From patchwork Wed Feb 21 02:57:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13564867 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0E6332B9C9 for ; Wed, 21 Feb 2024 02:57:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484274; cv=none; b=k9ZsffdCyHJJ3NVrBciiMDSW/nVms5hxdMIyvKs16+oioeGWVv9jBNyDMKakpOqKE4e9VQNKbv1htIrCg5Ajp+7FtA48+/3roQseKAUuzGkHzTwyzOic2rrd3hECa4xrv3cBzHJxcRgUAynFeW15QGq8um79/sFu61aEXYOu038= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484274; c=relaxed/simple; bh=1tlFmQ3I4YhGa6kxyiF8aijgBtLof/ukfg3x85afNSQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=oCscQCC0D+1aN6r05HZQs/WWWYGng3IGwpvYd6SBGIcwqiqi1xDV3AugNvxYUC2wAhaqnmz48XuUiA8jsdeUy4xIIcjdAE9LUfFd4Rx5cNOtUxGEIXKFHstk+ioKIgYv7NrJ0fvopi6cxqHa0m+LR+971i6j9QyCi259Tr2kGAk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=TOcDtuzP; arc=none smtp.client-ip=209.85.214.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TOcDtuzP" Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-1d751bc0c15so55817965ad.2 for ; Tue, 20 Feb 2024 18:57:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708484272; x=1709089072; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=z1sqTGaVty/GVaHDXUz8Tx4GLUTtAFIwAB6eTC+DZxw=; b=TOcDtuzP0tm2sFHC5VXZD0hjWLtuVb+U3dYwvR8qoRsVdzk4jOMa0BCawrzCK3fdeQ N0Nfp2UDgOjv8rmOHpIWLFh/XjznXkymMChtQ5s28n+CTierhiSVS+xLn+/Qn53mCtKV LUrBbicj8+uyzNYIr+WS4dMOEVH0D+qtmZNRBc8nOPzJBC0KhUHQPtd5QTyc+9mNX9ik C8AaRM1GwdWHMXCAxhqqZI0cMx8sYYPifYWCySmorkUfXYMhAyZBUJbdHq/nMlfID8JL Rqf0OLKPttsIE54Ze+PNFNCgQ31SK/2DIX/eXrhSL5TmhbeeMAw5sveXvxbxxyc9YJGV SLUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708484272; x=1709089072; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=z1sqTGaVty/GVaHDXUz8Tx4GLUTtAFIwAB6eTC+DZxw=; b=W0Zxu2kpzHUcdIdYJKP4Aq3p5SuQ0md2ChvcSIghSR6/ikX2jbuEnCBYyd7u88+LSW kakftsa2MSxbrGo3Cwn5RgBeMvR6B58nP9Ks+QKrTfKCdFI5anHsMRtqjrSYV/cXoqxL W3FmLve0SDgqsZ7B5zO8UEGkVLtCtMqYFg8GaPVYKe4TnsnCwEdtY19UKLFSaHRrUOSc 1Tk6sqTz34OzXbuF52SO+4WfvYj1GOCajMCY52/5DdIRBzGIujvgCnkerhaThDb2KgFD KdVpSbbW/Bj3jbQVgX3cOthI5580q1HAf4G93XPs5/cg/U/jT6cxZSAfdaJJiLZglEeD Z6wA== X-Gm-Message-State: AOJu0YyumsPSrLsk4kpnHy6LO4Qm8iNRzandVXwExLQSi4F2Od5QeGgw cEG08tuZSuUJSFzTXAngdoRYG8hK86/ku/cd0QSjdmyBYHl2lgUe X-Google-Smtp-Source: AGHT+IEGHydPg1B0IaUp2jm51DQBy2fp3MdYWiA9VEcMJPNyPh6jN3waFWFpvOquVw5jnKdMk5NPGw== X-Received: by 2002:a17:90b:1990:b0:299:48de:9c7a with SMTP id mv16-20020a17090b199000b0029948de9c7amr11429297pjb.0.1708484272294; Tue, 20 Feb 2024 18:57:52 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.24]) by smtp.gmail.com with ESMTPSA id pv14-20020a17090b3c8e00b0029454cca5c3sm426467pjb.39.2024.02.20.18.57.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 18:57:51 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v7 01/11] tcp: add a dropreason definitions and prepare for cookie check Date: Wed, 21 Feb 2024 10:57:21 +0800 Message-Id: <20240221025732.68157-2-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240221025732.68157-1-kerneljasonxing@gmail.com> References: <20240221025732.68157-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Adding one drop reason to detect the condition of skb dropped because of hook points in cookie check and extending NO_SOCKET to consider another two cases can be used later. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- v7 Link: https://lore.kernel.org/all/20240219040630.94637-1-kuniyu@amazon.com/ 1. nit: change "invalid" to "valid" (Kuniyuki) 2. add more description. v6 Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Modify the description NO_SOCKET to extend other two kinds of invalid socket cases. What I think about it is we can use it as a general indicator for three kinds of sockets which are invalid/NULL, like what we did to TCP_FLAGS. Any better ideas/suggestions are welcome :) v5 Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ Link: https://lore.kernel.org/netdev/632c6fd4-e060-4b8e-a80e-5d545a6c6b6c@kernel.org/ 1. Use SKB_DROP_REASON_IP_OUTNOROUTES instead of introducing a new one (Eric, David) 2. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 3. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD 4. Reuse IP_OUTNOROUTES instead of INVALID_DST (Eric) 5. adjust the title and description. v4 Link: https://lore.kernel.org/netdev/20240212172302.3f95e454@kernel.org/ 1. fix misspelled name in kdoc as Jakub said --- include/net/dropreason-core.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 6d3a20163260..a871f061558d 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -54,6 +54,7 @@ FN(NEIGH_QUEUEFULL) \ FN(NEIGH_DEAD) \ FN(TC_EGRESS) \ + FN(SECURITY_HOOK) \ FN(QDISC_DROP) \ FN(CPU_BACKLOG) \ FN(XDP) \ @@ -105,7 +106,13 @@ enum skb_drop_reason { SKB_CONSUMED, /** @SKB_DROP_REASON_NOT_SPECIFIED: drop reason is not specified */ SKB_DROP_REASON_NOT_SPECIFIED, - /** @SKB_DROP_REASON_NO_SOCKET: socket not found */ + /** + * @SKB_DROP_REASON_NO_SOCKET: no valid socket that can be used. + * Reason could be one of three cases: + * 1) no established/listening socket found during lookup process + * 2) no valid request socket during 3WHS process + * 3) no valid child socket during 3WHS process + */ SKB_DROP_REASON_NO_SOCKET, /** @SKB_DROP_REASON_PKT_TOO_SMALL: packet size is too small */ SKB_DROP_REASON_PKT_TOO_SMALL, @@ -271,6 +278,8 @@ enum skb_drop_reason { SKB_DROP_REASON_NEIGH_DEAD, /** @SKB_DROP_REASON_TC_EGRESS: dropped in TC egress HOOK */ SKB_DROP_REASON_TC_EGRESS, + /** @SKB_DROP_REASON_SECURITY_HOOK: dropped due to security HOOK */ + SKB_DROP_REASON_SECURITY_HOOK, /** * @SKB_DROP_REASON_QDISC_DROP: dropped by qdisc when packet outputting ( * failed to enqueue to current qdisc) From patchwork Wed Feb 21 02:57:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13564868 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E27842B9C9 for ; Wed, 21 Feb 2024 02:57:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484277; cv=none; b=E+keuuEhg1/NWYQ1Jtkv45Nqj6wGE2zNOwavxhb516DzAqG1lNRNJsxVn2iq5b0Z5H3cGPvi1VGJywIa6PwsC+ixWpV0EqD0r3i1oPIbnc1tbol201M2C2quHnzW3HmmGL92nEAja6xRuSjgy1RXaX0hluDxjJWY7XcrU5DTCFw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484277; c=relaxed/simple; bh=KO/Uq3mQO1XJraHniwlOFBC7zFKM07YitqQ2YemP8Lo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=CP6RKFiu+smJyIGjw3t3DDyZ4km9qcgNneDcHUwSPwydsx2AwDtrILimXmxxSQFd8eZW4btPahyRDja4m8YufXv3lacwvSBbPGQSvfIeBbombTYNWbARAlTNTD6szgY0nIkH8hG4zALOLfFHER0vXSn4iZSlCAIL4nHtF85GHfU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Ct/3DKpR; arc=none smtp.client-ip=209.85.215.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Ct/3DKpR" Received: by mail-pg1-f178.google.com with SMTP id 41be03b00d2f7-5cf2d73a183so4957145a12.1 for ; Tue, 20 Feb 2024 18:57:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708484275; x=1709089075; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Jw3x8jQql+RYLB0UOson4PrcwBBf+xdErE/3o1PQt4I=; b=Ct/3DKpReJL4WOHoYNel+G/bFkjS3PiUrxsnkQ+Za5eLrIOOcG6dliFNvU0jp93J5h A4hev7FdrqikyXas5OwQAAkA1Wvu6lOKYVQj/Y9Z5SQsh0dJAjKxCZvOyPOb8Z3W2UTI 5bBT2R+zeQFY/suSu6tmvZBxm/2TR4uICdSAuuwHt1BysOtqJb6gEf4lh/S5RU3xWgBo snlAEOdPTRw3eVDXuo2oh+yxBgj0PFw2VDkF0faAWetrGARiBtTTKHULiRNv9AmKxqKg P5oIskdIjMWWKvGgbSW8ZQvrJwYbEjrBGZ6RxrAVLJFy9mh1+hzW9upteIn25hRj3hMR VUyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708484275; x=1709089075; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Jw3x8jQql+RYLB0UOson4PrcwBBf+xdErE/3o1PQt4I=; b=Uo3I/juDXS5/X/XjeabUiVBvspDrInMS/iX/0p/6ADOp3DVbpp0tGgUSMAdWrzv3uK 9siDhsUzy1W/ga8tJYW4xAj5fm4ztD6ThEkALtQVHn+mYbbU88fAlsIl/g2l3sCeujzr dzTYPP4tBCQiq5W5TaakXb9VRjLJFb/8kfgjxLOA8QzEMtwTqkELvyZYR1BwLJ6GV4dD gE2c6yG6GpJMwf3Ibu7BlR6UyLN7JRn/UBFM9IHrx98zK9LZ4Yxv4zLjD6zE1mjjJRs8 PPagFCAgTRbEXUTjoX6nY7M/KzfWTKNz9OmauqDzWxYvN4Z9eLA7qlxZrAtA4aWtLM0G hdhQ== X-Gm-Message-State: AOJu0YwB08+OgQN8zWB0dGEhL+mdgRuxEpRE+Yw5peulJ/tCN6e4yX72 sXhHWmGQB/d3S5ypHp4ZE6u5CMyCzGaJNJksaskibqKOKeasqNX/ X-Google-Smtp-Source: AGHT+IFIct7uc0+1D+6K1Yo2IEaKrjeScsssJjE6/HG6uIbgzHtnsEMeyyRzRo55poEfPnMlKtD3bw== X-Received: by 2002:a17:90a:7e16:b0:299:b35e:84a with SMTP id i22-20020a17090a7e1600b00299b35e084amr9166372pjl.13.1708484275197; Tue, 20 Feb 2024 18:57:55 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.24]) by smtp.gmail.com with ESMTPSA id pv14-20020a17090b3c8e00b0029454cca5c3sm426467pjb.39.2024.02.20.18.57.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 18:57:54 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v7 02/11] tcp: directly drop skb in cookie check for ipv4 Date: Wed, 21 Feb 2024 10:57:22 +0800 Message-Id: <20240221025732.68157-3-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240221025732.68157-1-kerneljasonxing@gmail.com> References: <20240221025732.68157-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Only move the skb drop from tcp_v4_do_rcv() to cookie_v4_check() itself, no other changes made. It can help us refine the specific drop reasons later. Signed-off-by: Jason Xing Reviewed-by: Kuniyuki Iwashima Reviewed-by: Eric Dumazet --- v7 Link: https://lore.kernel.org/all/20240219041350.95304-1-kuniyu@amazon.com/ 1. add reviewed-by tag (Kuniyuki) --- net/ipv4/syncookies.c | 4 ++++ net/ipv4/tcp_ipv4.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index be88bf586ff9..38f331da6677 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -408,6 +408,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) struct rtable *rt; __u8 rcv_wscale; int full_space; + SKB_DR(reason); if (!READ_ONCE(net->ipv4.sysctl_tcp_syncookies) || !th->ack || th->rst) @@ -477,10 +478,13 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) */ if (ret) inet_sk(ret)->cork.fl.u.ip4 = fl4; + else + goto out_drop; out: return ret; out_free: reqsk_free(req); out_drop: + kfree_skb_reason(skb, reason); return NULL; } diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 0c50c5a32b84..0a944e109088 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1915,7 +1915,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) struct sock *nsk = tcp_v4_cookie_check(sk, skb); if (!nsk) - goto discard; + return 0; if (nsk != sk) { if (tcp_child_process(sk, nsk, skb)) { rsk = nsk; From patchwork Wed Feb 21 02:57:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13564869 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF0BD2837F for ; Wed, 21 Feb 2024 02:57:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484280; cv=none; b=bVgoZMSq4ncJPdTfRoX5+NJ80uBFqOTSdsC+tdytDhh/X2gWGiwvxAAZkZ2p2zcVQVsyxpPre7qaIeuFYPgKejr8ngeIieDfmnfrLFA11l5qPyJf4NM95jpkrjCGPaQP5lcDnMeqZxm0caBpvun2uL1Vbj7leK71CIp+r/N1LZI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484280; c=relaxed/simple; bh=UAJZML+TMbRy7UfxH2m8GRgEJTovA5EGLgeRqhfJeE0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=FQOR/i1C70E6aPfHWxYdq/EFOa4cMw60y0kWrbGzBpGmgj/q7VILoe++mao46+2tF/Tr1WkFnMB7L2k5EJiIihyp5+6CP13LiI55M8qBDgfHVipGtj4d5RT0DhkQaWSKGZ3D472ZYrkF8jlhPu4YogM+IsYNFydUt6PvF1H4l/o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=HCo87NKn; arc=none smtp.client-ip=209.85.215.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HCo87NKn" Received: by mail-pg1-f182.google.com with SMTP id 41be03b00d2f7-53fbf2c42bfso4317261a12.3 for ; Tue, 20 Feb 2024 18:57:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708484278; x=1709089078; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=aiOncSV9yT9HZiAjkpLU1vUm69RWMLdc98c4JFmhts4=; b=HCo87NKn+o3WNR5LjY5yu7Drl6ds44XiV9IlfftwJymNbG2x8ow/cl4jmY9YQGTf+o x/r/q6GQKvaIAdCYIA6zQ7WakNVTUCvV0IZi/qr/gZ4m+RX2yjvpklOWHA7Z+GLKZwMa U5Rv3nhEoyHYnBOB2MgOTUa/vBBs+EM2DiFjeZYwVCXTNDsKgzaIwuCXZuiEN1rYQq2H CbFsUi+TTViDAjsq59F0wrwtjgt/UwPSiobMDIPx62HND6UKHqX5fkY9Ey/Xhp/k8cQU Awh4xecg/BVrUcZHY+ODbw8/DbUenX9C7JNDtdqShTB3ZtE355oiCa88zWZcfQ9CfESM pPHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708484278; x=1709089078; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aiOncSV9yT9HZiAjkpLU1vUm69RWMLdc98c4JFmhts4=; b=rYaYSilUEwMP/DTROC7dQ8mgnnxRDgFqRpdfsbJAgqhFLzKnUBDDdmyeBxOo8hmsYm HHR304UMFE65S+t3xm2phW9eH8HWy7IhSj3byxFFxKuykBTM5ejWjG3DdN1QEnfFvOl8 h+135W5ZdM1l0Yn6fiJWN8wIelRoZK/VwQi58udtUfRmmDi5gkNChDMhP3OFANbWMXHt Gp5+PfD+oXQac1vEyM+41MKJrxThrQEt17aFYQhV8Oh9ONXaihwqU0Z31Rkn4rlvtN3y dwWAxZk1iUQIwRtW3pY7o3/lY6jSdi1A2zBt77hnI1J14l0gcpitZrFB7UAa6N3eknex 6VwA== X-Gm-Message-State: AOJu0YxHKDn8+7KqJ3yq9QeFmvRm1LNAYUT0d/bxAqyM1rovxq/xnlkV XbcQUtCDhwd1GSupNvH6SDM314sMtrxwykOLBElUJ0rAXP0y1V60 X-Google-Smtp-Source: AGHT+IGJk8G0pMliNiJ4/YQGHx/s5daaImkUI0jtyjvTI/TfNTiHd/PmaCDrKuOUjNueDBMsuLLMQw== X-Received: by 2002:a17:90a:d243:b0:299:9ba4:abe6 with SMTP id o3-20020a17090ad24300b002999ba4abe6mr5905687pjw.46.1708484278178; Tue, 20 Feb 2024 18:57:58 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.24]) by smtp.gmail.com with ESMTPSA id pv14-20020a17090b3c8e00b0029454cca5c3sm426467pjb.39.2024.02.20.18.57.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 18:57:57 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v7 03/11] tcp: use drop reasons in cookie check for ipv4 Date: Wed, 21 Feb 2024 10:57:23 +0800 Message-Id: <20240221025732.68157-4-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240221025732.68157-1-kerneljasonxing@gmail.com> References: <20240221025732.68157-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Now it's time to use the prepared definitions to refine this part. Four reasons used might enough for now, I think. Signed-off-by: Jason Xing --- v6: Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Not use NOMEM because of MPTCP (Kuniyuki). I chose to use NO_SOCKET as an indicator which can be used as three kinds of cases to tell people that we're unable to get a valid one. It's a relatively general reason like what we did to TCP_FLAGS. Any better ideas/suggestions are welcome :) v5: Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ Link: https://lore.kernel.org/netdev/632c6fd4-e060-4b8e-a80e-5d545a6c6b6c@kernel.org/ 1. Use SKB_DROP_REASON_IP_OUTNOROUTES instead of introducing a new one (Eric, David) 2. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 3. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD --- net/ipv4/syncookies.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 38f331da6677..1028429c78a5 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -421,8 +421,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) if (IS_ERR(req)) goto out; } - if (!req) + if (!req) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } ireq = inet_rsk(req); @@ -434,8 +436,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) */ RCU_INIT_POINTER(ireq->ireq_opt, tcp_v4_save_options(net, skb)); - if (security_inet_conn_request(sk, skb, req)) + if (security_inet_conn_request(sk, skb, req)) { + SKB_DR_SET(reason, SECURITY_HOOK); goto out_free; + } tcp_ao_syncookie(sk, skb, req, AF_INET); @@ -452,8 +456,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) ireq->ir_loc_addr, th->source, th->dest, sk->sk_uid); security_req_classify_flow(req, flowi4_to_flowi_common(&fl4)); rt = ip_route_output_key(net, &fl4); - if (IS_ERR(rt)) + if (IS_ERR(rt)) { + SKB_DR_SET(reason, IP_OUTNOROUTES); goto out_free; + } /* Try to redo what tcp_v4_send_synack did. */ req->rsk_window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW); @@ -476,10 +482,12 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) /* ip_queue_xmit() depends on our flow being setup * Normal sockets get it right from inet_csk_route_child_sock() */ - if (ret) + if (ret) { inet_sk(ret)->cork.fl.u.ip4 = fl4; - else + } else { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } out: return ret; out_free: From patchwork Wed Feb 21 02:57:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13564870 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 89F5D2C1B1 for ; Wed, 21 Feb 2024 02:58:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484282; cv=none; b=p5dnglUD+lom+UgqY4qxgTNKZ8Mz3nvWzop4sSdIfAwuJcakqe0CbnOtrlgAZYzJjtfoBKR0tDA7YOMlHcjQOXuhWtlwJPHQVIjOTjAJEyYcaJJ6gg33KAwRjUNj1MoqTIBKvMD1iTvIoQ7NW+pJXgHCWTKWJPatW1x2n8OiAXw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484282; c=relaxed/simple; bh=vODjNpSFEwUimK6t0NAJ8JwOi7abz7WuYbHZl6mC+Wc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=GF/SCNFGWDAUNx94WkHyyK4VoBlzLu23MWwasr4jZQGVmQT27VGtdZibIKBgpS5IRfnzNy0j3F9RTh7sEf5pnThswDcDj5QDPQNszzCKStr6xRIPhzU3UHZprlfGSyZpsxYlRHv8TPlaLp7T6Z2DGVQkSdOrSaOgv3i7j03YZh4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Fni7v8+/; arc=none smtp.client-ip=209.85.215.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Fni7v8+/" Received: by mail-pg1-f182.google.com with SMTP id 41be03b00d2f7-5dbcfa0eb5dso5782035a12.3 for ; Tue, 20 Feb 2024 18:58:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708484281; x=1709089081; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RAt2OO7Hem62qMBwPKg5IUfr3hsJsvxEwfizP/2NuGg=; b=Fni7v8+/15b2fIwg539MHgxM3swGuQryq7kNbDUQOLRmZn5EdkmnCNuYtpD5UQ54MH j3vQT6anDEs3iLTV7Um2L5OJx9eCz1f4eD4aVSqIfpUtvGFRoyAPC246kcivhUNq9PRT 7i0xKmJNMQBBqOOGmFH9VNga7TiyxUZ//mqSq0Hd5VBmg1J0bZLamUTZqXsvvjPfKCNC WgtRDwdicZ58oNDrzCBL1EiAiumKB7TRlV1R5t9qrdqD5TaoZBH81YGv7ZRNxtGZVef5 fBACK092H/18VdD9Y2j38XKWrAX1sHGUzU7LHNP5zb8mRXs+Q1nbPVHfr01HO6Bijerg y/6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708484281; x=1709089081; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RAt2OO7Hem62qMBwPKg5IUfr3hsJsvxEwfizP/2NuGg=; b=osvASVzPTjgdkGwO+xaop/eZcwmATrQjdupNlrjb5UcEAepztMODNP+I680r8q6nss 8LQ5ZdEwJ+sjopfZT/iiXh+VekWfBgCe0OwjRFfx8aCQl+J0j0R/JNaJwz0NlqVNt77x jP3HnM9xWQUBFm/g4zcUk4bg4U7FT+KQLv8j92E/murBO8DulrXe3/+Scd9BZGG9jodv ZYTVx9hLGxUYQ+/7P6eXwixGymzjzuhLq612+c+0pkpqpXLs2oK4sm/8at5BfI51LXNU 1GzmsjxsOXhZHNXb4cQdSUToIOexozDPVA6yMiJDXDXKhMFwVpZaz9y9dbsdebHOP4ji 4qJw== X-Gm-Message-State: AOJu0Yxf3efs89y6IolEAMwlud7aImb2HKQf2ihZ6nJ9RKKeiSw9go7d GSonIQcmF/0udzNAUC1kykDpowi7NflOYgHodnK44ArY3XkvCCgf X-Google-Smtp-Source: AGHT+IGUySYrGarbYDW/8SvedNia3SbMsOp9W7197M9r3LWeS+u5VIrnW7p69rSeK+ADe6mtzmM06g== X-Received: by 2002:a17:90b:4d86:b0:299:d5fa:3e1c with SMTP id oj6-20020a17090b4d8600b00299d5fa3e1cmr4014415pjb.31.1708484281096; Tue, 20 Feb 2024 18:58:01 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.24]) by smtp.gmail.com with ESMTPSA id pv14-20020a17090b3c8e00b0029454cca5c3sm426467pjb.39.2024.02.20.18.57.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 18:58:00 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v7 04/11] tcp: directly drop skb in cookie check for ipv6 Date: Wed, 21 Feb 2024 10:57:24 +0800 Message-Id: <20240221025732.68157-5-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240221025732.68157-1-kerneljasonxing@gmail.com> References: <20240221025732.68157-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Like previous patch does, only moving skb drop logical code to cookie_v6_check() for later refinement. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- v7: Link: https://lore.kernel.org/all/20240219043815.98410-1-kuniyu@amazon.com/ 1. refine the code (by removing redundant check), no functional changes. (Kuniyuki) v6 Link: https://lore.kernel.org/all/c987d2c79e4a4655166eb8eafef473384edb37fb.camel@redhat.com/ Link: https://lore.kernel.org/all/CAL+tcoAgSjwsmFnDh_Gs9ZgMi-y5awtVx+4VhJPNRADjo7LLSA@mail.gmail.com/ 1. take one case into consideration, behave like old days, or else it will trigger errors. v5 Link: https://lore.kernel.org/netdev/CANn89iKz7=1q7e8KY57Dn3ED7O=RCOfLxoHQKO4eNXnZa1OPWg@mail.gmail.com/ 1. avoid duplication of these opt_skb tests/actions (Eric) --- net/ipv6/syncookies.c | 4 ++++ net/ipv6/tcp_ipv6.c | 5 +---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 6b9c69278819..ea0d9954a29f 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c @@ -177,6 +177,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) struct sock *ret = sk; __u8 rcv_wscale; int full_space; + SKB_DR(reason); if (!READ_ONCE(net->ipv4.sysctl_tcp_syncookies) || !th->ack || th->rst) @@ -256,10 +257,13 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ireq->ecn_ok &= cookie_ecn_ok(net, dst); ret = tcp_get_cookie_sock(sk, skb, req, dst); + if (!ret) + goto out_drop; out: return ret; out_free: reqsk_free(req); out_drop: + kfree_skb_reason(skb, reason); return NULL; } diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 57b25b1fc9d9..0c180bb8187f 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1653,11 +1653,8 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) if (sk->sk_state == TCP_LISTEN) { struct sock *nsk = tcp_v6_cookie_check(sk, skb); - if (!nsk) - goto discard; - if (nsk != sk) { - if (tcp_child_process(sk, nsk, skb)) + if (nsk && tcp_child_process(sk, nsk, skb)) goto reset; if (opt_skb) __kfree_skb(opt_skb); From patchwork Wed Feb 21 02:57:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13564871 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D29522B9CC for ; Wed, 21 Feb 2024 02:58:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484286; cv=none; b=YVSFOGja1yR4VWbBzKIv5EFgqZNa4qzfTTyyksqNrp4o+maAlHeCzSoj/x8jNgq6IGRgT6dFw4yh8IXT1Mz4ehG4aWlvhvgFatxSaFpDHp2H4YSrGcTuEaFkq+3CtgApeeWwmP08jk+m7LouM4oL8vFap4eD8rVvRWnHF3rIro8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484286; c=relaxed/simple; bh=vrwHOQrkYWZJHHyBK1czZNZtq4kCFj/6UeI03PC/L4s=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=eK4Sr7G5cwb3Wj6ogO/HAd9i1DdXMtzxv6TRka5HtkRvBxLE8OegidEWAdFlkHZ6sei+pGA4qxboD+muXZJg0qIHYbqgkSNjSEx3HXpPSInwXBz4lor+N3fT5tKGApsh9YoxEwosyh6jKFJmJcXEOssXtt6k4BJuacoA8sK+n3Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=DjxAasTg; arc=none smtp.client-ip=209.85.215.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="DjxAasTg" Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-5c66b093b86so5171927a12.0 for ; Tue, 20 Feb 2024 18:58:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708484284; x=1709089084; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=X8iqFTRpqy3PRXp8DiJCTCYAi+UJa4eByPGTpJmMuc4=; b=DjxAasTglPJUtTw8XlqEOfZFcrfPAgoG3xKoN9fOV8b2ScuvXAstNEpEzjP7E0ogSz s/UaeTLZP9VrzgGMuftc8mLkugqMiwHuh5z6QAVNJrSajEHKlkJWnBGShuMN3+bIBmyC QX59fSLhYEDBrdUnM2XXWv4iuBBU6fLHtuRGuasUVV0q7lUndTT33avQY59RjO0hWSem 9l7Z7v11OCvXLNrtP70OPqHjPVtvUNpqvmfVGTwR/zbhVOLPOCrhqdRgo+XgHIrSb/tf g2b95rwWsCSfJPNmMktSZcmC37pUEKT2F4bgOqnLABj6Ky6/Otq55+65mhYbqFz6G+hn Rr6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708484284; x=1709089084; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=X8iqFTRpqy3PRXp8DiJCTCYAi+UJa4eByPGTpJmMuc4=; b=FiMMZFA1e0oMaouvYuZAwE6JlLE3hoGWUn3Lvomyelp40ZMPEFDzd/82emUUtG7LXK H/hVEPnQ/at2MKyaF3l4vyTce5piZLEqo80T60IDWtJke9VLGeTw0D6Fv450xiNp95Pz aJMixNRnmpGpNyMYNplK+vgQhyZG33qxzMX3iBAik5pxWQOXHhK8Ians6pQ5sRbTzGnf c8+tVHWsmM+YCC+9cXgGLKFi5+MWPGm9Zo6mwrziYDCkm+69z909MEyRym3M1YzZJEQw DKvVjT3hzW5SGI1GU552A18HK4M+ytWxQVJxjg+AWpwTIdPKcBFXifKgGL5PgSvPiNAV jhcw== X-Gm-Message-State: AOJu0Yyuh0IwU1klYbCWig+W7FwNwtr2CQqituJQMXH3+PGGSzThtZ78 6gbXXfLXyFKoIyEsjclxezw1lVyzxfM0IxdQlEYfkU0SdSPYtz1c X-Google-Smtp-Source: AGHT+IFKbJhFUXpsjpdJM+KXp7FdH5uze13dy9eguGfaFcmgJ+mNICTKfMd/Buu4ubUj6poxN4Qv2Q== X-Received: by 2002:a17:90a:bf13:b0:299:a5a7:7579 with SMTP id c19-20020a17090abf1300b00299a5a77579mr9475642pjs.10.1708484284062; Tue, 20 Feb 2024 18:58:04 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.24]) by smtp.gmail.com with ESMTPSA id pv14-20020a17090b3c8e00b0029454cca5c3sm426467pjb.39.2024.02.20.18.58.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 18:58:03 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v7 05/11] tcp: use drop reasons in cookie check for ipv6 Date: Wed, 21 Feb 2024 10:57:25 +0800 Message-Id: <20240221025732.68157-6-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240221025732.68157-1-kerneljasonxing@gmail.com> References: <20240221025732.68157-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Like what I did to ipv4 mode, refine this part: adding more drop reasons for better tracing. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- v6: Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Not use NOMEM because of MPTCP (Kuniyuki). I chose to use NO_SOCKET as an indicator which can be used as three kinds of cases to tell people that we're unable to get a valid one. It's a relatively general reason like what we did to TCP_FLAGS. v5: Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ 1. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 2. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD 3. Reuse IP_OUTNOROUTES instead of INVALID_DST (Eric) --- net/ipv6/syncookies.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index ea0d9954a29f..8bad0a44a0a6 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c @@ -190,16 +190,20 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) if (IS_ERR(req)) goto out; } - if (!req) + if (!req) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } ireq = inet_rsk(req); ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; - if (security_inet_conn_request(sk, skb, req)) + if (security_inet_conn_request(sk, skb, req)) { + SKB_DR_SET(reason, SECURITY_HOOK); goto out_free; + } if (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) || np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || @@ -236,8 +240,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) security_req_classify_flow(req, flowi6_to_flowi_common(&fl6)); dst = ip6_dst_lookup_flow(net, sk, &fl6, final_p); - if (IS_ERR(dst)) + if (IS_ERR(dst)) { + SKB_DR_SET(reason, IP_OUTNOROUTES); goto out_free; + } } req->rsk_window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW); @@ -257,8 +263,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ireq->ecn_ok &= cookie_ecn_ok(net, dst); ret = tcp_get_cookie_sock(sk, skb, req, dst); - if (!ret) + if (!ret) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } out: return ret; out_free: From patchwork Wed Feb 21 02:57:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13564872 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A21132B9CC for ; Wed, 21 Feb 2024 02:58:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484289; cv=none; b=iecPNKbITg98q4l+WbQt8cXaTDSZ5SlDHICkO1jWGBJgAmWetId3gCWuDgtceMciNjd9J24CmmzezHq0E8nZVhtLbcareJgcOEosmgLtObFhW+arCK+0DWdfjvoNmJaLDNDW/Vpmw1jUlvaWWU0uujHWWheHYi5Zu5ukbM3Rle8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484289; c=relaxed/simple; bh=7Zp7x785+/uhxiU2Ik7D9xJ4gfhXMG38++pvy5SIfvI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=iTtqqKFiZe8oTGnOuc2+DRM6gOYpWLdv3K9VNogVZAbG97t47rZprZ/Ijb8Va4cQuHhIvqTe5AtvBIDSGmAOHESfGUCCVRipzJe9+YYJ8oQGTMQBIHtr9UK2r+h7zp/f5HO+f3S9yaCw3isqb2NeBnQhnFiNup2UeA87YJQpRRY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=AQgGDpCO; arc=none smtp.client-ip=209.85.216.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="AQgGDpCO" Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-2998950e951so1751267a91.2 for ; Tue, 20 Feb 2024 18:58:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708484287; x=1709089087; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hMelBBUb7lQfw+CAX9NdYFLemt4g519UfusTQ2lvYJQ=; b=AQgGDpCOKKBzMONteZt0bDjLyDXBiCdNpKkXw2TUbwK5hMuxTqg8MOVcFMaviDs2yL dVlvKQsyyGFMkWK2C8HQRO3l7x/+vDRptD+oi5vb/lo1LmDrJ+endN9kEatdY5W/q4Z3 daVjXLfwk2Me5RcqtxP7vUgco3iHphmDrCtYfYuuYPjC58xoKvVf86LDGW2ztv4hRkwW /CKtEmHV56YMbOaH7xcqbG/CQ4uG4y3gHqXo8te88TQJvMq6YLdZITyNE7cbE8RrBJnL Mzpqy8Q7AD2Mc+JEfzlZXuVKySjPJtJClzUJOwJPQY6xwM9G/YcRYsJwhX+jNz/Q3ziX dcHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708484287; x=1709089087; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hMelBBUb7lQfw+CAX9NdYFLemt4g519UfusTQ2lvYJQ=; b=getzjrh+SBPOXQNWDyZtWJuhnrEiCiboyzjAP4tsU0S7DbaCK3ygQ3rDD6YF55/642 6AxaBzi2P2EBDGH0hfM4+0cq1OcEwpU2sgyg9dCpxljteUo6oIo/X1tdljpCzWgkmE6G aZ80G526FI64PmaulfogNwmjlL9LX8aw8QNLJ4A0u3BjzIo5NbLrvmsovPm7qXhXHf8Y oKOPctwhIkvswPpSVGLOV1LoXUwLs0JtIqMSe5NJhnDABzO4nUDKvgXTIRmFihFuY1mR 9glomOjvJHd9eb+/nyE/MMepLh5NXmLS4dHwFDnHEJ3J4tn15zic2do3+sO2pJWX3fMB 4fsw== X-Gm-Message-State: AOJu0Yw2t7kZF3OeDEGG48CyUadVYDiUsRZNbUWwxOb3LgbMXDNOfTyX QBwMx4xye+KkpPFRMKmw1vyCI07rabAZpZf0UCGdrhvsK96leQJV X-Google-Smtp-Source: AGHT+IGkRmFlWYiqdVJQqLH3z8pxqvG1SU6CEvDCed/fJHI5+H6YEawdQJV+Jum05XxW2StGpQ6reQ== X-Received: by 2002:a17:90b:1c87:b0:299:f6a:98b with SMTP id oo7-20020a17090b1c8700b002990f6a098bmr12310935pjb.12.1708484286984; Tue, 20 Feb 2024 18:58:06 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.24]) by smtp.gmail.com with ESMTPSA id pv14-20020a17090b3c8e00b0029454cca5c3sm426467pjb.39.2024.02.20.18.58.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 18:58:06 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v7 06/11] tcp: introduce dropreasons in receive path Date: Wed, 21 Feb 2024 10:57:26 +0800 Message-Id: <20240221025732.68157-7-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240221025732.68157-1-kerneljasonxing@gmail.com> References: <20240221025732.68157-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Soon later patches can use these relatively more accurate reasons to recognise and find out the cause. Signed-off-by: Jason Xing --- v7 Link: https://lore.kernel.org/all/20240219044744.99367-1-kuniyu@amazon.com/ 1. nit: nit: s/. because of/ because/ (Kuniyuki) v5: Link: https://lore.kernel.org/netdev/3a495358-4c47-4a9f-b116-5f9c8b44e5ab@kernel.org/ 1. Use new name (TCP_ABORT_ON_DATA) for readability (David) 2. change the title of this patch --- include/net/dropreason-core.h | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index a871f061558d..af7c7146219d 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -30,6 +30,7 @@ FN(TCP_AOFAILURE) \ FN(SOCKET_BACKLOG) \ FN(TCP_FLAGS) \ + FN(TCP_ABORT_ON_DATA) \ FN(TCP_ZEROWINDOW) \ FN(TCP_OLD_DATA) \ FN(TCP_OVERWINDOW) \ @@ -37,6 +38,7 @@ FN(TCP_RFC7323_PAWS) \ FN(TCP_OLD_SEQUENCE) \ FN(TCP_INVALID_SEQUENCE) \ + FN(TCP_INVALID_ACK_SEQUENCE) \ FN(TCP_RESET) \ FN(TCP_INVALID_SYN) \ FN(TCP_CLOSE) \ @@ -204,6 +206,11 @@ enum skb_drop_reason { SKB_DROP_REASON_SOCKET_BACKLOG, /** @SKB_DROP_REASON_TCP_FLAGS: TCP flags invalid */ SKB_DROP_REASON_TCP_FLAGS, + /** + * @SKB_DROP_REASON_TCP_ABORT_ON_DATA: abort on data, corresponding to + * LINUX_MIB_TCPABORTONDATA + */ + SKB_DROP_REASON_TCP_ABORT_ON_DATA, /** * @SKB_DROP_REASON_TCP_ZEROWINDOW: TCP receive window size is zero, * see LINUX_MIB_TCPZEROWINDOWDROP @@ -228,13 +235,19 @@ enum skb_drop_reason { SKB_DROP_REASON_TCP_OFOMERGE, /** * @SKB_DROP_REASON_TCP_RFC7323_PAWS: PAWS check, corresponding to - * LINUX_MIB_PAWSESTABREJECTED + * LINUX_MIB_PAWSESTABREJECTED, LINUX_MIB_PAWSACTIVEREJECTED */ SKB_DROP_REASON_TCP_RFC7323_PAWS, /** @SKB_DROP_REASON_TCP_OLD_SEQUENCE: Old SEQ field (duplicate packet) */ SKB_DROP_REASON_TCP_OLD_SEQUENCE, /** @SKB_DROP_REASON_TCP_INVALID_SEQUENCE: Not acceptable SEQ field */ SKB_DROP_REASON_TCP_INVALID_SEQUENCE, + /** + * @SKB_DROP_REASON_TCP_INVALID_ACK_SEQUENCE: Not acceptable ACK SEQ + * field because ack sequence is not in the window between snd_una + * and snd_nxt + */ + SKB_DROP_REASON_TCP_INVALID_ACK_SEQUENCE, /** @SKB_DROP_REASON_TCP_RESET: Invalid RST packet */ SKB_DROP_REASON_TCP_RESET, /** From patchwork Wed Feb 21 02:57:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13564873 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7327A2B9CC for ; Wed, 21 Feb 2024 02:58:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484291; cv=none; b=PjhVynH95ACSkbEw114uuJxZbL/YAd7tatjtXAZ6ZMD7rgTUb1fIVhBtxg0iTUEsGFlFYwi9EOp9DeDLYQNQKo8NQHPHjcwS/m2nF52DJioLS/PW1WJ40RudlEei/ImUFfW7jszhWIA+L2GcVZCufr5rSDQSun2/9PMyBx1cXgg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484291; c=relaxed/simple; bh=cW3e/HxRoerfB+CnSkxC6fP8IbXvOpf5u17yRRYGdyw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=CZmrMVN1NOaJ6Y1J2ejSt2PEn6d7F3zVkvSPpnTY+NjlN04hE7fEoEj2iYkCX4yovuiCHA2zgf1aOsIdQqjwNcgI18KBa2c8D3HOeEe9FQPD3QUZNQTrY8Hmci3TGnmDkE1VOgqILNJnRzbzdInBtrxqboMs6qinTwJr2lRZ7ps= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=hTZvGhEk; arc=none smtp.client-ip=209.85.215.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hTZvGhEk" Received: by mail-pg1-f170.google.com with SMTP id 41be03b00d2f7-5ce9555d42eso96412a12.2 for ; Tue, 20 Feb 2024 18:58:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708484290; x=1709089090; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Tc4RsuO7ABCUQWRTU4WnZFcSZZnU1hvSvcjCAudBuTA=; b=hTZvGhEkozScpLZC0dRqVJBoaHl8zrtUZ/sHEZDJVdfAciaav5efcJ8tVzYBsJMMel zBt6jxIrMXINRXweaCEZ75RJ31s6seFxk60k6ZbD/WFwDGJ9hov8UpJZJJDGuOmYLlYZ PKcHV3yAH/Snu9+NXuLA5lxY+crc/u907lCVF1GFeS80Lr3AUpUy7dW/ljDoSNKOhKSc E2ScwrayBaDVC6z77F4MIFswJUr42d39Uuoozv3v9DuWNhbwipACiehVUkPKCsN2yLKU mVBshVEdH9p9eXVdzvcQLpGK+fDN9Z3NmcG7olHA0hNLH3rXWZNOss6TvKZ/rHtOh0Rd S8BQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708484290; x=1709089090; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Tc4RsuO7ABCUQWRTU4WnZFcSZZnU1hvSvcjCAudBuTA=; b=McisoJtGYiI9wFZgu+OuRgJkQ58tUL/Qh+BPlmDmIrG9oruPn4fkyAT6hOP+XVM3ym 5cGFe8m4pDoAIPPWtj3rVV81l0ZWuVjCs/Ij1SF+2gqb5u99JKUvqZRtvi1joJwipA1c c+osaRoduTPPb9TFIy28E4PwzzcszmVirSEBWH/9kHOsgrfP95domzKoDvDZaK5MSLSN +NK3P0nxBj+HLn6+TfCMFBDsiJs4+dgRJjbdookVMFOrQi4St/KKKGs1yZS22EZzVWuG vbCfrOMrwqR3ESGMoRMLyHrjApn1Vd+bdAi25XgXkdEYHXB42ESuWZPEeD8NvKXQFObz IxdQ== X-Gm-Message-State: AOJu0Yx0/IS4NjOryDr0+dgwFADnEi3hvi5OsIbR06ql9Y7MclmBzv77 KAEc6BWCNA2DcMMthzSqStI4JKrS3/9WAsvoTCF2bbjwKXiUSU+o X-Google-Smtp-Source: AGHT+IGnPXhNrOHaxmr3erQ4JghlrVaSOeHmRHkBVEmMOHqVHllk/KD3+3/2DVtUM8oFby1naxe/1Q== X-Received: by 2002:a05:6a21:3409:b0:19e:4ed7:127a with SMTP id yn9-20020a056a21340900b0019e4ed7127amr21392515pzb.46.1708484289853; Tue, 20 Feb 2024 18:58:09 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.24]) by smtp.gmail.com with ESMTPSA id pv14-20020a17090b3c8e00b0029454cca5c3sm426467pjb.39.2024.02.20.18.58.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 18:58:09 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v7 07/11] tcp: add more specific possible drop reasons in tcp_rcv_synsent_state_process() Date: Wed, 21 Feb 2024 10:57:27 +0800 Message-Id: <20240221025732.68157-8-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240221025732.68157-1-kerneljasonxing@gmail.com> References: <20240221025732.68157-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing This patch does two things: 1) add two more new reasons 2) only change the return value(1) to various drop reason values for the future use For now, we still cannot trace those two reasons. We'll implement the full function in the subsequent patch in this series. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- net/ipv4/tcp_input.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 74c03f0a6c0c..83308cca1610 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6361,6 +6361,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, TCP_TIMEOUT_MIN, TCP_RTO_MAX); + SKB_DR_SET(reason, TCP_INVALID_ACK_SEQUENCE); goto reset_and_undo; } @@ -6369,6 +6370,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, tcp_time_stamp_ts(tp))) { NET_INC_STATS(sock_net(sk), LINUX_MIB_PAWSACTIVEREJECTED); + SKB_DR_SET(reason, TCP_RFC7323_PAWS); goto reset_and_undo; } @@ -6572,7 +6574,8 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, reset_and_undo: tcp_clear_options(&tp->rx_opt); tp->rx_opt.mss_clamp = saved_clamp; - return 1; + /* we can reuse/return @reason to its caller to handle the exception */ + return reason; } static void tcp_rcv_synrecv_state_fastopen(struct sock *sk) From patchwork Wed Feb 21 02:57:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13564874 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 519C52B9CC for ; Wed, 21 Feb 2024 02:58:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484294; cv=none; b=Tptya1qxIXCAYhHYu1Gg5Yhf3XZvTwCXcrltBBpmZpD7rrx3wRgW5VB1xtDFa0t+H5iTRkooEugkl7CTwiyQfML/83CuCUgHIYZ0G5l4FUfUOAm/3C5FUca0drk/02oxJsBDo0iVghJX3hNxjEy7UzZ905y1+9LGjc8FeVvKwCc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484294; c=relaxed/simple; bh=wnwrmXeC9Dsl1gEInm4y0TAd1stBQJYle+2UWSzNLP8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=l0wE/QIEKJP+KhMzrq1Ct5TdB7CcucvkFSvw7fEwJU5ggAsBC2zGvrRX3KZQ5fnBUhgKRrdIwY+uUxreXmpacaWNAb9oYbsl68pzwivTyD+JwCTqYiDzvL/r3V9z9StqGrWAqhDLVxzQh2L+vFPB1qv916cUF8sAA6lXP4LbR60= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MvSLGKax; arc=none smtp.client-ip=209.85.216.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MvSLGKax" Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-299b55f2344so1828700a91.2 for ; Tue, 20 Feb 2024 18:58:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708484293; x=1709089093; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0+pVev56k4S6OfBszMhW/zhsK9iew0UVqFLmn8OKknc=; b=MvSLGKaxRg+iVLLG1kNyqjUiq1UKIZII8I9vrLlCtXrt+Hy+QlJ1ATpt6oOoyO/vhw nm8F7CiazHVgm0FQYgRipu3TcRhYi8dSbwkjOPEfV9BR+fZcEG8rQaaunblZRyiMjC81 zZip03vYFUwiTJXuphgYtO6ylixvtaWxSjB9m/GynDqr0kbvz7Qsa0NlZRJzvzVCvLY6 9ohDgfKSAEj6uqsq8E9famCcmG/x6LzwGBsqgT+7vB+5TkDpG2onlEoJmZHUIMGgZuSG GMZqzMVewBmqzC0eucKq8X045W/41bwkgx5tl6m3C/8s7IZNmjSba8IDNs0CUgWAMJ2B ZYxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708484293; x=1709089093; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0+pVev56k4S6OfBszMhW/zhsK9iew0UVqFLmn8OKknc=; b=Y83ojq9Mw/GgwjSOtQNgtj05bATBNbiFj4rg0q5Ol7VHujEdLOn698hHG2rBl7hyq+ uiNydRl975xmppJsZ19yzOzMmP3ebhp6vEdAe6CIb5+N9U+nyc2z1k9USknbTB2yWjiR QaJvTA8nvNuCZyXl5vN7Q7HocJgn+h3Y8K2IYjPxQt8RZmOs134kX0WrpPTJZlepHuhB RQHCRK7WyUWVAjdA1ALrH4bnwvnUbGjuZ7YdLk7EAfUjrF2pjT6WgpSqaDjOjXaOpTBK TATbMRhWHemIJL83en17jXsQGret8mq0wLyVHi2w349FNjxorGiHPccXo16i/L2XRzy7 EK8g== X-Gm-Message-State: AOJu0Yz8oJKXr04KjeUtwfO6DPPC6KZpDhoesh1FP81giKkuagC+uKEY zgNKwV++iURMeDIBfTU7wmgqZV+2jbDHqijLMjhfZtvN32Kr1hPG X-Google-Smtp-Source: AGHT+IGFzU+Uihadj1fuPejeVNqFA93hkZNc2ZqXSy5IJuHRtsWK0nxKoLwgAXgGa4DZLcmmN6e2Aw== X-Received: by 2002:a17:90a:c697:b0:299:4269:b8c9 with SMTP id n23-20020a17090ac69700b002994269b8c9mr10057203pjt.26.1708484292775; Tue, 20 Feb 2024 18:58:12 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.24]) by smtp.gmail.com with ESMTPSA id pv14-20020a17090b3c8e00b0029454cca5c3sm426467pjb.39.2024.02.20.18.58.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 18:58:12 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v7 08/11] tcp: add dropreasons in tcp_rcv_state_process() Date: Wed, 21 Feb 2024 10:57:28 +0800 Message-Id: <20240221025732.68157-9-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240221025732.68157-1-kerneljasonxing@gmail.com> References: <20240221025732.68157-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing In this patch, I equipped this function with more dropreasons, but it still doesn't work yet, which I will do later. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- v5: Link: https://lore.kernel.org/netdev/3a495358-4c47-4a9f-b116-5f9c8b44e5ab@kernel.org/ 1. Use new name (TCP_ABORT_ON_DATA) for readability (David) --- include/net/tcp.h | 2 +- net/ipv4/tcp_input.c | 20 +++++++++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index 58e65af74ad1..e5af9a5b411b 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -348,7 +348,7 @@ void tcp_wfree(struct sk_buff *skb); void tcp_write_timer_handler(struct sock *sk); void tcp_delack_timer_handler(struct sock *sk); int tcp_ioctl(struct sock *sk, int cmd, int *karg); -int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb); +enum skb_drop_reason tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb); void tcp_rcv_established(struct sock *sk, struct sk_buff *skb); void tcp_rcv_space_adjust(struct sock *sk); int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp); diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 83308cca1610..b257da06c0c7 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6619,7 +6619,8 @@ static void tcp_rcv_synrecv_state_fastopen(struct sock *sk) * address independent. */ -int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) +enum skb_drop_reason +tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) { struct tcp_sock *tp = tcp_sk(sk); struct inet_connection_sock *icsk = inet_csk(sk); @@ -6635,7 +6636,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) case TCP_LISTEN: if (th->ack) - return 1; + return SKB_DROP_REASON_TCP_FLAGS; if (th->rst) { SKB_DR_SET(reason, TCP_RESET); @@ -6704,8 +6705,13 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) FLAG_NO_CHALLENGE_ACK); if ((int)reason <= 0) { - if (sk->sk_state == TCP_SYN_RECV) - return 1; /* send one RST */ + if (sk->sk_state == TCP_SYN_RECV) { + /* send one RST */ + if (!reason) + return SKB_DROP_REASON_TCP_OLD_ACK; + else + return -reason; + } /* accept old ack during closing */ if ((int)reason < 0) { tcp_send_challenge_ack(sk); @@ -6781,7 +6787,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) if (READ_ONCE(tp->linger2) < 0) { tcp_done(sk); NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } if (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq && after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) { @@ -6790,7 +6796,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) tcp_fastopen_active_disable(sk); tcp_done(sk); NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } tmo = tcp_fin_time(sk); @@ -6855,7 +6861,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); tcp_reset(sk, skb); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } } fallthrough; From patchwork Wed Feb 21 02:57:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13564875 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 52C312837F for ; Wed, 21 Feb 2024 02:58:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484297; cv=none; b=dEiuPMJfT1anu96lvKQot8taunsS/ib8vn2OcObmcdwTAnC4LiBfvLNqHtHyMPkIe/AovlBTw9lglGY2U4dBeJfvJ1qDyRExPszJteNJOutaEi0UdfeV6AaK9q1VVcbZrUUJkNqUgeV0KOQUa2x9tpoH7yrIWwVj05NviI3tA2k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484297; c=relaxed/simple; bh=ZwHDPF/CvsDu+GUqTG1yxCkMD92Rjk9NKTkuXfnczYA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AN+EuO/RBndFejLOYxLPhAsRL9GxsiuNEgvdfJj9KHp8w3E3aktv0Eieito7JVlPh0msoCnHimc/wr4CG5qD1T6TjxC/FFzcwqTZWTBE/KlnRrXN9o0rvJTNY2FVn00CwvtkieGFtQI6qso26Ze1gnbVr3AoJl/RGAkAe5lV0PU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=NWtayUBH; arc=none smtp.client-ip=209.85.215.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NWtayUBH" Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-5cddc5455aeso4103880a12.1 for ; Tue, 20 Feb 2024 18:58:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708484296; x=1709089096; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Wsc0AM2eL+AajhMGwF/JnhRj6xqyGGgalVKC2FYGpRM=; b=NWtayUBHjenCNxElARwgU/Xw88vNwGL6s/LkSL56FLfoui07ySUI1+AVTGLUBs1t41 K8KsEwNHRem3D3/i5r+/sM1yZweYq2agfAlR46H+dxcmjxRt7W/Cfm4IXGaON0EwbG5k RaJY9ZjOSxVrHIpnKoKBtxRBmS7H+HYn6736AebEppf3aEgEx/COAJBJy87OVzOOkSkg ONWZuKX4SReWvDWi5XqygiFGuy1UrmacpsxgTc/xsT3s8cAiLchY94B0KoO6DIpmubtf 6ncPw4UDD05NBaWN6j3cMlCLWCgvnZyN0eJAsDUaNW0SczcpGBNJxXYt5nMqX7UWISvy tTyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708484296; x=1709089096; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Wsc0AM2eL+AajhMGwF/JnhRj6xqyGGgalVKC2FYGpRM=; b=ppHnkPQomlZ847BuFjPeg+YnOwy4UJCbL6SKeShEMJMXTDoa50kaUqkO+CpqdzLpGA sevvukj1DhOAq0T/2ixTRAf0ws29zE9VoT493xXFtPJ1tYSCC6CR4FNl5X77d02wn3sA /Rys98Ut9h9K32BsQIZvAftoEa5L0q7tm4E6dfQky5rN7kTxBD5Pfe15Ufg7cRjsU3xp ugCFPexvOpzDR/gcCwpB6WFvVEwkV1XR7z7VBT5SMByyJBJfyAfwppDdY5A27gkkTVIT dxJQPo9IH1DZ4v8OcYBlBlaAVBmhuM8thI0ajAT5LwsgJQ/8E5TUhzGVgw38heijiEVR dBTQ== X-Gm-Message-State: AOJu0YwUk5952nqydTMplrcxQhchU6MEmwnSaDg+OzxAc68aPLSUE+fh RzqbD4zPRinGrIgaQ8poEV7M8n+UDfbkktnbtNns+uaDKQli4Nuw X-Google-Smtp-Source: AGHT+IFIwUEjqRGsuheqgc0i3G1qp2b78Sd+H92DBQ5nZ83dtxJiH9YX1JdrQUulvS4ibIeXcUtp7g== X-Received: by 2002:a05:6a21:1394:b0:1a0:aa34:8733 with SMTP id oa20-20020a056a21139400b001a0aa348733mr5876161pzb.17.1708484295683; Tue, 20 Feb 2024 18:58:15 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.24]) by smtp.gmail.com with ESMTPSA id pv14-20020a17090b3c8e00b0029454cca5c3sm426467pjb.39.2024.02.20.18.58.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 18:58:15 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v7 09/11] tcp: make the dropreason really work when calling tcp_rcv_state_process() Date: Wed, 21 Feb 2024 10:57:29 +0800 Message-Id: <20240221025732.68157-10-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240221025732.68157-1-kerneljasonxing@gmail.com> References: <20240221025732.68157-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Update three callers including both ipv4 and ipv6 and let the dropreason mechanism work in reality. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- include/net/tcp.h | 2 +- net/ipv4/tcp_ipv4.c | 3 ++- net/ipv4/tcp_minisocks.c | 9 +++++---- net/ipv6/tcp_ipv6.c | 3 ++- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index e5af9a5b411b..1d9b2a766b5e 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -396,7 +396,7 @@ enum tcp_tw_status tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb, struct request_sock *req, bool fastopen, bool *lost_race); -int tcp_child_process(struct sock *parent, struct sock *child, +enum skb_drop_reason tcp_child_process(struct sock *parent, struct sock *child, struct sk_buff *skb); void tcp_enter_loss(struct sock *sk); void tcp_cwnd_reduction(struct sock *sk, int newly_acked_sacked, int newly_lost, int flag); diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 0a944e109088..c79e25549972 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1926,7 +1926,8 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) } else sock_rps_save_rxhash(sk, skb); - if (tcp_rcv_state_process(sk, skb)) { + reason = tcp_rcv_state_process(sk, skb); + if (reason) { rsk = sk; goto reset; } diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index 9e85f2a0bddd..08d5b48540ea 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -911,11 +911,12 @@ EXPORT_SYMBOL(tcp_check_req); * be created. */ -int tcp_child_process(struct sock *parent, struct sock *child, +enum skb_drop_reason +tcp_child_process(struct sock *parent, struct sock *child, struct sk_buff *skb) __releases(&((child)->sk_lock.slock)) { - int ret = 0; + enum skb_drop_reason reason = SKB_NOT_DROPPED_YET; int state = child->sk_state; /* record sk_napi_id and sk_rx_queue_mapping of child. */ @@ -923,7 +924,7 @@ int tcp_child_process(struct sock *parent, struct sock *child, tcp_segs_in(tcp_sk(child), skb); if (!sock_owned_by_user(child)) { - ret = tcp_rcv_state_process(child, skb); + reason = tcp_rcv_state_process(child, skb); /* Wakeup parent, send SIGIO */ if (state == TCP_SYN_RECV && child->sk_state != state) parent->sk_data_ready(parent); @@ -937,6 +938,6 @@ int tcp_child_process(struct sock *parent, struct sock *child, bh_unlock_sock(child); sock_put(child); - return ret; + return reason; } EXPORT_SYMBOL(tcp_child_process); diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 0c180bb8187f..4f8464e04b7f 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1663,7 +1663,8 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) } else sock_rps_save_rxhash(sk, skb); - if (tcp_rcv_state_process(sk, skb)) + reason = tcp_rcv_state_process(sk, skb); + if (reason) goto reset; if (opt_skb) goto ipv6_pktoptions; From patchwork Wed Feb 21 02:57:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13564876 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E2C238FAF for ; Wed, 21 Feb 2024 02:58:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484300; cv=none; b=IedkoH/fq6hilbxLChFiCAi9bqj76u+Gd5Ps8iJJpD6FMBg6Q5BEZ8ELT6xFnnyBipOWL/SNt7e2QPVaYQBjNHLkIN+SLGj/xhH1ZFIXdig4Yz8gHr/3cOD0dDSCCCS4v4BemvdTEsvDCg36nZiHNO2pvdu5N/46aVtFi63+7BQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484300; c=relaxed/simple; bh=+oB9bCqM/YOunIyLC8qL1zcuXiE83vh81zuKY7xt54E=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=O2LgKGTiGCGV7Qn4NHH39nzHHkf/xmPztE1AXL++dXsLDIh/k492CkLLWobtHxFcZKAJQOCSRKiwk98OGsFQAdCDXxq8pXp4dbH4Tzfe0c6n0QXrvOLXKsDRFWl7db7smxAzGj8dGN1qpF/29KThAXJOHnO82i0GaerZlzMOARw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=BzLgNU2g; arc=none smtp.client-ip=209.85.216.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="BzLgNU2g" Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-2997a92e23bso76854a91.3 for ; Tue, 20 Feb 2024 18:58:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708484298; x=1709089098; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=q+pMxQ+qM7QenehqlykV5c27xeYnL/w2kLKJPI3UU+M=; b=BzLgNU2g1ul7YGHN59jiWetJ8S+xCg9svkoSedmW7BIW03R7+HCn741TDTOJypZp0N PHh38dHzmhXl5UrLoM6WFXX16pHSj7Ys5X9AIlN8beYoM8WxHQeD7R20W1VnNPMMfPS+ a4b4KIXSMNKKNb6IFK3QEpwaGR3ccS7wvNkSaw7PrQqcOrD0nksWNI1nOMXVfrmROZdV 5t2Bjn43oPIdXgsZFh9oukd64/gtbtX9mtoTdlzRiWMWsu9Rc3FIA132jp1Otp8r1yJf rmQ91E49Cjrf0xsCJgma4JZVzvmgPy0QQBJ4Nlj9PFN7qCqOXAjRnhxbTCgwTpelh5LA ABJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708484298; x=1709089098; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q+pMxQ+qM7QenehqlykV5c27xeYnL/w2kLKJPI3UU+M=; b=MzZ+LHy4N2fhRi94hAF7K06QF36X1OTnnIlwIk6dZgg7j4Z6P/be782LEMyb/cBUK7 20kUBRH9XaJEXgynWU9Btlgle/rDuTMtb+B6FivPP/83V+iGNtDi3H/smbaXCO3KuTjQ /I7Xbjr4zNai3JZdggpEpRsr7N4uUnBb5YRkIisQlNjyhVdNo4Uy1aUi+nD8ioRQc/j6 OCCnXtkscuKz9YyTMashULLpUrHo0HYc3F2ntfaeMOzhBTi/oxbS6H274etmwXE1Sojd m7C5EYgnqZP9L81CbHm7ZxPvr6LOPn0+u5visc9GxiAq/l5U8x6n804Y1aOi4hHywMZh k0Aw== X-Gm-Message-State: AOJu0Yx8VbUNmk09ugpD9eNgJQy4XuLMal8u9T29KBXmg9Oj9Zt8Qu71 84ZM85Vt25CjCpd88mSwvXciPhXqcXtpxFBeOMkCY4P+ruoWt4YX X-Google-Smtp-Source: AGHT+IG4MIsP5ppGx7BKiyFqRyrPC/yeV2Ap/ov/hdNSCZpLPHfTjSA5qV4yTPxIqcIjDFlrYlCwxg== X-Received: by 2002:a17:90b:3942:b0:299:f6e1:67d1 with SMTP id oe2-20020a17090b394200b00299f6e167d1mr2755169pjb.13.1708484298593; Tue, 20 Feb 2024 18:58:18 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.24]) by smtp.gmail.com with ESMTPSA id pv14-20020a17090b3c8e00b0029454cca5c3sm426467pjb.39.2024.02.20.18.58.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 18:58:18 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v7 10/11] tcp: make dropreason in tcp_child_process() work Date: Wed, 21 Feb 2024 10:57:30 +0800 Message-Id: <20240221025732.68157-11-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240221025732.68157-1-kerneljasonxing@gmail.com> References: <20240221025732.68157-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing It's time to let it work right now. We've already prepared for this:) Signed-off-by: Jason Xing --- v7 Link: https://lore.kernel.org/all/20240219043815.98410-1-kuniyu@amazon.com/ 1. adjust the related part of code only since patch [04/11] is changed. --- net/ipv4/tcp_ipv4.c | 16 ++++++++++------ net/ipv6/tcp_ipv6.c | 20 +++++++++++++------- 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index c79e25549972..c886c671fae9 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1917,7 +1917,8 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) if (!nsk) return 0; if (nsk != sk) { - if (tcp_child_process(sk, nsk, skb)) { + reason = tcp_child_process(sk, nsk, skb); + if (reason) { rsk = nsk; goto reset; } @@ -2276,12 +2277,15 @@ int tcp_v4_rcv(struct sk_buff *skb) if (nsk == sk) { reqsk_put(req); tcp_v4_restore_cb(skb); - } else if (tcp_child_process(sk, nsk, skb)) { - tcp_v4_send_reset(nsk, skb); - goto discard_and_relse; } else { - sock_put(sk); - return 0; + drop_reason = tcp_child_process(sk, nsk, skb); + if (drop_reason) { + tcp_v4_send_reset(nsk, skb); + goto discard_and_relse; + } else { + sock_put(sk); + return 0; + } } } diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 4f8464e04b7f..f260c28e5b18 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1654,8 +1654,11 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) struct sock *nsk = tcp_v6_cookie_check(sk, skb); if (nsk != sk) { - if (nsk && tcp_child_process(sk, nsk, skb)) - goto reset; + if (nsk) { + reason = tcp_child_process(sk, nsk, skb); + if (reason) + goto reset; + } if (opt_skb) __kfree_skb(opt_skb); return 0; @@ -1854,12 +1857,15 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb) if (nsk == sk) { reqsk_put(req); tcp_v6_restore_cb(skb); - } else if (tcp_child_process(sk, nsk, skb)) { - tcp_v6_send_reset(nsk, skb); - goto discard_and_relse; } else { - sock_put(sk); - return 0; + drop_reason = tcp_child_process(sk, nsk, skb); + if (drop_reason) { + tcp_v6_send_reset(nsk, skb); + goto discard_and_relse; + } else { + sock_put(sk); + return 0; + } } } From patchwork Wed Feb 21 02:57:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13564877 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0A51D38FBA for ; Wed, 21 Feb 2024 02:58:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484303; cv=none; b=eSndfmzosCq5ZUuZgRt+TQfgMgTfFJCyQ+N2r6Enwo1i90gqhoLnyw9mHLmqovb6/KzebTN3bTnZp5LkzniulvnXuAuppzogf6iBibGzhEDMLOffwDF2MBmvX8yY95YzHbeJw6sqas44o49XOpLNgXNwS2GIM25JLCY5RTc5vI4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708484303; c=relaxed/simple; bh=UHHLE49iooiHY4vjPey6O8XYNle73cZCqSAhyE+EDP0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Vx9yfsYPKJ/YQ8hRdWPM8APLfMaN38ZqEksvfn9uHuY9ZczH4M7k6j7trWEYIjj6HkZ5wSfrewmRe2ucF/yt+aGoxnrzgZ603gKhGvU9+p7Ja7mh8/hBWpsztzSd+eguOQ5hji9N7xsS5YPzrsy7IZny9vobxENso/TsiW9BfgY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=f/0bbvJt; arc=none smtp.client-ip=209.85.216.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="f/0bbvJt" Received: by mail-pj1-f42.google.com with SMTP id 98e67ed59e1d1-29938dcb711so2836005a91.0 for ; Tue, 20 Feb 2024 18:58:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708484301; x=1709089101; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QQKphae6rZS2OgxQEvHNL6uRp2pRDqwCrN9aul+Noo8=; b=f/0bbvJtMFYXX+xIJEWMO7TFG64CyiNfyPdAeVwiubryn9L/2slQzvwmMhVrgsDTE4 4WTGvSaaPxK5Tve/dbe/nfKvYP2eMtjsXpDjRzMBjvZv3bR9A3qMLiPE8VoGnTNxhjiq EQ/ubsJ4Z7CvJHsxwz15p2i5liU2UICz5kZMzVaPSNqUcKbkP+aMfe2pk5HjIzDU2fqi 6sRLO35GCJlZfEkmFS/S/cuITXgK3g80HlJoVZl4UssOA0oMtzJdN5xebxk1j28dcKVp 2DZpN+oeyH+ViQCbiKEelNIKmfCDaVNcNvbbmMK0zd5VH7EQhkqug7T3iB+EwHqLSZxz RJFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708484301; x=1709089101; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QQKphae6rZS2OgxQEvHNL6uRp2pRDqwCrN9aul+Noo8=; b=lpcjgQAtk93D89ig+HY5VsWERt+Vr5p6YuSVaO1lvRJJF6s7kNBpa0Ba/LqdIrD7ff aKM8V/UoVMzDOJbmKXIbagqmtJlu0FN3VBQXKBzEtLaRNss/KK3EDSZ/DHsnI4qik7oW Z3sFyWPcAKidfG8qNyLJDj4zl7nzCb6LeglJEYeL1n2fxeeokG0knXwmOEYwL1ALxBjv jnWrc8RDu9ggFUWr/AFz61Cor6d3iH6NbY9igGi8PFMWIS2z69D3O8B6uq1W4Okb0IGB hgKD+jJLK14Y6hBn2PZoTsiCbg/2IT1gIXH0LMmFRwMVTv4SHBwa4BL80uvGArVUsrU9 QbzA== X-Gm-Message-State: AOJu0YziMbdRoaJXBmJLy81WibVxsM4vayBR8aAAFcEfV+gAx2ZAWFlG R/b0YILw4fSNj5trQUpbt2aHN5JZE36oVuZa0jL6d4vPLoax77jO X-Google-Smtp-Source: AGHT+IEdUv5ClSAAp3qFpgg4nSzCstuUT0LmRw5VqQ5Tl1FE2TD3+QO4U63QIx7wZUIskSN0OQxcoA== X-Received: by 2002:a17:90a:dc0a:b0:299:33c5:9583 with SMTP id i10-20020a17090adc0a00b0029933c59583mr10433204pjv.14.1708484301538; Tue, 20 Feb 2024 18:58:21 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.24]) by smtp.gmail.com with ESMTPSA id pv14-20020a17090b3c8e00b0029454cca5c3sm426467pjb.39.2024.02.20.18.58.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 18:58:21 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v7 11/11] tcp: get rid of NOT_SPECIFIED reason in tcp_v4/6_do_rcv Date: Wed, 21 Feb 2024 10:57:31 +0800 Message-Id: <20240221025732.68157-12-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240221025732.68157-1-kerneljasonxing@gmail.com> References: <20240221025732.68157-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Finally we can drop this obscure reason in receive path because we replaced with many other more accurate reasons before. Signed-off-by: Jason Xing --- v5: 1. change the misspelled word in the title --- net/ipv4/tcp_ipv4.c | 1 - net/ipv6/tcp_ipv6.c | 1 - 2 files changed, 2 deletions(-) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index c886c671fae9..82e63f6af34b 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1907,7 +1907,6 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; } - reason = SKB_DROP_REASON_NOT_SPECIFIED; if (tcp_checksum_complete(skb)) goto csum_err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index f260c28e5b18..56c3a3bf1323 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1623,7 +1623,6 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) if (np->rxopt.all) opt_skb = skb_clone_and_charge_r(skb, sk); - reason = SKB_DROP_REASON_NOT_SPECIFIED; if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ struct dst_entry *dst;