
SKB_DROP_REASON_XFRM_POLICY

Signed-off-by: Menglong Dong <imagedong@tencent.com>
---
 net/ipv4/tcp_ipv4.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

Comments

David Ahern Feb. 17, 2022, 4:06 a.m. UTC | #1

On 2/15/22 8:54 PM, menglong8.dong@gmail.com wrote:
> @@ -2137,8 +2141,10 @@ int tcp_v4_rcv(struct sk_buff *skb)
>  
>  no_tcp_socket:
>  	drop_reason = SKB_DROP_REASON_NO_SOCKET;
> -	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
> +	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
> +		drop_reason = SKB_DROP_REASON_XFRM_POLICY;

no socket reason trumps the xfrm failure; it was first.

>  		goto discard_it;
> +	}
>  
>  	tcp_v4_fill_cb(skb, iph, th);
>

Patch

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 6873f46fc8ba..a93921fb498f 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2057,6 +2057,8 @@  int tcp_v4_rcv(struct sk_buff *skb)
 			iph = ip_hdr(skb);
 			tcp_v4_fill_cb(skb, iph, th);
 			nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
+		} else {
+			drop_reason = SKB_DROP_REASON_SOCKET_FILTER;
 		}
 		if (!nsk) {
 			reqsk_put(req);
@@ -2092,8 +2094,10 @@  int tcp_v4_rcv(struct sk_buff *skb)
 		}
 	}
 
-	if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
+	if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) {
+		drop_reason = SKB_DROP_REASON_XFRM_POLICY;
 		goto discard_and_relse;
+	}
 
 	if (tcp_v4_inbound_md5_hash(sk, skb, dif, sdif))
 		goto discard_and_relse;
@@ -2137,8 +2141,10 @@  int tcp_v4_rcv(struct sk_buff *skb)
 
 no_tcp_socket:
 	drop_reason = SKB_DROP_REASON_NO_SOCKET;
-	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
+	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
+		drop_reason = SKB_DROP_REASON_XFRM_POLICY;
 		goto discard_it;
+	}
 
 	tcp_v4_fill_cb(skb, iph, th);
 
@@ -2166,6 +2172,7 @@  int tcp_v4_rcv(struct sk_buff *skb)
 
 do_time_wait:
 	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
+		drop_reason = SKB_DROP_REASON_XFRM_POLICY;
 		inet_twsk_put(inet_twsk(sk));
 		goto discard_it;
 	}