From patchwork Mon Feb 19 03:28:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13562149 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F17404414 for ; Mon, 19 Feb 2024 03:29:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313356; cv=none; b=aQi4YLI8rqkq2zcOl6n0AwpOLobte/YPW4eeolJfHa9jRlAmdCq1e1q5ifHKTFF4kWdnHuFNg29SCUnURwz/5A4IBBpTxWmQBRge2JJUzmCyKuRLDtPy7QcP/QQN8Gt/yGYpDncW/5PTXIsvQNW6sUx0ZaXGoZXaaXpEUPtKcFM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313356; c=relaxed/simple; bh=/dbStDVEktR0UsVQ+/dQhQVkIN/iqXYzYBweRKl7zPs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Ebg1Cex0h6E4R3xNyM3B6ZPeQxzTbW3vPPCgBrukJU0tzwu0OFVHpXaM1FjIdL1LMX+vFnlILIZMFPPZiaEAkQxjHYXiGKfMVIdgPV1CldoaLr357ddt+Xh5xk1K7KrgW9d6eekzpB13QERYS0y2Y+3Ee/x9v90zBoyYeRWEAD0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=H0X/KVPN; arc=none smtp.client-ip=209.85.216.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="H0X/KVPN" Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-29954bb87b4so748790a91.2 for ; Sun, 18 Feb 2024 19:29:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708313354; x=1708918154; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7H9Q/kPjFOvJNIuBeuI+vbrAPgxPqkEtPTUzJ+HZ7kU=; b=H0X/KVPNMVYGnS1kpic1DMbszRK//n0tT1cAKaT3DiMZ8Si1YAHDhwMTFWjeqGjnQq jKfKJaDe0ybLJO3XmMLnVGCDCSbMaB+Fr3lWE5HUcryoOEtF0o2k9lOZzbjae2vQJMSw aNIMpTEZYGdIe4DteEDqUtmS2SA5UgDskJEf9n71njpxojQmBji4HctCZzfTPlIc0l/e l6/3SfOVh5RcWSxKHU+KgTRv6H/W18uaqdfkm1DTLlMwUq9GzwpMJsEo9ZQ6ss4R6uxh 3eV5UtcUCy5inKxnLYcBevsTqqHe7frTkfI9XO3DCPdwfo4Bn155FncuUa3agQ7fiQZD HexA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708313354; x=1708918154; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7H9Q/kPjFOvJNIuBeuI+vbrAPgxPqkEtPTUzJ+HZ7kU=; b=JIrywH3LF090ALbtcAEMN2asxONyWiM8ZjPvTlvDGtUy5ryE2xvskcObDmTRpPdQgz 5EXPkvqsJJWytPT4JMZ9kv7En/rRufLZhl5w3tKrZXtmD+HR87z2CwhqiLJ7+Q5fUkRd 9cRVkHCiv3Il+5TH9K/oXa9luXTC1K3z6m0s//mF8mMlaaQili5LyiIGIMzm73/kzaBf ToyfBH5Ryv8hJzoifFedF4Tn7GpRQAOkItNEUfCgyiiTSXGRGGn2vlPAD2u0NsTVzwvV 040ysbyRlgPCY8oCq5Ozg0+e89pk0BKDPN5/cZbtdGbyGNqiHZgHJUW0VxG3zLdcPJTG lUfQ== X-Gm-Message-State: AOJu0YwrtsnQPi26h2loG2BcuJfRoObsvbffvevwdoQE4cdLcBmCgtua r5b01VBzTqsFm8t33Hj2W0fWAeoVtMQeg20Qa05asqkT0NShdgsM X-Google-Smtp-Source: AGHT+IEW09SIgtzYM/HoHbbxGbiRjGUdAkbzdwEdd8OrgzZxzP+RoZgWSRe+epPW88YB6nOPP66HWw== X-Received: by 2002:a17:90b:111:b0:299:2c43:662e with SMTP id p17-20020a17090b011100b002992c43662emr6387568pjz.31.1708313354312; Sun, 18 Feb 2024 19:29:14 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.20]) by smtp.gmail.com with ESMTPSA id cs16-20020a17090af51000b002992f49922csm3968921pjb.25.2024.02.18.19.29.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Feb 2024 19:29:13 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v6 01/11] tcp: add a dropreason definitions and prepare for cookie check Date: Mon, 19 Feb 2024 11:28:28 +0800 Message-Id: <20240219032838.91723-2-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240219032838.91723-1-kerneljasonxing@gmail.com> References: <20240219032838.91723-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Only add one drop reason to detect the condition of skb dropped because of hook points in cookie check for later use. Signed-off-by: Jason Xing --- v6 Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Modify the description NO_SOCKET to extend other two kinds of invalid socket cases. What I think about it is we can use it as a general indicator for three kinds of sockets which are invalid/NULL, like what we did to TCP_FLAGS. Any better ideas/suggestions are welcome :) v5 Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ Link: https://lore.kernel.org/netdev/632c6fd4-e060-4b8e-a80e-5d545a6c6b6c@kernel.org/ 1. Use SKB_DROP_REASON_IP_OUTNOROUTES instead of introducing a new one (Eric, David) 2. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 3. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD 4. Reuse IP_OUTNOROUTES instead of INVALID_DST (Eric) 5. adjust the title and description. v4 Link: https://lore.kernel.org/netdev/20240212172302.3f95e454@kernel.org/ 1. fix misspelled name in kdoc as Jakub said --- include/net/dropreason-core.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 6d3a20163260..3c867384dead 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -54,6 +54,7 @@ FN(NEIGH_QUEUEFULL) \ FN(NEIGH_DEAD) \ FN(TC_EGRESS) \ + FN(SECURITY_HOOK) \ FN(QDISC_DROP) \ FN(CPU_BACKLOG) \ FN(XDP) \ @@ -105,7 +106,13 @@ enum skb_drop_reason { SKB_CONSUMED, /** @SKB_DROP_REASON_NOT_SPECIFIED: drop reason is not specified */ SKB_DROP_REASON_NOT_SPECIFIED, - /** @SKB_DROP_REASON_NO_SOCKET: socket not found */ + /** + * @SKB_DROP_REASON_NO_SOCKET: no invalid socket that can be used. + * Reason could be one of three cases: + * 1) no established/listening socket found during lookup process + * 2) no invalid request socket during 3WHS process + * 3) no invalid child socket during 3WHS process + */ SKB_DROP_REASON_NO_SOCKET, /** @SKB_DROP_REASON_PKT_TOO_SMALL: packet size is too small */ SKB_DROP_REASON_PKT_TOO_SMALL, @@ -271,6 +278,8 @@ enum skb_drop_reason { SKB_DROP_REASON_NEIGH_DEAD, /** @SKB_DROP_REASON_TC_EGRESS: dropped in TC egress HOOK */ SKB_DROP_REASON_TC_EGRESS, + /** @SKB_DROP_REASON_SECURITY_HOOK: dropped due to security HOOK */ + SKB_DROP_REASON_SECURITY_HOOK, /** * @SKB_DROP_REASON_QDISC_DROP: dropped by qdisc when packet outputting ( * failed to enqueue to current qdisc) From patchwork Mon Feb 19 03:28:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13562150 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E8CEC4C81 for ; Mon, 19 Feb 2024 03:29:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313359; cv=none; b=IxR/5Dv1lsTS6HChoRLFKJgGSH1hZpk9BiQ2WmJPXpXkc2Rmunb1yQvqlhkInbsLmjGI+iog4c7e8mtKuycF91N5I7gM3CPwZtj4RpvXES6P+Fuh5ku2VVkNbHoGdvsJXEIP28jfjIXnBDOAzlgXdcoaeIxAXlxn6LdIkD46xYc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313359; c=relaxed/simple; bh=beTa8kvuVAR1xuuwoOtkmKnK0Wn7xIsrcdGr8CPSjQQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=OQt0ADKsoMj6P7cungGRu2VZBu/gHt7k1AdxdygRWGnlBw9WSvJtoiE0EEMcE7f9D8U0kGd6sv6i29rrk4WXrGMwVY2Yc5+wWZOW1Cg/++Q40ScPnnISQ2nmWTxjh/tEi0KMqqOsz6xjpDVx8PPh7HTB8vIuSprozvPCc6RyHbk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=aKbB1S71; arc=none smtp.client-ip=209.85.215.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="aKbB1S71" Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-5d4d15ec7c5so3289029a12.1 for ; Sun, 18 Feb 2024 19:29:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708313357; x=1708918157; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=UiHRSiDQCWhkRJWyWtx70sVdTRuKjyaav9BVyuxi7cY=; b=aKbB1S71/OtlO8K6WMPK42aXWaJcxBqkGcAUoOhF6CC5btbZU539+RdB2lPoTzoGoa ngGKmEWRmHX3yQtlu0QM0JAmea8iDAlhfhKcJd54Od98O9iJVuAkduV/WZBBpkwUr5Mp Ft3cZfBvOzxKCH9M5V/c64n/h64krxr0UERzjxRHfWv10v+ivJEUcz/l8DQ78hN+tjTX 9Lm5HMF10YNxCMlgpD7H10XgCuYPh60RUSkSm0TfYCbK5gUf8Uo6KPkB0KLzFuKyjOMl dzlDJ+kQd2KOgktR7nowp66uOPHzzGfi1WL+6IT95dx9h0TRb/WP8kR+p6IF3kn0seVM bdaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708313357; x=1708918157; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UiHRSiDQCWhkRJWyWtx70sVdTRuKjyaav9BVyuxi7cY=; b=wrmT3qk89V3EX+0+QyIu04F0cs9xUHf19AlzNX/bMFDH8WwjM6h0xezVzfYVqxA6Eh GsVj/uXvVCEbn4BsRFTrmyrEinG0Yz0VgvhSTCVjX4VsktumS9ON+D0Kd+W3xsGkBeUl vSEuLc5o46tO4W7SFnfDQkZfS/oTWzbGaIXc/DrnGEYmWdvRu+wMbhSURXvdexEj56UZ Vf5G/1AHanCJd16D+kx2lrvlsjmx9rIdAQMmU3pcQC9kt2xCjFBAAhre14T6Rv4oCH0s 7NzBeQP4OQTqlLAAn+wMi8dwGZFCFeTF8Vvm40b3HEIAbiFGD1sdUhTGZW6hiykzD11Z jJww== X-Gm-Message-State: AOJu0YxezwZ4MbJU+UKX66Yh/YC1YVFLfvrm4+Ptd8OZoFfXhjCXo0ZS 7lnw2PVip5tJW8cPwf76spv7TNvPTtFnT9ML16mqP1dQyVkBcuVG6vxiFRFFvEs= X-Google-Smtp-Source: AGHT+IE/zQLb4Z0dHXYFREmyhWutCKpuQF4hy7nIodsYXy3I3wJE2HvAw7YBdEexEEj8728C9R0zwQ== X-Received: by 2002:a05:6a21:9206:b0:19e:be5c:b7c6 with SMTP id tl6-20020a056a21920600b0019ebe5cb7c6mr15774250pzb.45.1708313357248; Sun, 18 Feb 2024 19:29:17 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.20]) by smtp.gmail.com with ESMTPSA id cs16-20020a17090af51000b002992f49922csm3968921pjb.25.2024.02.18.19.29.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Feb 2024 19:29:16 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v6 02/11] tcp: directly drop skb in cookie check for ipv4 Date: Mon, 19 Feb 2024 11:28:29 +0800 Message-Id: <20240219032838.91723-3-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240219032838.91723-1-kerneljasonxing@gmail.com> References: <20240219032838.91723-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Only move the skb drop from tcp_v4_do_rcv() to cookie_v4_check() itself, no other changes made. It can help us refine the specific drop reasons later. Signed-off-by: Jason Xing Reviewed-by: Kuniyuki Iwashima --- net/ipv4/syncookies.c | 4 ++++ net/ipv4/tcp_ipv4.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index be88bf586ff9..38f331da6677 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -408,6 +408,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) struct rtable *rt; __u8 rcv_wscale; int full_space; + SKB_DR(reason); if (!READ_ONCE(net->ipv4.sysctl_tcp_syncookies) || !th->ack || th->rst) @@ -477,10 +478,13 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) */ if (ret) inet_sk(ret)->cork.fl.u.ip4 = fl4; + else + goto out_drop; out: return ret; out_free: reqsk_free(req); out_drop: + kfree_skb_reason(skb, reason); return NULL; } diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 0c50c5a32b84..0a944e109088 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1915,7 +1915,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) struct sock *nsk = tcp_v4_cookie_check(sk, skb); if (!nsk) - goto discard; + return 0; if (nsk != sk) { if (tcp_child_process(sk, nsk, skb)) { rsk = nsk; From patchwork Mon Feb 19 03:28:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13562151 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F34D55238 for ; Mon, 19 Feb 2024 03:29:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313362; cv=none; b=QiKVqUO+KhOHhzMrmQSvNv5/TDS500VSQPF/cFOHKlNRcHCKoPR3g9pMOuficVONm8zjhIVHCRLW70HCto5V/4ypjfOFjLaoklScwP6rlEgbc7eX/m7e8yVsgCtaszQ+3rjMIkUc0J2pruWS0bUCO4MBo5fC1fL/eMRv3jJ6mwU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313362; c=relaxed/simple; bh=UAJZML+TMbRy7UfxH2m8GRgEJTovA5EGLgeRqhfJeE0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=T/aZdUJxtq1e4aSTnW/2dxTkYBDtSuKrnwxABVxSV3s+vR5R7UKy9VqiNRplajJGvxoe2Pl9z5Ow0obv9/lauftM08DbatQ6ZORTHzrpu63dCOoCGSmYrGrPXIMQoWYs7+e9WbnyPrgx/EzqAvJGncocHcc6urzeW04a+Req3Z8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=C+vCdNxu; arc=none smtp.client-ip=209.85.215.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="C+vCdNxu" Received: by mail-pg1-f170.google.com with SMTP id 41be03b00d2f7-5dcc4076c13so1970175a12.0 for ; Sun, 18 Feb 2024 19:29:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708313360; x=1708918160; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=aiOncSV9yT9HZiAjkpLU1vUm69RWMLdc98c4JFmhts4=; b=C+vCdNxuu4LQWQ7hI6noWwbCNQ6jnyzxXwEZ6FBrOTHkSyACR6oriVoJQxnUu7oeSk 0dM7h6NzBCi05N2eB0me/vRMRGzPYa3fWt21Vk66ipxkyKHY1XATYrC13ecEZwXdSrnr Y7Ag+tno9WrIUSRVozFOp2ddsa+D5bPlEsJc+NE3z8RmQGfQ6Iw/bcwFcSqONwbiiC9t nrzl/Vsc0MZrTUDYVIqFMVqf7MW1zc7kuxSriCMJnt4o5KdWsL7C4ttosGNgjepiRW5b rgv+V/inhoyTdJcjwMkBAW37tyBohKO5uWInLXLQFS2kptpc+3GhBPjz61femBKXFjA3 iNqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708313360; x=1708918160; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aiOncSV9yT9HZiAjkpLU1vUm69RWMLdc98c4JFmhts4=; b=p8HvPM2ZvFu+7j7GNsi1xb9ChpkJPl8bdjkxWBVKis4C9DdvN56xqkE6v8IYbn820x Yk18uNRseNep0Ijw4aB5ZqhsZKv09x9g7C9JhAUpgK8lQuYGWQEalYCkhzAoNaDhxnUz fgq52IcPqDk6svVN/rhiMOF0zFPb+3s2lrokmRePf41/PV9HjbIGrbu5cW9YcaDEcnFm ustkYIyCTJEgJTbJ3yg3CAUz/R6Umqki4msXspBZjGAwu5dKe5Dxdnpm4AIrXtMbPPjN 741Z3IknF3gj7ZxYaBCbBEjjnAsiMxuOK4eCHqdF6aO/uSuF7MoBds+ucsNICDgO/+eC Ry5w== X-Gm-Message-State: AOJu0Yx8fZQrg1SJu7l/YAzmPdMXWoEMhisQTreYtwOUNGPHevQw5Z3T iUiCNvl1ll/q3Ujk8jZrbaPvhWOsxgQSiyoHv6AMsPkruszQVxBu51inmilcEYo= X-Google-Smtp-Source: AGHT+IF1S4nK2oFUQyxYGpRbQ+BWSc/4M9KsgPY7f+w1ElrGUv20ooH0GvGM5N8nGvZdlVSxm5e/Bg== X-Received: by 2002:a17:90a:8546:b0:298:c104:1eb8 with SMTP id a6-20020a17090a854600b00298c1041eb8mr15611695pjw.19.1708313360056; Sun, 18 Feb 2024 19:29:20 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.20]) by smtp.gmail.com with ESMTPSA id cs16-20020a17090af51000b002992f49922csm3968921pjb.25.2024.02.18.19.29.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Feb 2024 19:29:19 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v6 03/11] tcp: use drop reasons in cookie check for ipv4 Date: Mon, 19 Feb 2024 11:28:30 +0800 Message-Id: <20240219032838.91723-4-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240219032838.91723-1-kerneljasonxing@gmail.com> References: <20240219032838.91723-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Now it's time to use the prepared definitions to refine this part. Four reasons used might enough for now, I think. Signed-off-by: Jason Xing --- v6: Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Not use NOMEM because of MPTCP (Kuniyuki). I chose to use NO_SOCKET as an indicator which can be used as three kinds of cases to tell people that we're unable to get a valid one. It's a relatively general reason like what we did to TCP_FLAGS. Any better ideas/suggestions are welcome :) v5: Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ Link: https://lore.kernel.org/netdev/632c6fd4-e060-4b8e-a80e-5d545a6c6b6c@kernel.org/ 1. Use SKB_DROP_REASON_IP_OUTNOROUTES instead of introducing a new one (Eric, David) 2. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 3. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD --- net/ipv4/syncookies.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 38f331da6677..1028429c78a5 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -421,8 +421,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) if (IS_ERR(req)) goto out; } - if (!req) + if (!req) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } ireq = inet_rsk(req); @@ -434,8 +436,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) */ RCU_INIT_POINTER(ireq->ireq_opt, tcp_v4_save_options(net, skb)); - if (security_inet_conn_request(sk, skb, req)) + if (security_inet_conn_request(sk, skb, req)) { + SKB_DR_SET(reason, SECURITY_HOOK); goto out_free; + } tcp_ao_syncookie(sk, skb, req, AF_INET); @@ -452,8 +456,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) ireq->ir_loc_addr, th->source, th->dest, sk->sk_uid); security_req_classify_flow(req, flowi4_to_flowi_common(&fl4)); rt = ip_route_output_key(net, &fl4); - if (IS_ERR(rt)) + if (IS_ERR(rt)) { + SKB_DR_SET(reason, IP_OUTNOROUTES); goto out_free; + } /* Try to redo what tcp_v4_send_synack did. */ req->rsk_window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW); @@ -476,10 +482,12 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) /* ip_queue_xmit() depends on our flow being setup * Normal sockets get it right from inet_csk_route_child_sock() */ - if (ret) + if (ret) { inet_sk(ret)->cork.fl.u.ip4 = fl4; - else + } else { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } out: return ret; out_free: From patchwork Mon Feb 19 03:28:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13562152 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B60FD538B for ; Mon, 19 Feb 2024 03:29:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313365; cv=none; b=NHzTHh/mpM09+VeOmazTELvrYGPOPATHj4a1JaHh0uLFhlTL5GO7ez9cyUR1JLpvSuIAQQKn6QHEGtmRFZ0JxucjvdYHsLHq9VdtQj0vUTa2OAJcAna3O6Ab+FdL2jsyiUpelIudU8rJ0plXB3iFwVVbW6xDTmxI8qHfiIKyTYk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313365; c=relaxed/simple; bh=M5ik+z+WYItjLjr7q6fs9zadDyKS3UFpR51MdbQp0Pw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=mtnQszqu0X/dyfaV9qZDSjaE7JMA2K3hCC5LKS0xr66fH0lzvvDSODY3WOwSzfUZkES6D9TlDdesQXCgGTYQVgHFmlaCD14AGsxNMbdNksdCZpGeult1usMGY2uy+ndPCHXUy6klM7mBC2C5enX8Yn/xwOqz0LDXIpwLmny9xHg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=npxZ6He2; arc=none smtp.client-ip=209.85.216.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="npxZ6He2" Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-29954681b59so684848a91.2 for ; Sun, 18 Feb 2024 19:29:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708313363; x=1708918163; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HhC4suqA+AkuWcTj9371L/OmqaVuRVvfn/7YTCNIeFs=; b=npxZ6He2HeORXy0baWNlYIJ5rzXikSVpmhg6cbylk7m1Id2KoiuRe75bNUCEcWKkd8 3tPWitzkURn1noIkGzIWd+oQ2q4QyEg99W9+4DCjBX6QOfrF3KdMr9JIXy1GVgsIeAFm E286TscjDieN3pxT9EuKmAL5LBIqKeStBL9xKVBJvqHx74rE4x8J4pdFQssu/gTwk+ie NN3lmdmF36DjKUuKjYXMns55vSc8EurpjZmqMPKS4oNa2r+OxmAnoSe1RfWvOWaUK+CI OZJsk3wpGKyNdra6O13aw8TVX8ntjGFte+YfkItK8SIPHzmfdFvver75yunq2ARI96Fx fVeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708313363; x=1708918163; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HhC4suqA+AkuWcTj9371L/OmqaVuRVvfn/7YTCNIeFs=; b=H8257FUXEc1X+sxedpn+h08soEzlPb84lMYP4Fkvv3veE1clmIQaFwBxsmLfPE3YIR aVeGmTt+GIoI4XvqVRcnc4iN0NNQ+Gyn6N75rhOLP4Jc9CBP0ePXxMmdjI3WbDBWVuy5 Mkmk+PZhLvUmyCU1El4Pj+AMY4zYtMQ5bUJBYy0fMV2klsD4VAZWoWJpYlIYH6oQ6KoK dCxZRKL1z6ducuqhKUDUGOJSkqYOvuNTmYkLIT+MBBXLkqvHYfaQP6w7+Vkp7A3o1Fmx OxejZ+EcNSsgEuSP38Dmj1V5Hr1shu1xtLqy21li8BMqbR9HZkWX2CI6RaCjURn1BdzY voFw== X-Gm-Message-State: AOJu0YzRNsBdKXjt1SjCjiFQE9uDrE91X6eW2/Ao+UsQ5MZy1BDKD4Hg fSYNkAVTkjdEP0HmUQrGTsT5+3JGbCIn6MnH5gR4nJ2S7oDVOjVg X-Google-Smtp-Source: AGHT+IGQiaph2i+d/W7BpKx4l4mwWjzjz7LLo4BtPDIrSFCk++KAPSQFEa09u6dLlc4Eb+e5q0yZUA== X-Received: by 2002:a17:90a:17a4:b0:299:b60:ff0e with SMTP id q33-20020a17090a17a400b002990b60ff0emr8083621pja.13.1708313362903; Sun, 18 Feb 2024 19:29:22 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.20]) by smtp.gmail.com with ESMTPSA id cs16-20020a17090af51000b002992f49922csm3968921pjb.25.2024.02.18.19.29.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Feb 2024 19:29:22 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v6 04/11] tcp: directly drop skb in cookie check for ipv6 Date: Mon, 19 Feb 2024 11:28:31 +0800 Message-Id: <20240219032838.91723-5-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240219032838.91723-1-kerneljasonxing@gmail.com> References: <20240219032838.91723-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Like previous patch does, only moving skb drop logical code to cookie_v6_check() for later refinement. Signed-off-by: Jason Xing --- v6 Link: https://lore.kernel.org/all/c987d2c79e4a4655166eb8eafef473384edb37fb.camel@redhat.com/ Link: https://lore.kernel.org/all/CAL+tcoAgSjwsmFnDh_Gs9ZgMi-y5awtVx+4VhJPNRADjo7LLSA@mail.gmail.com/ 1. take one case into consideration, behave like old days, or else it will trigger errors. v5 Link: https://lore.kernel.org/netdev/CANn89iKz7=1q7e8KY57Dn3ED7O=RCOfLxoHQKO4eNXnZa1OPWg@mail.gmail.com/ 1. avoid duplication of these opt_skb tests/actions (Eric) --- net/ipv6/syncookies.c | 4 ++++ net/ipv6/tcp_ipv6.c | 7 +++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 6b9c69278819..ea0d9954a29f 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c @@ -177,6 +177,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) struct sock *ret = sk; __u8 rcv_wscale; int full_space; + SKB_DR(reason); if (!READ_ONCE(net->ipv4.sysctl_tcp_syncookies) || !th->ack || th->rst) @@ -256,10 +257,13 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ireq->ecn_ok &= cookie_ecn_ok(net, dst); ret = tcp_get_cookie_sock(sk, skb, req, dst); + if (!ret) + goto out_drop; out: return ret; out_free: reqsk_free(req); out_drop: + kfree_skb_reason(skb, reason); return NULL; } diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 57b25b1fc9d9..4cfeedfb871f 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1653,12 +1653,11 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) if (sk->sk_state == TCP_LISTEN) { struct sock *nsk = tcp_v6_cookie_check(sk, skb); - if (!nsk) - goto discard; - - if (nsk != sk) { + if (nsk && nsk != sk) { if (tcp_child_process(sk, nsk, skb)) goto reset; + } + if (!nsk || nsk != sk) { if (opt_skb) __kfree_skb(opt_skb); return 0; From patchwork Mon Feb 19 03:28:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13562153 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D8DA953B8 for ; Mon, 19 Feb 2024 03:29:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313368; cv=none; b=hecdVibUqC2HM7jrZbkcBZA5+5ZPykeFlm4nnQtEaMKmitiQrMpGeC+tugCdr+uXsV3VAY7ixGNZPKppptzUGASWIhKW0wqwM2R2YqmkHPHHiSNz+UZCJMTPhtHUMG9RFPRwYgtMiayyLH9NTOYibN0UtxEua7vLgrqoQXbIqyU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313368; c=relaxed/simple; bh=vrwHOQrkYWZJHHyBK1czZNZtq4kCFj/6UeI03PC/L4s=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Tg5s9xkF2OmEB3Vih7kA0mjLDvH2hU7OnMQdunuswy2UXlBla7Wqg8b+M7xrgGHWC5Y70Ezp2Z9TE4Xt00u3rML/iV1lbrM31yqpc+pby93Aw3ijS8/GtrDAx+xUcHH29BhxGlwVciMOBhiczViyLT64gpG54F+dTPKsInEbDNY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=BmcMmUBx; arc=none smtp.client-ip=209.85.215.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="BmcMmUBx" Received: by mail-pg1-f175.google.com with SMTP id 41be03b00d2f7-53fa455cd94so2798124a12.2 for ; Sun, 18 Feb 2024 19:29:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708313366; x=1708918166; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=X8iqFTRpqy3PRXp8DiJCTCYAi+UJa4eByPGTpJmMuc4=; b=BmcMmUBxkok1ZFREUWwu1pWX2a9NQiEkdWla0gOflfUdsJsS42qhZAJhA0J05fxmDV 6pg1hG95t22Fu8sRqDIKFZnCaBK6Ay3sQc8oMXWnArZ5tGz3+gone0682b6mrSoiU0DP NyyEAT6aibwTz1tXwxtGmoOt3BD+9LizEryQatRaSOxs6dA8PSEjeRp8wrXYviDl+5Z5 IOt0eHVSpQVXeHs41IZuOPtbvEbDW8zNFfu3He+qLaEq/GmncwGFkmhJRObUEhhrDpW+ g7SAvfyVEn3LeplpKMw1Lzke5CnqtGoIgv6577ov4wmiToPrOBycWlbDKwKUjWdnyl4x taiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708313366; x=1708918166; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=X8iqFTRpqy3PRXp8DiJCTCYAi+UJa4eByPGTpJmMuc4=; b=T+ucUzBplxlxN0E5iFJtIWaKTDXn3KU1Rp4e7kclCkx/3glhB0w+RLbC+R9UHTf2vF JkaAMBJ7xwcRi7yT3nitL5W7WIIOSWGM0dI+6ySw+3doGNdWky4nVSxt1poXfDL7Ymsi aPVYammw/LefbhyJU7wPr5yqPajJ/saAutZ8TzbK31GcVOrcg+kkv14OISt0vrSnFnHh 1zRxyKZufNVWvpTIg/GLHy16y/EGeElOMEzV50WFQ0tLS7dK9z5X0UgCmkXSWLXMbzDr wV/59ocDarkTxTT08bjVOsIX5aD2neWVUOqrTinddb00ODYBIOwR1ctEdFwA6ScnFgwP JAtA== X-Gm-Message-State: AOJu0YyYf3qLTvSw9W6oSTb+B358PaMbKKr9rptnUZz7Pk9pH29Tfsvn HiLW+SRRQY6UkYU0w/R61de7yaZ6NICdTWXZ+9nStiseRD2mc2Pr X-Google-Smtp-Source: AGHT+IE7PSEyZeINFR6CdsZIBr3SDdrlVHCIhkAYtjp4kdpK1Vo9rLU4JAsOk05/YFGCsB+080lwbw== X-Received: by 2002:a17:90b:304:b0:299:df2:66b2 with SMTP id ay4-20020a17090b030400b002990df266b2mr8312086pjb.22.1708313365802; Sun, 18 Feb 2024 19:29:25 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.20]) by smtp.gmail.com with ESMTPSA id cs16-20020a17090af51000b002992f49922csm3968921pjb.25.2024.02.18.19.29.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Feb 2024 19:29:25 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v6 05/11] tcp: use drop reasons in cookie check for ipv6 Date: Mon, 19 Feb 2024 11:28:32 +0800 Message-Id: <20240219032838.91723-6-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240219032838.91723-1-kerneljasonxing@gmail.com> References: <20240219032838.91723-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Like what I did to ipv4 mode, refine this part: adding more drop reasons for better tracing. Signed-off-by: Jason Xing --- v6: Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Not use NOMEM because of MPTCP (Kuniyuki). I chose to use NO_SOCKET as an indicator which can be used as three kinds of cases to tell people that we're unable to get a valid one. It's a relatively general reason like what we did to TCP_FLAGS. v5: Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ 1. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 2. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD 3. Reuse IP_OUTNOROUTES instead of INVALID_DST (Eric) --- net/ipv6/syncookies.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index ea0d9954a29f..8bad0a44a0a6 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c @@ -190,16 +190,20 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) if (IS_ERR(req)) goto out; } - if (!req) + if (!req) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } ireq = inet_rsk(req); ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; - if (security_inet_conn_request(sk, skb, req)) + if (security_inet_conn_request(sk, skb, req)) { + SKB_DR_SET(reason, SECURITY_HOOK); goto out_free; + } if (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) || np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || @@ -236,8 +240,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) security_req_classify_flow(req, flowi6_to_flowi_common(&fl6)); dst = ip6_dst_lookup_flow(net, sk, &fl6, final_p); - if (IS_ERR(dst)) + if (IS_ERR(dst)) { + SKB_DR_SET(reason, IP_OUTNOROUTES); goto out_free; + } } req->rsk_window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW); @@ -257,8 +263,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ireq->ecn_ok &= cookie_ecn_ok(net, dst); ret = tcp_get_cookie_sock(sk, skb, req, dst); - if (!ret) + if (!ret) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } out: return ret; out_free: From patchwork Mon Feb 19 03:28:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13562154 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 505A65681 for ; Mon, 19 Feb 2024 03:29:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313370; cv=none; b=RHgmOwUeFRSNlUhFppO8lSQtOjbJzrzWec+OJiY1RF5bivZrpjJNEcMP/wsTBsuBzRO4BcdUd1KSkoIYB0OBLWzC99KSv9g5Bbmu233VdFK+csi5IDjkL/zZoDqUR6OWPBzbRWTn8edtWMrzl7GeGtpHkSoqy9zoYzYv5j6/LX0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313370; c=relaxed/simple; bh=KAj9xfwEGa6SjGm8x4hCEONlZ+giy8Ehdu/2/QOPKKM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=X8KZMJ0eDlsBYS1a2/xiNzlvEamhM+AzQ3n59bqh2ODGi7jHgsM+jHeO+Ab7kaWtYimcue89uGsgzBofUzJQd8VKBg7sw+OyNzy5fV50pg8IGpzLplB6GqyFEI61btBEUdHnKXcnWuqgQ+jJGVldA3Mo2S8hU76j4eH17fuhaq0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=JpPGGGIQ; arc=none smtp.client-ip=209.85.216.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="JpPGGGIQ" Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-296a02b7104so2904829a91.2 for ; Sun, 18 Feb 2024 19:29:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708313368; x=1708918168; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YM5U9V2XSZCs4Epf5JzjpuOVpIlEpgZgzWTMDM5kvdA=; b=JpPGGGIQkcrH2qy4PBOIujgRXDjmBLsXJT7wSsin+QleDUAXchRyozTP6yQDPoxtcm l8d0Slva3mgmGACQNa5ZZ4DkvOqMkdBytdjvGtz5mie6prQgEYTz8T6herjprCdbawis yoZ2aWxT48mNQIGyXv/+LJyLGhRzIWuY7b67ja1WK6CayIRpmfFgZufYF7UkJz0MRLKj +ABcyO17tDkJRWJNrxH0Z7xse/I7GL3M6JtDKMUV5LaAWS00vhVSAQ0lt0hTRMJ3qTLG spm3FlZeTgeJIY5rcsvMTfI7Tbu7SXn+hcmOT0A9+iWKwjTRtSGUiNIuLkfo2B+JQvd6 Pfhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708313368; x=1708918168; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YM5U9V2XSZCs4Epf5JzjpuOVpIlEpgZgzWTMDM5kvdA=; b=sYQ29kcAYhpc49r5TwihrBYGeB++eiKcue5lsZTQp04gd6nZQs+bgyWCh/i/4Uo42y RwDz2s7GAGvTzghtj3Dip+NQxUaXZkHT7kYhfY2s3p7Pltm2F4x28iOcsNU4gt4mrM5U 1j8Ya9OSYQ9YCNPT1WW1HRwOf36rmWdJcXcpBOsj83ctC3RxAVnYdQUEJr0akgcNn5a8 V8WzzBYD36l4m5sJY1a5BdKVbCdm+gDdqKx/G9qoyMJqwWJDx1t45/uwBeIKgnspY2o4 aOILr5/SnaRBAeN/harx6dtEwXCzA8mMYRpIcvojK8VtvByiKmJBiRkTwCcX+mIVeTqB cy0g== X-Gm-Message-State: AOJu0Yz1Rb2y9136XSysOytmVM5Rl+FTR99sjIEs0iL8m3QiHU62fubZ YQ/iGoc2xajdtXzbaG+MYaL64snJMdtK9jaAHN9EDA/JPnywsDMg X-Google-Smtp-Source: AGHT+IHdnymzjRJ3afiQDAFSWHg/nmgvu81cXO3WuTOIZwbSW5cYVRccFg7hAnRyf9EjEjZT+4H0eg== X-Received: by 2002:a17:90b:78c:b0:299:5401:89d2 with SMTP id l12-20020a17090b078c00b00299540189d2mr2915256pjz.45.1708313368647; Sun, 18 Feb 2024 19:29:28 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.20]) by smtp.gmail.com with ESMTPSA id cs16-20020a17090af51000b002992f49922csm3968921pjb.25.2024.02.18.19.29.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Feb 2024 19:29:28 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v6 06/11] tcp: introduce dropreasons in receive path Date: Mon, 19 Feb 2024 11:28:33 +0800 Message-Id: <20240219032838.91723-7-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240219032838.91723-1-kerneljasonxing@gmail.com> References: <20240219032838.91723-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Soon later patches can use these relatively more accurate reasons to recognise and find out the cause. Signed-off-by: Jason Xing --- v5: Link: https://lore.kernel.org/netdev/3a495358-4c47-4a9f-b116-5f9c8b44e5ab@kernel.org/ 1. Use new name (TCP_ABORT_ON_DATA) for readability (David) 2. change the title of this patch --- include/net/dropreason-core.h | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 3c867384dead..402367bfa56f 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -30,6 +30,7 @@ FN(TCP_AOFAILURE) \ FN(SOCKET_BACKLOG) \ FN(TCP_FLAGS) \ + FN(TCP_ABORT_ON_DATA) \ FN(TCP_ZEROWINDOW) \ FN(TCP_OLD_DATA) \ FN(TCP_OVERWINDOW) \ @@ -37,6 +38,7 @@ FN(TCP_RFC7323_PAWS) \ FN(TCP_OLD_SEQUENCE) \ FN(TCP_INVALID_SEQUENCE) \ + FN(TCP_INVALID_ACK_SEQUENCE) \ FN(TCP_RESET) \ FN(TCP_INVALID_SYN) \ FN(TCP_CLOSE) \ @@ -204,6 +206,11 @@ enum skb_drop_reason { SKB_DROP_REASON_SOCKET_BACKLOG, /** @SKB_DROP_REASON_TCP_FLAGS: TCP flags invalid */ SKB_DROP_REASON_TCP_FLAGS, + /** + * @SKB_DROP_REASON_TCP_ABORT_ON_DATA: abort on data, corresponding to + * LINUX_MIB_TCPABORTONDATA + */ + SKB_DROP_REASON_TCP_ABORT_ON_DATA, /** * @SKB_DROP_REASON_TCP_ZEROWINDOW: TCP receive window size is zero, * see LINUX_MIB_TCPZEROWINDOWDROP @@ -228,13 +235,19 @@ enum skb_drop_reason { SKB_DROP_REASON_TCP_OFOMERGE, /** * @SKB_DROP_REASON_TCP_RFC7323_PAWS: PAWS check, corresponding to - * LINUX_MIB_PAWSESTABREJECTED + * LINUX_MIB_PAWSESTABREJECTED, LINUX_MIB_PAWSACTIVEREJECTED */ SKB_DROP_REASON_TCP_RFC7323_PAWS, /** @SKB_DROP_REASON_TCP_OLD_SEQUENCE: Old SEQ field (duplicate packet) */ SKB_DROP_REASON_TCP_OLD_SEQUENCE, /** @SKB_DROP_REASON_TCP_INVALID_SEQUENCE: Not acceptable SEQ field */ SKB_DROP_REASON_TCP_INVALID_SEQUENCE, + /** + * @SKB_DROP_REASON_TCP_INVALID_ACK_SEQUENCE: Not acceptable ACK SEQ + * field. because of ack sequence is not in the window between snd_una + * and snd_nxt + */ + SKB_DROP_REASON_TCP_INVALID_ACK_SEQUENCE, /** @SKB_DROP_REASON_TCP_RESET: Invalid RST packet */ SKB_DROP_REASON_TCP_RESET, /** From patchwork Mon Feb 19 03:28:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13562156 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B32E4524A for ; Mon, 19 Feb 2024 03:29:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313379; cv=none; b=Zqz4p+Wogwsitn11oUqvjsM0CUd0N04M4KBQfJEloiLtD2S6M//Cwk525+9wOp7hE168Tac7Edy6SwaVGBXtpCCemqB8ip/ltdKP/bzSf11cR39soj5db6Jqe3ADF2vMhq3zVduL8HGipuWILA7ftp0n9GN2lGO/lzjewstt8+E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313379; c=relaxed/simple; bh=OU2uwqIjOfTh+AmFOfGudPP/RW1PKWT8VrA1aJ85WeI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=PIYmXCfmKwNxyYIxgfmLV3jlc/r0W4Jd/EEqJi+u4QMtKQtrusO7VWfIcrHfVRL0q+K0qhPHhg03RJo3JbtOmuRdyUNhgUaqeJZY31f7AN2C+KQQ+sSli9jIQDfirZqaYmhrvWmQGHHKyWkeH4aTVDakCrN2d8j2pZcIGqVNePs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=SwMRtUjh; arc=none smtp.client-ip=209.85.216.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="SwMRtUjh" Received: by mail-pj1-f47.google.com with SMTP id 98e67ed59e1d1-2995fa850ddso711018a91.0 for ; Sun, 18 Feb 2024 19:29:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708313377; x=1708918177; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3U8r7pHM6I/hcOWbq8mog8dHQKxp/aJ6JsR5ie6qaU0=; b=SwMRtUjhTSYb9aYp8W8o8ysvY14VVx66QFQDNI+dHhLovbGS+dzps3jLDcNgn7jJwW lFrldEXHL0HnoRWr6AGoiHrgBOUleTfeuYWe4C1zrO8bfM03J0B4+Oijq5jWJn9xOv3Q DKZ+aQFbYnPHpLUj1khL6rQVtGd4/8RCcIq8aqjjEeCcBYPl7ggz4uyLZ6hmPF9gBhYL fUOuz6YPmPmkUpYaTurKbZZPGJ5+AXSgIqskHYVMyLXIilR4J3h+0pFuY0VPEaW9LAQ8 7c9qjEFT+hbTmR3iTMzzBPobQPSHrzqO5lZ5ey+RHLhZSvCcDZ9gXKSFIZzGpDdmxXGo I5/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708313377; x=1708918177; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3U8r7pHM6I/hcOWbq8mog8dHQKxp/aJ6JsR5ie6qaU0=; b=aynj+pPil9PJ8TuZ549ZrAf0PQI6dgca9RG9P23d6YFLhjRSgsL1zphTieVe/ZsFYb cqsvHgXrXZkywV9z1rz/sq0PxQZE4RpWUSNMQ7Vfk/dgvcEQkuErBTnl7Nu1zMzTWGPf qvpWxwXwIbvpHsph7GD6qgSEHPSNVRST8y9SjF2qD9Lflxiq9ArPK1vYKW3nZN/G0DD6 2zcaY38nADiHHkkHV2EOu3NxlWQEx9PhoJe/+3YV2SfeY9qex+8yjFjQYuWxpQ9W0Y35 v1JygJLs9w3mi245vZyE7ivIGEm20bMP12mVPEIBYnaln4eDdqGtlK6yZ0zt2XyzpvyR aY5w== X-Gm-Message-State: AOJu0Yxgxzl2MggUVu6Y89WyRzdvwZRoNxJfZuU8C1KCJiUButSny2z0 ahRsGC5V63URYw1I3JYrMVoYC3f+LqGX0tS1h2uMSnuRN54g/5lt X-Google-Smtp-Source: AGHT+IFfcDj9wBsDRHfZcaVnJwwjCYeCvis5QbMt008g2yJCaJkCKAvDDnBIPHeuld2c4FAQIwJZNg== X-Received: by 2002:a17:90b:4388:b0:299:88b6:7d93 with SMTP id in8-20020a17090b438800b0029988b67d93mr3030406pjb.17.1708313371447; Sun, 18 Feb 2024 19:29:31 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.20]) by smtp.gmail.com with ESMTPSA id cs16-20020a17090af51000b002992f49922csm3968921pjb.25.2024.02.18.19.29.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Feb 2024 19:29:31 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v6 07/11] tcp: add more specific possible drop reasons in tcp_rcv_synsent_state_process() Date: Mon, 19 Feb 2024 11:28:34 +0800 Message-Id: <20240219032838.91723-8-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240219032838.91723-1-kerneljasonxing@gmail.com> References: <20240219032838.91723-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing This patch does two things: 1) add two more new reasons 2) only change the return value(1) to various drop reason values for the future use For now, we still cannot trace those two reasons. We'll implement the full function in the subsequent patch in this serie. Signed-off-by: Jason Xing --- net/ipv4/tcp_input.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 74c03f0a6c0c..83308cca1610 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6361,6 +6361,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, TCP_TIMEOUT_MIN, TCP_RTO_MAX); + SKB_DR_SET(reason, TCP_INVALID_ACK_SEQUENCE); goto reset_and_undo; } @@ -6369,6 +6370,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, tcp_time_stamp_ts(tp))) { NET_INC_STATS(sock_net(sk), LINUX_MIB_PAWSACTIVEREJECTED); + SKB_DR_SET(reason, TCP_RFC7323_PAWS); goto reset_and_undo; } @@ -6572,7 +6574,8 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, reset_and_undo: tcp_clear_options(&tp->rx_opt); tp->rx_opt.mss_clamp = saved_clamp; - return 1; + /* we can reuse/return @reason to its caller to handle the exception */ + return reason; } static void tcp_rcv_synrecv_state_fastopen(struct sock *sk) From patchwork Mon Feb 19 03:28:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13562155 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 339F75220 for ; Mon, 19 Feb 2024 03:29:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313376; cv=none; b=HA7mXCKMuPIZPWBAeFFvZ+agVTBhmvmbaPwxuNgtuVHEu3Oq7nrbXZ1yRQ8wb5EeAA4s0IbC+k/+d1nYgi6vOxcsf28dFNTwTcjHCwlYoLDwygoJ8Mec5oaPiKNqtzMq5HDAtApOHTj4wMwkaj7gmdWpPwr3nC+BZz9PwF6UYHQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313376; c=relaxed/simple; bh=wnwrmXeC9Dsl1gEInm4y0TAd1stBQJYle+2UWSzNLP8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Hkhmo49FKaB1VQH7YvSHYhR/Eyxil1GUY4bRSbnOC8bf3AnLZfqTCQedQE0MSFbcRb30/9WV+yzptLH0ubAzu/fhIyWTeiheqSFFVEsd8c1ULCtflQRicyoL6wAPkdlR3ylrOVtAUhkiE9qXqucLoQN+mVHenx4dGGTOfTj1ohM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=IHboTGsx; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IHboTGsx" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1d71cb97937so37998645ad.3 for ; Sun, 18 Feb 2024 19:29:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708313374; x=1708918174; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0+pVev56k4S6OfBszMhW/zhsK9iew0UVqFLmn8OKknc=; b=IHboTGsxjYSjX85duSXTw6XX4cW2rcaBgDt1AIdOQtDtHhJ27Ef4MOGxf0TUB/CiKl 6GC0od7JZZTtnlds2NicudYfeL3rzbNn/Xq9D7TSsqky/yz5DSb3/GUPY5KaC1TzvHD4 a6+pZjhJZPsFUElnupIgduLDC9vhkTq4fvJaq9oC0LUA4BkpmEyL/HVMwWFXVjzXCUys bVQYEbHsBkN/6MqcsIQ1zTbKjml9hjkU4UOC7L84PE2XkrGC2qVT/EllIBQanC51BkPH aSYB+BkDTe21q6+ZXLKR0gStWHlTHQh7SunW8LWEQeXQL+1mb3A/Q1HpbenL6+rtVeRy c9Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708313374; x=1708918174; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0+pVev56k4S6OfBszMhW/zhsK9iew0UVqFLmn8OKknc=; b=pIyzNZletJ2heP1m+eZjc/tcTcSW0w9k8VChHkGYWHuZfASkh/d03oTnZqqntOG7Dg 63aqeeRgj5TZ1RlMi0IxLDFDlLTTidg16XYOpAtxpDkZCElg2No0offyrvC7YAyYr2Ac GDeWdtJUpll/USxFYT+uGVva1fhY0LiXOGcm8p0d9yKjS0E2kDpTS7smwjycU95K1ALe 3qib35zDyT4yMnJ1vh5+KXc3lwfXbYqSV0FaKMU/JvFOC1DCUF7UrVobtIeZEN89N95X cTcvQ+XOc5FJtcDVpR1t+VZ82ac36EiPZVveVsKQeSBUdN8aOb1Gr3EJjCG7B4JeIIEB KAZQ== X-Gm-Message-State: AOJu0Ywe9lm6X0JHe1zr+1g0O9IzFSK4+oRD+w0yZcjVOc7klas7/r4W +5/Sbfnkj55uRWitP50LPvMnl0WDhW8/1/jnSBBaCoVOrVK1Wh4Y X-Google-Smtp-Source: AGHT+IGkv1N2wojSlmUBKp0mOEWjxtg8+QVgANkii6B+Cm7nq7UBw0KMTAoCcBoXWTucFo3cA5G2YQ== X-Received: by 2002:a17:90a:f494:b0:299:a5a1:46e2 with SMTP id bx20-20020a17090af49400b00299a5a146e2mr640825pjb.25.1708313374312; Sun, 18 Feb 2024 19:29:34 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.20]) by smtp.gmail.com with ESMTPSA id cs16-20020a17090af51000b002992f49922csm3968921pjb.25.2024.02.18.19.29.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Feb 2024 19:29:33 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v6 08/11] tcp: add dropreasons in tcp_rcv_state_process() Date: Mon, 19 Feb 2024 11:28:35 +0800 Message-Id: <20240219032838.91723-9-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240219032838.91723-1-kerneljasonxing@gmail.com> References: <20240219032838.91723-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing In this patch, I equipped this function with more dropreasons, but it still doesn't work yet, which I will do later. Signed-off-by: Jason Xing --- v5: Link: https://lore.kernel.org/netdev/3a495358-4c47-4a9f-b116-5f9c8b44e5ab@kernel.org/ 1. Use new name (TCP_ABORT_ON_DATA) for readability (David) --- include/net/tcp.h | 2 +- net/ipv4/tcp_input.c | 20 +++++++++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index 58e65af74ad1..e5af9a5b411b 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -348,7 +348,7 @@ void tcp_wfree(struct sk_buff *skb); void tcp_write_timer_handler(struct sock *sk); void tcp_delack_timer_handler(struct sock *sk); int tcp_ioctl(struct sock *sk, int cmd, int *karg); -int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb); +enum skb_drop_reason tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb); void tcp_rcv_established(struct sock *sk, struct sk_buff *skb); void tcp_rcv_space_adjust(struct sock *sk); int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp); diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 83308cca1610..b257da06c0c7 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6619,7 +6619,8 @@ static void tcp_rcv_synrecv_state_fastopen(struct sock *sk) * address independent. */ -int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) +enum skb_drop_reason +tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) { struct tcp_sock *tp = tcp_sk(sk); struct inet_connection_sock *icsk = inet_csk(sk); @@ -6635,7 +6636,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) case TCP_LISTEN: if (th->ack) - return 1; + return SKB_DROP_REASON_TCP_FLAGS; if (th->rst) { SKB_DR_SET(reason, TCP_RESET); @@ -6704,8 +6705,13 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) FLAG_NO_CHALLENGE_ACK); if ((int)reason <= 0) { - if (sk->sk_state == TCP_SYN_RECV) - return 1; /* send one RST */ + if (sk->sk_state == TCP_SYN_RECV) { + /* send one RST */ + if (!reason) + return SKB_DROP_REASON_TCP_OLD_ACK; + else + return -reason; + } /* accept old ack during closing */ if ((int)reason < 0) { tcp_send_challenge_ack(sk); @@ -6781,7 +6787,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) if (READ_ONCE(tp->linger2) < 0) { tcp_done(sk); NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } if (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq && after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) { @@ -6790,7 +6796,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) tcp_fastopen_active_disable(sk); tcp_done(sk); NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } tmo = tcp_fin_time(sk); @@ -6855,7 +6861,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); tcp_reset(sk, skb); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } } fallthrough; From patchwork Mon Feb 19 03:28:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13562157 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2812263BF for ; Mon, 19 Feb 2024 03:29:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313379; cv=none; b=kpsGEtbFQY6jaCIET8+TKziZaGRxSQZFhhGzXxm41L6kYkcmET1c35gLgNWSy1w1Iwcs2OPkaySBIl59vIHhTKmB559e48T7+63+2p7yz8mPms1aa1IZszUb1AA6YlL1rRJX/Xx1LyEcYh/MVAG3Ya/qt1EUkw/PApnw2bdKeGg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313379; c=relaxed/simple; bh=8twNxzQYS1IcyaQkSI9OZdvSEEUEZt7VyoI504ITYPY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=sIGQJqAJ8I9iTv9eKz6FKONaty4qdcMxQe6XWRJOO2UQiTRafapmo2Guwll6KBnNU9j9h0YbT0ZqK32ispS+JASnrZWtm6IT0ZyqRfwopjqEq75J138fumYLbVGuJoBhLn88hZZI4vMgreSDJEaVZx0NCMC3xkohd9u2ZJessds= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=LgsoKnWM; arc=none smtp.client-ip=209.85.215.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="LgsoKnWM" Received: by mail-pg1-f178.google.com with SMTP id 41be03b00d2f7-5d8b70b39efso2578200a12.0 for ; Sun, 18 Feb 2024 19:29:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708313377; x=1708918177; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dlOGRGys51Zl/spHwwMuYe8BXaGiBYI39oCfCcu0XoU=; b=LgsoKnWMOISrw1wQwADsEFxiFdaoiTscIZpixIroqh9huBKDAiFgTbhHHpxjLmt57J 5aE59OWfU+9ZbojG1eW0/2J3uRLetlX3INI5Ja8/Z+wL3MHnZ1E9lBMti8380dNfHo51 4suPZU1ohz0LAJiPg8ZwS7xr3B0tebGDXREKblkopZ4fLzA0nQmmeZjXVzz3bKZ5AO95 6COJioSm3lvSw7B/e5GaApj+DtHWpbackyKNzqUFDGPPft51bRKHYUbzx22Y5ukz/WDq b5zMA58ZzN7q+kaoPsm+tH351NDWpf/KE/0OYaGc2GIXrmQXSK2Z8m2EYs8lNBnPIrhP yiwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708313377; x=1708918177; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dlOGRGys51Zl/spHwwMuYe8BXaGiBYI39oCfCcu0XoU=; b=CmCGkGjukcDUIxwb8xxZfFsuLiWlfETJpMrUyzykhyU/S8qjfzStfnKWIMgLSZFTDO ALKRFRmPObjCwiVWDSozKbNLjkx+pCiwcno34HR9W3sO3UMRFCrIs9ryzZHdwsdlzz0c i1iLmbkmmc60gqlM3uwBjhefEN6kluSP9p2SB7IdjHL6GVMZqZgf58ZLWiHZgRW2f0hL 2AOAqHrL91zhS51YgtNWbTYrzyZsnZm25iGia7Wrg+jyWD0Y4HLmQrXyd5C1jsr3FK3t wo/dQEwxKEgzlblS21twj1XigBXfdScUSop136EV1pXciLHW1ZiWlLpmU0g2gAQ4l4v6 9EtQ== X-Gm-Message-State: AOJu0YwpCDtlv5znpMCF5ACxeLPvlX4ZKv0iMoK5oV2DFW7teGorr9DU PKdZaINukZBIHrKvv0SZf3U1N74hVFcmO0KcU+U9o6r3yZkH1sRz X-Google-Smtp-Source: AGHT+IGdjRnGGcci7Nv3OFjFpqSjz0B9blTEYTQvVnknti7P/rP9wvuWKslAUyfl3QMcW8RKNL6ufQ== X-Received: by 2002:a05:6a20:d809:b0:19e:4f20:3325 with SMTP id iv9-20020a056a20d80900b0019e4f203325mr11887159pzb.46.1708313377235; Sun, 18 Feb 2024 19:29:37 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.20]) by smtp.gmail.com with ESMTPSA id cs16-20020a17090af51000b002992f49922csm3968921pjb.25.2024.02.18.19.29.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Feb 2024 19:29:36 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v6 09/11] tcp: make the dropreason really work when calling tcp_rcv_state_process() Date: Mon, 19 Feb 2024 11:28:36 +0800 Message-Id: <20240219032838.91723-10-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240219032838.91723-1-kerneljasonxing@gmail.com> References: <20240219032838.91723-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Update three callers including both ipv4 and ipv6 and let the dropreason mechanism work in reality. Signed-off-by: Jason Xing --- include/net/tcp.h | 2 +- net/ipv4/tcp_ipv4.c | 3 ++- net/ipv4/tcp_minisocks.c | 9 +++++---- net/ipv6/tcp_ipv6.c | 3 ++- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index e5af9a5b411b..1d9b2a766b5e 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -396,7 +396,7 @@ enum tcp_tw_status tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb, struct request_sock *req, bool fastopen, bool *lost_race); -int tcp_child_process(struct sock *parent, struct sock *child, +enum skb_drop_reason tcp_child_process(struct sock *parent, struct sock *child, struct sk_buff *skb); void tcp_enter_loss(struct sock *sk); void tcp_cwnd_reduction(struct sock *sk, int newly_acked_sacked, int newly_lost, int flag); diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 0a944e109088..c79e25549972 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1926,7 +1926,8 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) } else sock_rps_save_rxhash(sk, skb); - if (tcp_rcv_state_process(sk, skb)) { + reason = tcp_rcv_state_process(sk, skb); + if (reason) { rsk = sk; goto reset; } diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index 9e85f2a0bddd..08d5b48540ea 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -911,11 +911,12 @@ EXPORT_SYMBOL(tcp_check_req); * be created. */ -int tcp_child_process(struct sock *parent, struct sock *child, +enum skb_drop_reason +tcp_child_process(struct sock *parent, struct sock *child, struct sk_buff *skb) __releases(&((child)->sk_lock.slock)) { - int ret = 0; + enum skb_drop_reason reason = SKB_NOT_DROPPED_YET; int state = child->sk_state; /* record sk_napi_id and sk_rx_queue_mapping of child. */ @@ -923,7 +924,7 @@ int tcp_child_process(struct sock *parent, struct sock *child, tcp_segs_in(tcp_sk(child), skb); if (!sock_owned_by_user(child)) { - ret = tcp_rcv_state_process(child, skb); + reason = tcp_rcv_state_process(child, skb); /* Wakeup parent, send SIGIO */ if (state == TCP_SYN_RECV && child->sk_state != state) parent->sk_data_ready(parent); @@ -937,6 +938,6 @@ int tcp_child_process(struct sock *parent, struct sock *child, bh_unlock_sock(child); sock_put(child); - return ret; + return reason; } EXPORT_SYMBOL(tcp_child_process); diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 4cfeedfb871f..4a5d5c8fbccc 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1665,7 +1665,8 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) } else sock_rps_save_rxhash(sk, skb); - if (tcp_rcv_state_process(sk, skb)) + reason = tcp_rcv_state_process(sk, skb); + if (reason) goto reset; if (opt_skb) goto ipv6_pktoptions; From patchwork Mon Feb 19 03:28:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13562158 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D7D4CB65A for ; Mon, 19 Feb 2024 03:29:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313382; cv=none; b=B84amIqOkb5NB7W+S2MEROiWJwg2IC0+Y47fnLY7y6ZXOhKFjixIP4joaWWMp+82nU7ekiYDvFZYcNelanDFlvs2kRZXA8N0VUET9j9eqz2bpaSCsysTVzwjApwKdXRYGZwD20RgFHd1oO0S7mZICJxMXH36DM1zyCmNvSUOJEU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313382; c=relaxed/simple; bh=6mTmBOb4uROpXGJS2NcFyEOv/40wxANTHrkOANPQdDI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Mkle+b0Iqsux/Or8cn4IgW+rtuVCIdL8KIm5X2tv/vmY/RE3IRpMR/aP9/7ofjp2haPmn43DcTXEYBJO2PTEJ6rFRhIokWipz/BGLdZTpq7RlCsfONwPhb7LM2sKA1lspIc4q8yy2rMI0ad4agGedte+q5zxkFCpnJ22wbQMzxo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=erPewEET; arc=none smtp.client-ip=209.85.216.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="erPewEET" Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-2909978624eso2279008a91.1 for ; Sun, 18 Feb 2024 19:29:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708313380; x=1708918180; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BSznBAg5sWzc8e0FYpIWDaU80SBF7/I+1BWoCmDRrvw=; b=erPewEET5MmlBrVe8GItO3ZX6R9Szmzd/XwVwHpef/yLHBrvE4RzP4qAdG36eOBkEQ jDwN3emT2ZwdhSftHClUWTohu7qv0JVd0p2bXbz5Xs6v8ELAnrQMhYEzGHgMPKmGWhKB jgHqzpb3SuV7uG117JYtk2UktvE5wBUzdTuybdD3+3riNQX4vkjv3dlvIG9ZSOGvEWi6 28teTlqSvI+B0ma31F2FDRZWHv989hOanAVt0w06U0HqupvP4SrKofX/DA0WBmvbu2q8 PQQxnBHuNmtKwCHZRirM4GNe5wDkApBypLHA3wSIgIc2UhoeP+ulFTjM4HwU8FAEt0w1 3ZJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708313380; x=1708918180; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BSznBAg5sWzc8e0FYpIWDaU80SBF7/I+1BWoCmDRrvw=; b=iBZi/AXw4rmfIM4ShrMV7UsEYu+BJaMRSwdTZi8cngnq/pbFFpWYD9gKOgxvsEFgFA gnmvaTMFlF8YsG0DmqMwnHAV6mVyDYMQ8EXF5as/jdJgXPNKSY60p4QsgffJDjV8jS/w 23CUXwJZL+XTLCkNGr4Ig7ywVbrFHlAh98LR5FMyTiL2st7JtCwCCkeHOIGdlonoRZSS OICJC95+F7Bt+GN7O5/ZJyCkx5fCIPYr/Yzo927VPrMto1KmRK6Bcn1+9B7qAFOleR1R TrbtKzQdd0tFQ4r432+lPoPSo72f0lshgdpXRaReFV87xtbJVqxDS2PBGuRhPF3MUcgg NpTQ== X-Gm-Message-State: AOJu0Yz3oTNrGV+6L7RwKCfmSgmjPlx/i6hQVeOiXrGU8On9H6TRd0vt wMDFQg0Z0ogqOAOe5VY7zZ7jjMdCs+/g4y69IGpHJC4fxb1jbjHy X-Google-Smtp-Source: AGHT+IEQZiBLWVKZGuNSIxLVcVv9J2vpTX06rpXP7Aaq+tf0tLQ/SI/oI0rkTVo/CF6nxdimPnw+uQ== X-Received: by 2002:a17:90a:1c17:b0:299:544c:4933 with SMTP id s23-20020a17090a1c1700b00299544c4933mr2606639pjs.14.1708313380114; Sun, 18 Feb 2024 19:29:40 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.20]) by smtp.gmail.com with ESMTPSA id cs16-20020a17090af51000b002992f49922csm3968921pjb.25.2024.02.18.19.29.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Feb 2024 19:29:39 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v6 10/11] tcp: make dropreason in tcp_child_process() work Date: Mon, 19 Feb 2024 11:28:37 +0800 Message-Id: <20240219032838.91723-11-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240219032838.91723-1-kerneljasonxing@gmail.com> References: <20240219032838.91723-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing It's time to let it work right now. We've already prepared for this:) Signed-off-by: Jason Xing --- net/ipv4/tcp_ipv4.c | 16 ++++++++++------ net/ipv6/tcp_ipv6.c | 16 ++++++++++------ 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index c79e25549972..c886c671fae9 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1917,7 +1917,8 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) if (!nsk) return 0; if (nsk != sk) { - if (tcp_child_process(sk, nsk, skb)) { + reason = tcp_child_process(sk, nsk, skb); + if (reason) { rsk = nsk; goto reset; } @@ -2276,12 +2277,15 @@ int tcp_v4_rcv(struct sk_buff *skb) if (nsk == sk) { reqsk_put(req); tcp_v4_restore_cb(skb); - } else if (tcp_child_process(sk, nsk, skb)) { - tcp_v4_send_reset(nsk, skb); - goto discard_and_relse; } else { - sock_put(sk); - return 0; + drop_reason = tcp_child_process(sk, nsk, skb); + if (drop_reason) { + tcp_v4_send_reset(nsk, skb); + goto discard_and_relse; + } else { + sock_put(sk); + return 0; + } } } diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 4a5d5c8fbccc..d12a2a3d565a 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1654,7 +1654,8 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) struct sock *nsk = tcp_v6_cookie_check(sk, skb); if (nsk && nsk != sk) { - if (tcp_child_process(sk, nsk, skb)) + reason = tcp_child_process(sk, nsk, skb); + if (reason) goto reset; } if (!nsk || nsk != sk) { @@ -1856,12 +1857,15 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb) if (nsk == sk) { reqsk_put(req); tcp_v6_restore_cb(skb); - } else if (tcp_child_process(sk, nsk, skb)) { - tcp_v6_send_reset(nsk, skb); - goto discard_and_relse; } else { - sock_put(sk); - return 0; + drop_reason = tcp_child_process(sk, nsk, skb); + if (drop_reason) { + tcp_v6_send_reset(nsk, skb); + goto discard_and_relse; + } else { + sock_put(sk); + return 0; + } } } From patchwork Mon Feb 19 03:28:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13562159 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA582BE71 for ; Mon, 19 Feb 2024 03:29:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313385; cv=none; b=bfbi6dUSRBBe2NH0TbnHIOkEmgwnhfW8wfKG7UQdWxLKiNOZQc/byo55Z5r8T0zspEl5OKnzvkVlGtWzcdZMjKKUU2Vm+rvWxem/ay5x72lmBk3ncuW6aFoReQR2GtUft3yS5vVtJuW9N3dxzwHMoCNmfrqWYueXOJQFosVwg3o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708313385; c=relaxed/simple; bh=tn2LVqo0RMEJilwRLKsaihvQyhTgPFdgRigOcEEXbb4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=c4sseEK51Q8NQize92Rgf2nD3kylU1fBS9kpjgdynrVPhXIrqPGBnA6xeSsbQtQ5k4gQSfsVVWHCLGG/LgWr7MBaZ7HDbKQRxcYB+fiqvFQh9VafGQsYP6U/2gRQkKIL4sAAJVbuJUn3uydZ56b6mC7Udk+Uj7TrRsiJPscs7Vg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=f+9/zENp; arc=none smtp.client-ip=209.85.216.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="f+9/zENp" Received: by mail-pj1-f51.google.com with SMTP id 98e67ed59e1d1-299354e5f01so1577350a91.1 for ; Sun, 18 Feb 2024 19:29:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708313383; x=1708918183; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dDlY8tz5WzHsF/5Yj0J9U/DDfujUDO6GbrYQnuFTuuw=; b=f+9/zENpiwPH9fniWk2FtRyqvpLKRxZRCVUhxbqqL18Wb6CGFW2AC11gfvPXsO6NZs 9EovhGjg4ONilQ9jgllY5y6kipMYXxvIL1v8sQsMTCAJnH2BY5AMvq1vUe0blk4oJQox SAkC1cQd3cBYqkSZtVumh84Ib7z7TyF1eMwR8A2UXJ+/YyVukhr/K42RkGgmi+UAMulo X/FpBV9ECFgfo3GWHmTYuSd66QjRs3ombTsofSk2YSyHjUF2tqV1R2O6o43uJp8kXzrD pg0UhzvFDjv0771GhibmKKqhU5vOcp7HDlypHomHe3As3tEixRODPshysSqojaUXvYlw 2whg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708313383; x=1708918183; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dDlY8tz5WzHsF/5Yj0J9U/DDfujUDO6GbrYQnuFTuuw=; b=AYZ410rVfz5pUsiFwX9zrIjjO2ihVv5GXuHnW3VFJhhCfBra3HlObUnJgA3Zna+KEW mxKvjVwd532O3pAMGjLyyP8YjYshW6ueNEySgYpDc3oESgBRFzJ1BcNcqiF7sSfX34yh IlFrIm9LyuhSOcF+LZgzZwlRgZ/CkpLhDDZOY3qfzJyQ+yMiFvDdxMbm/NItXQ2b6+hz zEFQK7lO2jHfnGmEK/fN35Eh2eryDCsu3D59MlCBOQ+LSM4Cv0tywvjyKZyvV2Rch7sS pymkpp/iIhnazf7ho3CZKjGzhUMJ5j0r8jOIDNLnfHfcToGuYzUzm1tvCbESE929rC5S T/hA== X-Gm-Message-State: AOJu0Ywf1qr+hflIpMek+OIxh2O3aUfDrjxgIUB/akTLpn/0ZEPoRUU6 9I/N1tbMHWa206HnzApMAw91IMMp0//v1ZpsHZ73Sy06x5XRZ7oG X-Google-Smtp-Source: AGHT+IGw0Wc72DIH9WNFYDczYCnqw5XqX0o/cQevjYX9I06W2K/Cav9PWzXfjSxdmqhWRQDlHErkQg== X-Received: by 2002:a17:90a:e517:b0:299:3469:832 with SMTP id t23-20020a17090ae51700b0029934690832mr10695462pjy.1.1708313383024; Sun, 18 Feb 2024 19:29:43 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.20]) by smtp.gmail.com with ESMTPSA id cs16-20020a17090af51000b002992f49922csm3968921pjb.25.2024.02.18.19.29.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 18 Feb 2024 19:29:42 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v6 11/11] tcp: get rid of NOT_SPECIFIED reason in tcp_v4/6_do_rcv Date: Mon, 19 Feb 2024 11:28:38 +0800 Message-Id: <20240219032838.91723-12-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240219032838.91723-1-kerneljasonxing@gmail.com> References: <20240219032838.91723-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Finally we can drop this obscure reason in receive path because we replaced with many other more accurate reasons before. Signed-off-by: Jason Xing --- v5: 1. change the misspelled word in the title --- net/ipv4/tcp_ipv4.c | 1 - net/ipv6/tcp_ipv6.c | 1 - 2 files changed, 2 deletions(-) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index c886c671fae9..82e63f6af34b 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1907,7 +1907,6 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; } - reason = SKB_DROP_REASON_NOT_SPECIFIED; if (tcp_checksum_complete(skb)) goto csum_err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index d12a2a3d565a..c710d6ad46ef 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1623,7 +1623,6 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) if (np->rxopt.all) opt_skb = skb_clone_and_charge_r(skb, sk); - reason = SKB_DROP_REASON_NOT_SPECIFIED; if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ struct dst_entry *dst;