Message ID | 20240223102851.83749-6-kerneljasonxing@gmail.com (mailing list archive) |
---|---|
State | Superseded |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | introduce drop reasons for tcp receive path | expand |
From: Jason Xing <kerneljasonxing@gmail.com> Date: Fri, 23 Feb 2024 18:28:46 +0800 > From: Jason Xing <kernelxing@tencent.com> > > Like what I did to ipv4 mode, refine this part: adding more drop > reasons for better tracing. > > Signed-off-by: Jason Xing <kernelxing@tencent.com> > Reviewed-by: Eric Dumazet <edumazet@google.com> > Reviewed-by: David Ahern <dsahern@kernel.org> Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com> > -- > v9 > Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ > 1. add reviewed-by tag (David) > > v8 > Link: https://lore.kernel.org/netdev/CANn89i+b+bYqX0aVv9KtSm=nLmEQznamZmqaOzfqtJm_ux9JBw@mail.gmail.com/ > 1. add reviewed-by tag (Eric) > > v6: > Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ > 1. Not use NOMEM because of MPTCP (Kuniyuki). I chose to use NO_SOCKET as > an indicator which can be used as three kinds of cases to tell people that we're > unable to get a valid one. It's a relatively general reason like what we did > to TCP_FLAGS. > > v5: > Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ > 1. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) > 2. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD > 3. Reuse IP_OUTNOROUTES instead of INVALID_DST (Eric) > --- > net/ipv6/syncookies.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c > index ea0d9954a29f..8bad0a44a0a6 100644 > --- a/net/ipv6/syncookies.c > +++ b/net/ipv6/syncookies.c > @@ -190,16 +190,20 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) > if (IS_ERR(req)) > goto out; > } > - if (!req) > + if (!req) { > + SKB_DR_SET(reason, NO_SOCKET); > goto out_drop; > + } > > ireq = inet_rsk(req); > > ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; > ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; > > - if (security_inet_conn_request(sk, skb, req)) > + if (security_inet_conn_request(sk, skb, req)) { > + SKB_DR_SET(reason, SECURITY_HOOK); > goto out_free; > + } > > if (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) || > np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || > @@ -236,8 +240,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) > security_req_classify_flow(req, flowi6_to_flowi_common(&fl6)); > > dst = ip6_dst_lookup_flow(net, sk, &fl6, final_p); > - if (IS_ERR(dst)) > + if (IS_ERR(dst)) { > + SKB_DR_SET(reason, IP_OUTNOROUTES); > goto out_free; > + } > } > > req->rsk_window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW); > @@ -257,8 +263,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) > ireq->ecn_ok &= cookie_ecn_ok(net, dst); > > ret = tcp_get_cookie_sock(sk, skb, req, dst); > - if (!ret) > + if (!ret) { > + SKB_DR_SET(reason, NO_SOCKET); > goto out_drop; > + } > out: > return ret; > out_free: > -- > 2.37.3
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index ea0d9954a29f..8bad0a44a0a6 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c @@ -190,16 +190,20 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) if (IS_ERR(req)) goto out; } - if (!req) + if (!req) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } ireq = inet_rsk(req); ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; - if (security_inet_conn_request(sk, skb, req)) + if (security_inet_conn_request(sk, skb, req)) { + SKB_DR_SET(reason, SECURITY_HOOK); goto out_free; + } if (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) || np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || @@ -236,8 +240,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) security_req_classify_flow(req, flowi6_to_flowi_common(&fl6)); dst = ip6_dst_lookup_flow(net, sk, &fl6, final_p); - if (IS_ERR(dst)) + if (IS_ERR(dst)) { + SKB_DR_SET(reason, IP_OUTNOROUTES); goto out_free; + } } req->rsk_window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW); @@ -257,8 +263,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ireq->ecn_ok &= cookie_ecn_ok(net, dst); ret = tcp_get_cookie_sock(sk, skb, req, dst); - if (!ret) + if (!ret) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } out: return ret; out_free: