From patchwork Mon May 24 07:07:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Geliang Tang X-Patchwork-Id: 12275571 X-Patchwork-Delegate: mat@martineau.name Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2813D2FB2 for ; Mon, 24 May 2021 07:07:27 +0000 (UTC) Received: by mail-pl1-f173.google.com with SMTP id h12so2001834plf.11 for ; Mon, 24 May 2021 00:07:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gMCKa3I+OdVG15KKyUTExe9FHj8cubNYgH9GkLPxXkQ=; b=BxV7oXU/hsozjH2LPL8XNhMF/EVfBDhFySr/ezxHAGz4phIMDyu8r2nZtQwuNUh2xy mQ5OP56Ewjtn/plWkdVBytrJWIIzIDpqchKTX7/mEWQZuOAJD1MNWKP9jkPWnIx7kSse +La8I7EH5U/dtGXlkqZQXp2Qdh1mhfYsJ1hQI5Z1CGjoh5tQcI1SQCctzkVTmUVd+9bE 83OFNE/jTcJfBKkvOBMjpH8ZLp7XhE+g41cwW/VfONLqBl+tdmoPKJARitaNF3xysgTn C9HnOSR+rs3H+CtaNjgFKSBUHxnDvH6ogKpbvgdUY5i/JRJV1cKYfRRhSBS5rhU8XoEh NMDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gMCKa3I+OdVG15KKyUTExe9FHj8cubNYgH9GkLPxXkQ=; b=mlKzjsoEVEK0++mGOsOWPjS9wTBOzWz8SwIm9+3fLJLdJoZuLTBn2+meKvBsl/7ZPr rAmSQr9xPFpW9woEX1fq7MlePR/BTCkB7KA38Lg9kWO4WExK8ypdfAhCoYKeQ2zmwouG HUN0Vb9VpTd3RwQ/kYiPP5DzXalCImJFFABAXcVZYD6Bn+VlMRGrBW1s/FozBF+Dg1hq VQrEbFJx5G0/UkWW7+gLoRVVXXsklFQzt56xHrtSYTCISgE506mPJjZti0ePPdZoOurl KQn6KZrn/oeo8KFxVq8ZFWkc0BHMkYsnOYlOyXOTrKtenAfIjB5JeCFdA2Cm2QpAzMEj m7TA== X-Gm-Message-State: AOAM532gZzUrxPHYq9GRGW/iK6Tk6DbIHLYdMAsrHwLp2U3UdiuyDF8d 4gcaImnOqQMlR+UsILC2N8x7KIKQ1zLDgg== X-Google-Smtp-Source: ABdhPJyGHQzbu4rNpcagOO68cgbVKfRd7jWUeueEU0XIJzzb2sHuNAJw2hDCKjsnLtbe9zTWUPmOJw== X-Received: by 2002:a17:90b:94b:: with SMTP id dw11mr24244872pjb.86.1621840046641; Mon, 24 May 2021 00:07:26 -0700 (PDT) Received: from localhost ([209.9.72.213]) by smtp.gmail.com with ESMTPSA id k21sm10320274pgb.56.2021.05.24.00.07.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 May 2021 00:07:26 -0700 (PDT) From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Florian Westphal Subject: [MPTCP][PATCH v7 mptcp-next 1/5] mptcp: add sysctl allow_join_initial_addr_port Date: Mon, 24 May 2021 15:07:15 +0800 Message-Id: <7df5c99cf5336e3c1b0225903c75d01bbcde8daf.1621839764.git.geliangtang@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This patch added a new sysctl, named allow_join_initial_addr_port, to control whether allow peers to send join requests to the IP address and port number used by the initial subflow. Suggested-by: Florian Westphal Signed-off-by: Geliang Tang --- Documentation/networking/mptcp-sysctl.rst | 13 +++++++++++++ net/mptcp/ctrl.c | 16 ++++++++++++++++ net/mptcp/protocol.h | 1 + 3 files changed, 30 insertions(+) diff --git a/Documentation/networking/mptcp-sysctl.rst b/Documentation/networking/mptcp-sysctl.rst index ee06fd782465..76d939e688b8 100644 --- a/Documentation/networking/mptcp-sysctl.rst +++ b/Documentation/networking/mptcp-sysctl.rst @@ -32,3 +32,16 @@ checksum_enabled - BOOLEAN per-namespace sysctl. Default: 0 + +allow_join_initial_addr_port - BOOLEAN + Allow peers to send join requests to the IP address and port number used + by the initial subflow if the value is 1. This controls a flag that is + sent to the peer at connection time, and whether such join requests are + accepted or denied. + + Joins to addresses advertised with ADD_ADDR are not affected by this + value. + + This is a per-namespace sysctl. + + Default: 1 diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index 6c2639bb9c19..7d738bd06f2c 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -24,6 +24,7 @@ struct mptcp_pernet { u8 mptcp_enabled; unsigned int add_addr_timeout; u8 checksum_enabled; + u8 allow_join_initial_addr_port; }; static struct mptcp_pernet *mptcp_get_pernet(struct net *net) @@ -46,11 +47,17 @@ int mptcp_is_checksum_enabled(struct net *net) return mptcp_get_pernet(net)->checksum_enabled; } +int mptcp_allow_join_id0(struct net *net) +{ + return mptcp_get_pernet(net)->allow_join_initial_addr_port; +} + static void mptcp_pernet_set_defaults(struct mptcp_pernet *pernet) { pernet->mptcp_enabled = 1; pernet->add_addr_timeout = TCP_RTO_MAX; pernet->checksum_enabled = 0; + pernet->allow_join_initial_addr_port = 1; } #ifdef CONFIG_SYSCTL @@ -80,6 +87,14 @@ static struct ctl_table mptcp_sysctl_table[] = { .extra1 = SYSCTL_ZERO, .extra2 = SYSCTL_ONE }, + { + .procname = "allow_join_initial_addr_port", + .maxlen = sizeof(u8), + .mode = 0644, + .proc_handler = proc_dou8vec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = SYSCTL_ONE + }, {} }; @@ -98,6 +113,7 @@ static int mptcp_pernet_new_table(struct net *net, struct mptcp_pernet *pernet) table[0].data = &pernet->mptcp_enabled; table[1].data = &pernet->add_addr_timeout; table[2].data = &pernet->checksum_enabled; + table[3].data = &pernet->allow_join_initial_addr_port; hdr = register_net_sysctl(net, MPTCP_SYSCTL_PATH, table); if (!hdr) diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 16e50caf200e..c07db980b5da 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -543,6 +543,7 @@ static inline void mptcp_subflow_delegated_done(struct mptcp_subflow_context *su int mptcp_is_enabled(struct net *net); unsigned int mptcp_get_add_addr_timeout(struct net *net); int mptcp_is_checksum_enabled(struct net *net); +int mptcp_allow_join_id0(struct net *net); void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, struct mptcp_options_received *mp_opt); bool mptcp_subflow_data_available(struct sock *sk); From patchwork Mon May 24 07:07:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Geliang Tang X-Patchwork-Id: 12275573 X-Patchwork-Delegate: mat@martineau.name Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 18EE42FB1 for ; Mon, 24 May 2021 07:07:30 +0000 (UTC) Received: by mail-pf1-f169.google.com with SMTP id 22so19696105pfv.11 for ; Mon, 24 May 2021 00:07:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PxiQ/zt4bv5qFhspO2jncT4eNc2X4LIM55ZlOeHgeMw=; b=ogp21OwUewmqLf8f8yPWk5EPNevcXZ/Wyc9B6iK2oQP5ABr29uZKjEhQhjuF5+PvsD dFNFiNO5BqnHV0DicY8ZT9u13hUiAjVHF7g9aW+4m+E0jgQUqw9vpmQ1m1HAbFPxNCp8 PUmdz2cHY+0saOfPloaM7hOER4G2kvANMC+a6TnZW91w24VCw8iNT1jQdrMigemNMU4Q Y4YF55yzHtgon1Jd+RidzS2G//7OtqrGGpcHFYK5i5Aehb2oQGNcoD9/QcL3mxtZNqVw +C4vSaTR66vT057Mg/ZBz7sOUkdcIL1eHaMxlldzkGX6QzKy5Qx++bm+JPZ7z+uZoEx0 4DLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PxiQ/zt4bv5qFhspO2jncT4eNc2X4LIM55ZlOeHgeMw=; b=A55gyRID+I/Ad1v5WJacYo91Q4Ynu1/QcMeuUnfIWWnuiFKzD8SwiAb5EJtnwgxtmB AyJj2Zkv1IBrsvj4fFgR2DMe5yvhPo1aOKuK7ubpEBIhj1U7Hbos2VLrFNcXAIZX6IXI bkqum0SJHdHSkATaNPZ5i8otHCIrsnJIMIPJyF79aSD7LhpQA4v1rslZMwApeCwkqdYN xGAyXw269NJUmStUksrJan5Q3Fnr5oyYrsVnNNzLO9UxemtFCnrQS55u7WwMjTOGctQK rjA+7KE2uPUMFtikP8w44WyvKXB/mXbGCiUJGNvtGS/ogswREPRAmJSOj4yAfJBhHJ5f SZtQ== X-Gm-Message-State: AOAM533PLLhPUhIWHm0d0ZNIMmZuhiDYEjokVzbIudeZS7dc14453Ao1 vmWzH0Y5H+YbBEtoUtkwzMWyBC4yzv8fpw== X-Google-Smtp-Source: ABdhPJy3/xu7Mvz147EckuL/K16aWsw3O9/YecLc+SFIihIPp744Be9K5E1Dx12H07cWIzWEdU/DiA== X-Received: by 2002:a65:6705:: with SMTP id u5mr12107982pgf.418.1621840049570; Mon, 24 May 2021 00:07:29 -0700 (PDT) Received: from localhost ([209.9.72.213]) by smtp.gmail.com with ESMTPSA id t7sm9217456pju.4.2021.05.24.00.07.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 May 2021 00:07:29 -0700 (PDT) From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang Subject: [MPTCP][PATCH v7 mptcp-next 2/5] mptcp: add allow_join_id0 in mptcp_out_options Date: Mon, 24 May 2021 15:07:16 +0800 Message-Id: <372e8fb0d481dfed41cf7e01c60b18c55a852f7e.1621839764.git.geliangtang@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <7df5c99cf5336e3c1b0225903c75d01bbcde8daf.1621839764.git.geliangtang@gmail.com> References: <7df5c99cf5336e3c1b0225903c75d01bbcde8daf.1621839764.git.geliangtang@gmail.com> X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This patch defined a new flag MPTCP_CAP_DENY_JOIN_ID0 for the third bit, labeled "C" of the MP_CAPABLE option. Add a new flag allow_join_id0 in struct mptcp_out_options. If this flag is set, send out the MP_CAPABLE option with the flag MPTCP_CAP_DENY_JOIN_ID0. Signed-off-by: Geliang Tang --- include/net/mptcp.h | 3 ++- net/mptcp/options.c | 6 ++++++ net/mptcp/protocol.h | 6 ++++-- net/mptcp/subflow.c | 1 + 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/include/net/mptcp.h b/include/net/mptcp.h index d61bbbf11979..cb580b06152f 100644 --- a/include/net/mptcp.h +++ b/include/net/mptcp.h @@ -67,7 +67,8 @@ struct mptcp_out_options { u8 backup; u8 reset_reason:4, reset_transient:1, - csum_reqd:1; + csum_reqd:1, + allow_join_id0:1; u32 nonce; u64 thmac; u32 token; diff --git a/net/mptcp/options.c b/net/mptcp/options.c index 1aec01686c1a..1e921b5103bf 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -400,6 +400,7 @@ bool mptcp_syn_options(struct sock *sk, const struct sk_buff *skb, if (subflow->request_mptcp) { opts->suboptions = OPTION_MPTCP_MPC_SYN; opts->csum_reqd = mptcp_is_checksum_enabled(sock_net(sk)); + opts->allow_join_id0 = mptcp_allow_join_id0(sock_net(sk)); *size = TCPOLEN_MPTCP_MPC_SYN; return true; } else if (subflow->request_join) { @@ -488,6 +489,7 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb, opts->sndr_key = subflow->local_key; opts->rcvr_key = subflow->remote_key; opts->csum_reqd = READ_ONCE(msk->csum_enabled); + opts->allow_join_id0 = mptcp_allow_join_id0(sock_net(sk)); /* Section 3.1. * The MP_CAPABLE option is carried on the SYN, SYN/ACK, and ACK @@ -825,6 +827,7 @@ bool mptcp_synack_options(const struct request_sock *req, unsigned int *size, opts->suboptions = OPTION_MPTCP_MPC_SYNACK; opts->sndr_key = subflow_req->local_key; opts->csum_reqd = subflow_req->csum_reqd; + opts->allow_join_id0 = subflow_req->allow_join_id0; *size = TCPOLEN_MPTCP_MPC_SYNACK; pr_debug("subflow_req=%p, local_key=%llu", subflow_req, subflow_req->local_key); @@ -1199,6 +1202,9 @@ void mptcp_write_options(__be32 *ptr, const struct tcp_sock *tp, if (opts->csum_reqd) flag |= MPTCP_CAP_CHECKSUM_REQD; + if (!opts->allow_join_id0) + flag |= MPTCP_CAP_DENY_JOIN_ID0; + *ptr++ = mptcp_option(MPTCPOPT_MP_CAPABLE, len, MPTCP_SUPPORTED_VERSION, flag); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index c07db980b5da..1201ab04bcdf 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -79,8 +79,9 @@ #define MPTCP_VERSION_MASK (0x0F) #define MPTCP_CAP_CHECKSUM_REQD BIT(7) #define MPTCP_CAP_EXTENSIBILITY BIT(6) +#define MPTCP_CAP_DENY_JOIN_ID0 BIT(5) #define MPTCP_CAP_HMAC_SHA256 BIT(0) -#define MPTCP_CAP_FLAG_MASK (0x3F) +#define MPTCP_CAP_FLAG_MASK (0x1F) /* MPTCP DSS flags */ #define MPTCP_DSS_DATA_FIN BIT(4) @@ -352,7 +353,8 @@ struct mptcp_subflow_request_sock { u16 mp_capable : 1, mp_join : 1, backup : 1, - csum_reqd : 1; + csum_reqd : 1, + allow_join_id0 : 1; u8 local_id; u8 remote_id; u64 local_key; diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 2f13d795c2fc..0f4dc708e9b2 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -109,6 +109,7 @@ static void subflow_init_req(struct request_sock *req, const struct sock *sk_lis subflow_req->mp_capable = 0; subflow_req->mp_join = 0; subflow_req->csum_reqd = mptcp_is_checksum_enabled(sock_net(sk_listener)); + subflow_req->allow_join_id0 = mptcp_allow_join_id0(sock_net(sk_listener)); subflow_req->msk = NULL; mptcp_token_init_request(req); } From patchwork Mon May 24 07:07:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Geliang Tang X-Patchwork-Id: 12275575 X-Patchwork-Delegate: mat@martineau.name Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A83CC2FB1 for ; Mon, 24 May 2021 07:07:32 +0000 (UTC) Received: by mail-pl1-f181.google.com with SMTP id t9so5718751ply.6 for ; Mon, 24 May 2021 00:07:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6tBDnem+GRr3Yp1J3jzoIdFTAD2zLVvLxYqEMafhVZ4=; b=NrkGjjndKSsfRjGaRYgexn0e4NXlfx9HG8zAhrzzWUUQZWWNuh49utEAZrnYslf/4P utLdWYxUT3qcM6C6WmO87sUwYXSqEh1XaFUFg7RO8L/7S5LpR7YKa0TJ6yy9QjYPfnAG tbI5Zq17fMf95SlWzHCb659FQaDIQkqETtdEQkAo/GhCNZIbV7JXaOoxoWKLtf84Z1Qu H9NC6g5QKxK2c0Yd9nocT5PTqhc0cLs4bQiUM40mOQGMC7FJxVLOslRYKN9DDDyFoWXe YHt1twTSZCAfzcW1SYWTyMCI0kzCxkFgCP3u2Dtw6uMY2zD5bE6Cg1W3AOZcMiRGQj6J xmsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6tBDnem+GRr3Yp1J3jzoIdFTAD2zLVvLxYqEMafhVZ4=; b=WSHcpSplOx9t2QCxNEND0Wzo+xWeUPz4cgi7TGZK9EjrrKyVEEFgpBejFUTjK4dy3E 0Y/lk75/lZp1zTkcuTVmtmmRBweiYybQCb+ohfkr753JEG0hZsN85oHsuBesyyFGU0kk 3chGjV4EG0j8KePziFvc4dzXZOwMtumovdOvyBLyyU6rFlSKGZYkj4y51AqWQ2pX7n78 79dwLANmxUJifMojOHeNSoVjhIj+23WOZw3zbhxpKY2H/kJZiyhKAD71fkYtlMIwihME qnK4s98Ol25sbrvU9O9N+ihT0aRtexNrcxIVbdk6N3hsMXS3GXp/POjcE7KdojiaaFPp kAhA== X-Gm-Message-State: AOAM530MVtnQyGjOY6aiO2k0ZTkKdF7PP2meQzlA3AQrTtff6lHROoXq jjmnguOHAmjFYORDAscs+vu/QjUs5HB7Hw== X-Google-Smtp-Source: ABdhPJzP0N5r6YyyLLc7268ldzwdRY+HK+qUq3q64ZEiHOOj6fFquIT2CcNNbGK44QKPuIzJZabIrA== X-Received: by 2002:a17:90a:6ace:: with SMTP id b14mr23990118pjm.142.1621840052199; Mon, 24 May 2021 00:07:32 -0700 (PDT) Received: from localhost ([209.9.72.213]) by smtp.gmail.com with ESMTPSA id d22sm10407107pgb.15.2021.05.24.00.07.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 May 2021 00:07:32 -0700 (PDT) From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang Subject: [MPTCP][PATCH v7 mptcp-next 3/5] mptcp: add add_cached in mptcp_pm_data Date: Mon, 24 May 2021 15:07:17 +0800 Message-Id: X-Mailer: git-send-email 2.31.1 In-Reply-To: <372e8fb0d481dfed41cf7e01c60b18c55a852f7e.1621839764.git.geliangtang@gmail.com> References: <7df5c99cf5336e3c1b0225903c75d01bbcde8daf.1621839764.git.geliangtang@gmail.com> <372e8fb0d481dfed41cf7e01c60b18c55a852f7e.1621839764.git.geliangtang@gmail.com> X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This patch added a new member add_cached in struct mptcp_pm_data, to track the most recent received ADD_ADDR information. Also invalidate it if a matching REMOVE_ADDR is received. Signed-off-by: Geliang Tang --- net/mptcp/pm.c | 1 + net/mptcp/pm_netlink.c | 3 +++ net/mptcp/protocol.h | 1 + 3 files changed, 5 insertions(+) diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 9d00fa6d22e9..edc57ff4c1dd 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -316,6 +316,7 @@ void mptcp_pm_data_init(struct mptcp_sock *msk) msk->pm.subflows = 0; msk->pm.rm_list_tx.nr = 0; msk->pm.rm_list_rx.nr = 0; + msk->pm.add_cached.id = 0; WRITE_ONCE(msk->pm.work_pending, false); WRITE_ONCE(msk->pm.addr_signal, 0); WRITE_ONCE(msk->pm.accept_addr, false); diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 09722598994d..795f6d84bbfc 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -515,6 +515,7 @@ static void mptcp_pm_nl_add_addr_received(struct mptcp_sock *msk) remote.port = sk->sk_dport; memset(&local, 0, sizeof(local)); local.family = remote.family; + msk->pm.add_cached = remote; spin_unlock_bh(&msk->pm.lock); __mptcp_subflow_connect(sk, &local, &remote, 0, 0); @@ -631,6 +632,8 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (rm_type == MPTCP_MIB_RMADDR) { msk->pm.add_addr_accepted--; WRITE_ONCE(msk->pm.accept_addr, true); + if (msk->pm.add_cached.id == id) + msk->pm.add_cached.id = 0; } else if (rm_type == MPTCP_MIB_RMSUBFLOW) { msk->pm.local_addr_used--; } diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 1201ab04bcdf..d28f6cdc9798 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -185,6 +185,7 @@ struct mptcp_pm_data { struct mptcp_addr_info local; struct mptcp_addr_info remote; struct list_head anno_list; + struct mptcp_addr_info add_cached; spinlock_t lock; /*protects the whole PM data */ From patchwork Mon May 24 07:07:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Geliang Tang X-Patchwork-Id: 12275577 X-Patchwork-Delegate: mat@martineau.name Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B481E2FB1 for ; Mon, 24 May 2021 07:07:35 +0000 (UTC) Received: by mail-pj1-f43.google.com with SMTP id q6so14300812pjj.2 for ; Mon, 24 May 2021 00:07:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mkGpVsD+u+ZfjtXc3EL4gJRgI5tONntnk7TSqOq+LB0=; b=i5umm5toy/1dcDZF7lZ3Eo4DulAf/ZKjBod23tGz2FnZcvDd8Faa8GmCcLygxwY8rJ lqjDbKoddTgN7vDfPUt0LWo3lsGmZY8bxBUdAu9tOjMmIKEvYpC88uxOpCkVy6fBCwfs 6Tx29bDI2uhQQMGmWRqC85IMmGxW8n4OYF+CtghmZDjyHLAgUU1fF2E2a13TUb5/S4Yl /bX7fUesHJSt/wPHEzjYfsggh0mKePE2T6wXaeye/Lc5JsbCF3fd9jys/xRXLuZl6Jji AmDiwdHvDtK+I5X1utyv7Bnfyb7XQ7dRz74PuFzZ3AlXG4YNes21Yvn1KPmP2eWy4rNq CDeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mkGpVsD+u+ZfjtXc3EL4gJRgI5tONntnk7TSqOq+LB0=; b=mzEsO+FdCwJAdqf+vz8h1RCWy2q7vOW7lRB362BPOPshbS7Z5OpqsW76zlST3lUQSl /rSjGEbD4oVeTYB6EHbt/1oh+dSZBaggg2pIyPmom4nJBc6ZPt66yvTrRvngM2u5RPUP 5g4nQXXUClkgqW4JF2EXIgatxOcRmXJVx2UXIp5kPThJfm9DWP2Xbcom6xpkvi2X8QDN C6SqgLwsxPPS3ME44S80RY4yF8slWuYCtbro/cIH/70IbAt96Pb7CwIPEpNdyTSU2LKc zAauYWL6tgzuz9ENYGTiYWDkea1G+WcR50XJSKN1s64pKj8AesaxzdJW2xmpv1F4FDIk 2zhg== X-Gm-Message-State: AOAM532dg0vkSYyrUvIfR/bocwe9eNzYmspwKuohSb3XadwOpA1dQrEh BRP8YvDjEZDKO8/OsMqgRiIBFiVH3nk04w== X-Google-Smtp-Source: ABdhPJx5poQlTv3jun2D8SswyznNtYPwzm6+B/Q5juC7o/6LarjlKAzHbAVuljcIXtOTNyXzKJxE/g== X-Received: by 2002:a17:903:4115:b029:f8:c1c4:2a2d with SMTP id r21-20020a1709034115b02900f8c1c42a2dmr8657746pld.83.1621840055169; Mon, 24 May 2021 00:07:35 -0700 (PDT) Received: from localhost ([209.9.72.213]) by smtp.gmail.com with ESMTPSA id f2sm10570064pgl.67.2021.05.24.00.07.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 May 2021 00:07:34 -0700 (PDT) From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Florian Westphal Subject: [MPTCP][PATCH v7 mptcp-next 4/5] mptcp: add deny_join_id0 in mptcp_options_received Date: Mon, 24 May 2021 15:07:18 +0800 Message-Id: X-Mailer: git-send-email 2.31.1 In-Reply-To: References: <7df5c99cf5336e3c1b0225903c75d01bbcde8daf.1621839764.git.geliangtang@gmail.com> <372e8fb0d481dfed41cf7e01c60b18c55a852f7e.1621839764.git.geliangtang@gmail.com> X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This patch added a new flag named deny_join_id0 in struct mptcp_options_received. Set it when MP_CAPABLE with the flag MPTCP_CAP_DENYJOIN_ID0 is received. Also add a new flag remote_deny_join_id0 in struct mptcp_pm_data. When the flag deny_join_id0 is set, set this remote_deny_join_id0 flag. In mptcp_pm_create_subflow_or_signal_addr, if the remote_deny_join_id0 flag is set, and the remote address id is zero, stop this connection. Suggested-by: Florian Westphal Signed-off-by: Geliang Tang --- net/mptcp/options.c | 6 ++++++ net/mptcp/pm.c | 1 + net/mptcp/pm_netlink.c | 8 +++++++- net/mptcp/protocol.h | 4 +++- net/mptcp/subflow.c | 2 ++ 5 files changed, 19 insertions(+), 2 deletions(-) diff --git a/net/mptcp/options.c b/net/mptcp/options.c index 1e921b5103bf..0d30008f0313 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -83,6 +83,9 @@ static void mptcp_parse_option(const struct sk_buff *skb, if (flags & MPTCP_CAP_CHECKSUM_REQD) mp_opt->csum_reqd = 1; + if (flags & MPTCP_CAP_DENY_JOIN_ID0) + mp_opt->deny_join_id0 = 1; + mp_opt->mp_capable = 1; if (opsize >= TCPOLEN_MPTCP_MPC_SYNACK) { mp_opt->sndr_key = get_unaligned_be64(ptr); @@ -360,6 +363,7 @@ void mptcp_get_options(const struct sock *sk, mp_opt->mp_prio = 0; mp_opt->reset = 0; mp_opt->csum_reqd = READ_ONCE(msk->csum_enabled); + mp_opt->deny_join_id0 = 0; length = (th->doff * 4) - sizeof(struct tcphdr); ptr = (const unsigned char *)(th + 1); @@ -1047,6 +1051,8 @@ void mptcp_incoming_options(struct sock *sk, struct sk_buff *skb) } mptcp_get_options(sk, skb, &mp_opt); + if (mp_opt.deny_join_id0) + WRITE_ONCE(msk->pm.remote_deny_join_id0, true); if (!check_fully_established(msk, sk, subflow, skb, &mp_opt)) return; diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index edc57ff4c1dd..4d26cfacb1de 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -321,6 +321,7 @@ void mptcp_pm_data_init(struct mptcp_sock *msk) WRITE_ONCE(msk->pm.addr_signal, 0); WRITE_ONCE(msk->pm.accept_addr, false); WRITE_ONCE(msk->pm.accept_subflow, false); + WRITE_ONCE(msk->pm.remote_deny_join_id0, false); msk->pm.status = 0; spin_lock_init(&msk->pm.lock); diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 795f6d84bbfc..4e9943ddac50 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -456,10 +456,16 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) if (local) { struct mptcp_addr_info remote = { 0 }; + remote_address((struct sock_common *)sk, &remote); + if (READ_ONCE(msk->pm.remote_deny_join_id0)) { + if (!msk->pm.add_cached.id) + return; + + remote = msk->pm.add_cached; + } msk->pm.local_addr_used++; msk->pm.subflows++; check_work_pending(msk); - remote_address((struct sock_common *)sk, &remote); spin_unlock_bh(&msk->pm.lock); __mptcp_subflow_connect(sk, &local->addr, &remote, local->flags, local->ifindex); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index d28f6cdc9798..6ab29e5076aa 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -138,7 +138,8 @@ struct mptcp_options_received { mp_prio : 1, echo : 1, csum_reqd : 1, - backup : 1; + backup : 1, + deny_join_id0 : 1; u32 token; u32 nonce; u64 thmac; @@ -194,6 +195,7 @@ struct mptcp_pm_data { bool work_pending; bool accept_addr; bool accept_subflow; + bool remote_deny_join_id0; u8 add_addr_signaled; u8 add_addr_accepted; u8 local_addr_used; diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 0f4dc708e9b2..629be94f4d75 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -408,6 +408,8 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) if (mp_opt.csum_reqd) WRITE_ONCE(mptcp_sk(parent)->csum_enabled, true); + if (mp_opt.deny_join_id0) + WRITE_ONCE(mptcp_sk(parent)->pm.remote_deny_join_id0, true); subflow->mp_capable = 1; subflow->can_ack = 1; subflow->remote_key = mp_opt.sndr_key; From patchwork Mon May 24 07:07:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Geliang Tang X-Patchwork-Id: 12275579 X-Patchwork-Delegate: mat@martineau.name Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E13A72FB1 for ; Mon, 24 May 2021 07:07:38 +0000 (UTC) Received: by mail-pg1-f177.google.com with SMTP id 6so19410175pgk.5 for ; Mon, 24 May 2021 00:07:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PhL4l4bXEl7R0oT3JjOVrtoWSIsA/XWrOPz8BhcuSrY=; b=dQuJ5F6WlrpbzmlImRB3wMfdk7PrWA2eqACA5kVaQj67tjBR7BCu7M0u5ldalhoij4 tmpIBlpmNiTBQ478CG150bbGv43JMqgtBctSCAEN/ykw0PqiDFHWttukFGHSjvdjnhVv /38z+HnDKisRaXgcOWGNK3iBfCGYWTqgknqAh8UdcX76f7z5XP1J+9YJGzCFT4NY+YGu 28XolEB2lsjnA53/LuWZn+nclwjQsl/S+bU3eB0gVkp0vTJyOE4m3UcOhhRtoBAmtEcQ p1gkej2XBvC7TvNS4nH7BWRQ38JQ281CwMPtdwDNx0ibw3SUIhfAUsHHRflGnBOkxV+Z T+jQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PhL4l4bXEl7R0oT3JjOVrtoWSIsA/XWrOPz8BhcuSrY=; b=DVPzt6pEwJoLD8IxCyHEbp9TD4T8qjXYWMMhMjvujWyL6ZM5isJNhIh+LjgJQypk0n QLoJ5U2vAEcY6V8P2cIl6WHeYxjPlO8NlwuVDpJfmqCe9R4dZfcczgan8Hug/KksxGeu +Hj684VotD9cgq+QNlg7prXnOGsqkY404AXr5oRlAInIDHmJCWby/QF8QVaZqC+CM/60 D6c4rlqeYyXdqvMVDhz386sW0jQ0e9ppcF9iQcwXCtgkrK2xx0Y9AoXWYbg8Y8Rj7D9E jhth2pFuchF5RF0pVx+fweICroRn3Ew6b2+AxQS6aO3iKSceBVFc+mLB41CSE05yN9dr ZMgg== X-Gm-Message-State: AOAM531LysKZ81gG/PIbue1/AITQ33s33M0b/NRrSap0B0QZNmSAWW6s TLXMF4539dzESASfi/1lqvr6RR7cYfarWA== X-Google-Smtp-Source: ABdhPJzZk5cTZ9PlZde7wNA+DvKhDoTVHst9MOMaHeNQT7/UkeHYCJchHQOHIcKGuVs5UiUpHgAIPg== X-Received: by 2002:a63:3444:: with SMTP id b65mr12052749pga.185.1621840058339; Mon, 24 May 2021 00:07:38 -0700 (PDT) Received: from localhost ([209.9.72.213]) by smtp.gmail.com with ESMTPSA id w206sm9983422pfc.61.2021.05.24.00.07.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 May 2021 00:07:38 -0700 (PDT) From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang Subject: [MPTCP][PATCH v7 mptcp-next 5/5] selftests: mptcp: add deny_join_id0 testcases Date: Mon, 24 May 2021 15:07:19 +0800 Message-Id: <9b9f755abe6eb4fc13d14035dc9f10a87536b359.1621839764.git.geliangtang@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: <7df5c99cf5336e3c1b0225903c75d01bbcde8daf.1621839764.git.geliangtang@gmail.com> <372e8fb0d481dfed41cf7e01c60b18c55a852f7e.1621839764.git.geliangtang@gmail.com> X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This patch added a new argument '-d' for mptcp_join.sh script, to invoke the testcases for the MP_CAPABLE 'C' flag. Signed-off-by: Geliang Tang --- .../testing/selftests/net/mptcp/mptcp_join.sh | 73 ++++++++++++++++++- 1 file changed, 72 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 523c7797f30a..02b934f47f65 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -139,6 +139,17 @@ reset_with_checksum() ip netns exec $ns2 sysctl -q net.mptcp.checksum_enabled=$ns2_enable } +reset_with_allow_join_id0() +{ + local ns1_enable=$1 + local ns2_enable=$2 + + reset + + ip netns exec $ns1 sysctl -q net.mptcp.allow_join_initial_addr_port=$ns1_enable + ip netns exec $ns2 sysctl -q net.mptcp.allow_join_initial_addr_port=$ns2_enable +} + ip -Version > /dev/null 2>&1 if [ $? -ne 0 ];then echo "SKIP: Could not run test without ip tool" @@ -1462,6 +1473,61 @@ checksum_tests() chk_csum_nr "checksum test 1 0" } +deny_join_id0_tests() +{ + # subflow allow join id0 ns1 + reset_with_allow_join_id0 1 0 + ip netns exec $ns1 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "single subflow allow join id0 ns1" 1 1 1 + + # subflow allow join id0 ns2 + reset_with_allow_join_id0 0 1 + ip netns exec $ns1 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "single subflow allow join id0 ns2" 0 0 0 + + # signal address allow join id0 ns1 + reset_with_allow_join_id0 1 0 + ip netns exec $ns1 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl limits 1 1 + ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "signal address allow join id0 ns1" 1 1 1 + chk_add_nr 1 1 + + # signal address allow join id0 ns2 + reset_with_allow_join_id0 0 1 + ip netns exec $ns1 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl limits 1 1 + ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "signal address allow join id0 ns2" 1 1 1 + chk_add_nr 1 1 + + # subflow and address allow join id0 ns1 + reset_with_allow_join_id0 1 0 + ip netns exec $ns1 ./pm_nl_ctl limits 2 2 + ip netns exec $ns2 ./pm_nl_ctl limits 2 2 + ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal + ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "subflow and address allow join id0 1" 2 2 2 + + # subflow and address allow join id0 ns2 + reset_with_allow_join_id0 0 1 + ip netns exec $ns1 ./pm_nl_ctl limits 2 2 + ip netns exec $ns2 ./pm_nl_ctl limits 2 2 + ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal + ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "subflow and address allow join id0 2" 2 2 2 +} + all_tests() { subflows_tests @@ -1476,6 +1542,7 @@ all_tests() add_addr_ports_tests syncookies_tests checksum_tests + deny_join_id0_tests } usage() @@ -1493,6 +1560,7 @@ usage() echo " -p add_addr_ports_tests" echo " -k syncookies_tests" echo " -S checksum_tests" + echo " -d deny_join_id0_tests" echo " -c capture pcap files" echo " -C enable data checksum" echo " -h help" @@ -1528,7 +1596,7 @@ if [ $do_all_tests -eq 1 ]; then exit $ret fi -while getopts 'fsltra64bpkchCS' opt; do +while getopts 'fsltra64bpkdchCS' opt; do case $opt in f) subflows_tests @@ -1566,6 +1634,9 @@ while getopts 'fsltra64bpkchCS' opt; do S) checksum_tests ;; + d) + deny_join_id0_tests + ;; c) ;; C)