From patchwork Thu Feb 22 11:29:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13567111 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9948A3FE4C for ; Thu, 22 Feb 2024 11:30:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601415; cv=none; b=pMEMsq90zddEtEIImFRfr1LSHQFUNRc64pPd4QECOCUlbSUCZcik9mVmGs3TtO6nw5d1FN8PqTXqwBoB52Gw1/X8nrkXCiWKskIVrazHqa61YA8Qdf1mrLePmcr8RPlvCF1lGKVI9PRfpcuxhDdEvlvveMW8EeveA7FL/wx01sU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601415; c=relaxed/simple; bh=9P3/dqf/SCbDCM/INxxXwECtGJLis5ZXi3z5fbwHBRk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=D16l5YwEwrH7gSYKy85zaDfwug+E5snyS3+If0Yxj+87j4z1iPbslzFJqwUdzqZkRBqqBgaq7EY0vMOM36xFd2+vMxCekhTaxhm01mCGalvUALdDuC9uTOPBlEIs9xqB5ZsJvBbqAsHXuzChTNh3hNk7u6UsYUeofUHnUJRa918= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=mVj5RdF1; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="mVj5RdF1" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1dba177c596so4953915ad.0 for ; Thu, 22 Feb 2024 03:30:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708601413; x=1709206213; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=OErMr2/tFbMgm5lFiZzZbH6qllUlMl9rYlHOVu/pd28=; b=mVj5RdF1c6GoD9/Ls26Qt7NpRkmzAuvWruZxG6Wdi+D4dsyG7JUVYwwSMh12833Gwt depCuKP7xTjFvKcnej4jMQt39TS6dm2mESTDe0RsQJvk7WOF3PoZUmQ+Yv3TTsbZAvbE hBLPtoWp0Fa5gJ+hKtqzvXTMDIVpfbuZvVFCVeFPzA+wWPKqm7pUI0TCzqpdtxz66I02 Bo7GLqF60c9jzIulVYuhSceZExeH9TmJBHqRO0KNLEx+TkSFRYv/Xgfah3zywfGBkkmR FuI565rTxqsiupaoxoTCWMx1cAkgmU7rgNcAYaZXGNhmmfccdr6O5MUCzUVbAkWtlhZo 0MVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708601413; x=1709206213; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OErMr2/tFbMgm5lFiZzZbH6qllUlMl9rYlHOVu/pd28=; b=gBQ327mn2XBH6uHwD2hhhC3u5pt/vxnIg8Z77QOGhvoWj20jmTnFJC8ONcljBt5lh7 m+qinN1cCJ6DmpTf9H7w5CN/I5l7xxSdAG5zocwCKPKCwtn79G9Ryg+BB3jUFjUfw1BJ D0KgJbX9mOHKDXfy816SZhqSM1SQqYc0qbDI2cf0Fnn/4EM9O0+BRr/D8ecPTx16LDvA yKylFTKVWfFdsUA1hworVBG+yLJvyeSBuseE5KZmnJBdMj9QwKYbqzK/7kYR9TLeSw9t Kw7Mce7XGiDIoqnVS4YADyBHPwLJEUqImhVjySFVwC3DTZzxQSwSpkfpBJBnyNKc/zGb AmgQ== X-Gm-Message-State: AOJu0YzT0OoSAvc5WEweC15yf2EM/pj4u5CR5SrOQCbKw9ZexWTVKETI CXdlrUdpnuKu+Vk53pYOX7eJWLZr3WS/pmktc8lVgpXMcS6jcce5 X-Google-Smtp-Source: AGHT+IECP1yLa5iIqsT22OMG79LxS7NCwI5hSbT9Px9pR0BWpLJXZ2P0wDHzpliHOsGADVxTzR9MZw== X-Received: by 2002:a17:902:d484:b0:1d8:ff72:eef8 with SMTP id c4-20020a170902d48400b001d8ff72eef8mr3032789plg.18.1708601412794; Thu, 22 Feb 2024 03:30:12 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id b3-20020a170902a9c300b001dc0955c635sm5978637plr.244.2024.02.22.03.30.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 03:30:12 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v8 01/10] tcp: add a dropreason definitions and prepare for cookie check Date: Thu, 22 Feb 2024 19:29:54 +0800 Message-Id: <20240222113003.67558-2-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240222113003.67558-1-kerneljasonxing@gmail.com> References: <20240222113003.67558-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Adding one drop reason to detect the condition of skb dropped because of hook points in cookie check and extending NO_SOCKET to consider another two cases can be used later. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- v8 Link: https://lore.kernel.org/netdev/CANn89iJ3gLMn5psbzfVCOo2=v4nMn4m41wpr6svxyAmO4R1m6g@mail.gmail.com/ 1. add reviewed-by tag (Eric) v7 Link: https://lore.kernel.org/all/20240219040630.94637-1-kuniyu@amazon.com/ 1. nit: change "invalid" to "valid" (Kuniyuki) 2. add more description. v6 Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Modify the description NO_SOCKET to extend other two kinds of invalid socket cases. What I think about it is we can use it as a general indicator for three kinds of sockets which are invalid/NULL, like what we did to TCP_FLAGS. Any better ideas/suggestions are welcome :) v5 Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ Link: https://lore.kernel.org/netdev/632c6fd4-e060-4b8e-a80e-5d545a6c6b6c@kernel.org/ 1. Use SKB_DROP_REASON_IP_OUTNOROUTES instead of introducing a new one (Eric, David) 2. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 3. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD 4. Reuse IP_OUTNOROUTES instead of INVALID_DST (Eric) 5. adjust the title and description. v4 Link: https://lore.kernel.org/netdev/20240212172302.3f95e454@kernel.org/ 1. fix misspelled name in kdoc as Jakub said --- include/net/dropreason-core.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 6d3a20163260..a871f061558d 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -54,6 +54,7 @@ FN(NEIGH_QUEUEFULL) \ FN(NEIGH_DEAD) \ FN(TC_EGRESS) \ + FN(SECURITY_HOOK) \ FN(QDISC_DROP) \ FN(CPU_BACKLOG) \ FN(XDP) \ @@ -105,7 +106,13 @@ enum skb_drop_reason { SKB_CONSUMED, /** @SKB_DROP_REASON_NOT_SPECIFIED: drop reason is not specified */ SKB_DROP_REASON_NOT_SPECIFIED, - /** @SKB_DROP_REASON_NO_SOCKET: socket not found */ + /** + * @SKB_DROP_REASON_NO_SOCKET: no valid socket that can be used. + * Reason could be one of three cases: + * 1) no established/listening socket found during lookup process + * 2) no valid request socket during 3WHS process + * 3) no valid child socket during 3WHS process + */ SKB_DROP_REASON_NO_SOCKET, /** @SKB_DROP_REASON_PKT_TOO_SMALL: packet size is too small */ SKB_DROP_REASON_PKT_TOO_SMALL, @@ -271,6 +278,8 @@ enum skb_drop_reason { SKB_DROP_REASON_NEIGH_DEAD, /** @SKB_DROP_REASON_TC_EGRESS: dropped in TC egress HOOK */ SKB_DROP_REASON_TC_EGRESS, + /** @SKB_DROP_REASON_SECURITY_HOOK: dropped due to security HOOK */ + SKB_DROP_REASON_SECURITY_HOOK, /** * @SKB_DROP_REASON_QDISC_DROP: dropped by qdisc when packet outputting ( * failed to enqueue to current qdisc) From patchwork Thu Feb 22 11:29:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13567112 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 70B3A45954 for ; Thu, 22 Feb 2024 11:30:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601417; cv=none; b=AuZyPbMKInKX6IzBrVCKMlvTm/DCdDUp0Cd9U7CnDdxZdJ93GdK5zKN/exLVLwzrydaQTF1leSNJEFQD+e1HlJi6Tw6qKUBFfRO2vCg6v+gSiAUFbJuPRiX/BjuEivfcB2gAfUIbDXPqTd/eJoiJuwVAO949XF9HVH8z821xbJs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601417; c=relaxed/simple; bh=mNZ4uLxqVYF4N8q2nJuzcbJsnbso2Zr7qvhro6oRD8o=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=agBGnOJAzRF8OmxWa9oTatz/amI+/jqf5Q/8/yXuDfSaRyjGVujEtyJRAM3pY9P2mlBgRnSqQsAWGB+ZPQImGopGNq/mc2Tbp+WfCPj5G/Ic5uLzfTXmS+0itW6U+yAW8JThQy5tj4XrVlUYrZx4KW7w3jbAb8IugYc3vHjgCns= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=QWH5cNfC; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="QWH5cNfC" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1dbae7b8ff2so36604775ad.3 for ; Thu, 22 Feb 2024 03:30:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708601416; x=1709206216; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7xbCX2oU32ZHdT+32RY7keid4MtkTex/fIjisfOmEw0=; b=QWH5cNfC4BWY9q+SnWlpVFGJ+5UE8xQMyYrj4IJtdvkX0YJ6DPkyVgmDBv12Riraeb cS6FlqpTGGWzAMP6m5oVQYYxexpzpPDsHO0Hh+2XNP2V5euuwuFD+MtObG+mhQNFz0wR pIkvXEaMIDadvNgf/iuCvS96WHb4D0tfC0cZV4hBmcCkE0cilqDZDik3HdPfgv1qBCiR ZuLJTPYsiqOR7MjB8QTQ5r02ecNW4HZFi/mL8HtXYol0NOyoNo7Iv19khTMv0DGMxZuz 0V+1WXG8NV9ZDvy4f3GhyT0FarXXTIcLThFtMu+1uvpw0CJkGAI8tm4swxsG2XJXpR6q 9EYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708601416; x=1709206216; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7xbCX2oU32ZHdT+32RY7keid4MtkTex/fIjisfOmEw0=; b=UQwEjNuKaVp45N8jB5PfJdcboONWe8lV2un7/4PIcL8vdoOwVIfJt3X+wKyawja4FS /gcxQarAafvsT4bGFdup4ZU4Ds7XtuKpAhNKolTYGo61Fl5txfafTFMpXHt8x11zvqxM 1pfiuSII/D7aSqDIyb/TX5fT+blFEwQChchNqIK6J1EWR7PzidFBwCfFAjX+Wq6QKqKm /A147/zqUIkLiF7Q4F6Dy526qbK+L+DyzPWx/GVq0GsWAj+vVYm9VmzQnl44Qs2zLbkj j3Dsn2aQRDkRa1EvPjhPDOUVXx8zpFXatXjuQPrtmu3bkYPDNyv/4jARLXyMqE/T2JPe vbuw== X-Gm-Message-State: AOJu0YwFFy8rIbzZxAYkENSR0lYB8YGWSXeF6fzJQ+XoMRj77KTCC632 PF5EmQcFjevYR/M+Dhtb89W1tSopqgYT3gIYmZbTlWnaWy48Fow3bEb9CI1h7rE= X-Google-Smtp-Source: AGHT+IHOtANA2fFGRFi6JQxebA8znPjodPcPGzbeJoPUD5xsxJY0cqAUoqD5mkCiPNrp7Jsud7KUQA== X-Received: by 2002:a17:903:2b0d:b0:1dc:7ca:36de with SMTP id mc13-20020a1709032b0d00b001dc07ca36demr11622346plb.9.1708601415742; Thu, 22 Feb 2024 03:30:15 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id b3-20020a170902a9c300b001dc0955c635sm5978637plr.244.2024.02.22.03.30.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 03:30:15 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v8 02/10] tcp: directly drop skb in cookie check for ipv4 Date: Thu, 22 Feb 2024 19:29:55 +0800 Message-Id: <20240222113003.67558-3-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240222113003.67558-1-kerneljasonxing@gmail.com> References: <20240222113003.67558-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Only move the skb drop from tcp_v4_do_rcv() to cookie_v4_check() itself, no other changes made. It can help us refine the specific drop reasons later. Signed-off-by: Jason Xing Reviewed-by: Kuniyuki Iwashima Reviewed-by: Eric Dumazet --- v8 Link: https://lore.kernel.org/netdev/CANn89i+foA-AW3KCNw232eCC5GDi_3O0JG-mpvyiQJYuxKxnRA@mail.gmail.com/ 1. add reviewed-by tag (Eric) v7 Link: https://lore.kernel.org/all/20240219041350.95304-1-kuniyu@amazon.com/ 1. add reviewed-by tag (Kuniyuki) --- net/ipv4/syncookies.c | 4 ++++ net/ipv4/tcp_ipv4.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index be88bf586ff9..38f331da6677 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -408,6 +408,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) struct rtable *rt; __u8 rcv_wscale; int full_space; + SKB_DR(reason); if (!READ_ONCE(net->ipv4.sysctl_tcp_syncookies) || !th->ack || th->rst) @@ -477,10 +478,13 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) */ if (ret) inet_sk(ret)->cork.fl.u.ip4 = fl4; + else + goto out_drop; out: return ret; out_free: reqsk_free(req); out_drop: + kfree_skb_reason(skb, reason); return NULL; } diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 0c50c5a32b84..0a944e109088 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1915,7 +1915,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) struct sock *nsk = tcp_v4_cookie_check(sk, skb); if (!nsk) - goto discard; + return 0; if (nsk != sk) { if (tcp_child_process(sk, nsk, skb)) { rsk = nsk; From patchwork Thu Feb 22 11:29:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13567113 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8112B3FE4C for ; Thu, 22 Feb 2024 11:30:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601420; cv=none; b=rerLZXdLRSZDmLzGc3qjYmeEq/F5aBMbZ0j8kLSuNSVVCav0SxZCVycVJcBNT9tbRDNlf0c7Hb02+lO0XECzSO5fwZrFyzss0hs89Zhp+3kSikXm1GIR2UvCPrcHHKnMmPoJL/PFn0afRAyGu7lTIIEU4oS+RkMzaurCePHQKDc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601420; c=relaxed/simple; bh=sCwDei58mRUsxdScWWgD4+vXCH/Z2/Wla5zgJD9BH6A=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=lxW2UTkjd3DN3f/2ka52zTK28PUwETk6WDz3O//8TPMHEBdVu/nEZzyL4oxMbczw7P7omY9RcRqogiILxS7lGOuBsvi0+/1NxCAs1Q3Xh5haCyp6S58BzYeqEYM5OUvU/3vvcKUUVLdlYG99HnyBgHWa0RPF7P3+egAHOtwEVcY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=N0c3tyhQ; arc=none smtp.client-ip=209.85.214.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="N0c3tyhQ" Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1dc1ff697f9so21805425ad.0 for ; Thu, 22 Feb 2024 03:30:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708601419; x=1709206219; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=WtUWWj8Al8TQWnM6twtNIpEn/ED/jKVV1nZhQrKrLbM=; b=N0c3tyhQWsyYA7wHZF9AwMnHRsPC/zO3pu9XYsJcLRgvSCQUWI81tyj1VIv5fCOmO6 kW1+t+ObzbFGVOpfrTItvCMjmMLbl1IDA9DGH5UQFLn/2+kIG7LPwNon/AqmHlNSXx9i QYFZjtk2VcLYQ6mjuj2uv3osaU2HMi0Pl5GeBVbon5OtWyNRCdyV27Xvxjq9pXIELew4 S3nZ5UCkYJATkFEDDTp/95VtsxkMwpAI1ueI/1qWXnae2CQJ+EOmWuJJNRqyLNbAPFCb Njt1eYd+27cWRMN1Wvo7TtQq9xWo8VxwOS0SkGZtNsOal3WgIRHfbSx6vXYW93EebUdX fQsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708601419; x=1709206219; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WtUWWj8Al8TQWnM6twtNIpEn/ED/jKVV1nZhQrKrLbM=; b=W8LDZ41o1wEvWltK44m6Y9y9IxnwFztz6IwN6pCdjIQj79LLWHKmDLDp7ckdUUTl+6 Nof4WizUIlLj492wZsNtvnoWQ0KM2ZzuWxXdTgvkl2jgh+DXSaegw1LZSwfCtrc0Q8T9 PyFMX75Vxy74qAvI948zrzj5hpc7J0cAW0iRhB8kPlcPpk/l00Hjh+n0sfu9WWh7xYYC Rg+X2HQqCRforrfl66lWIh3bX4nbKe3AJKipk0FwdVDtCcmy6QG8rj8pnkFCmbgUWfC8 FvELnxH86LOj8GZUtO46mwve/RgzezZVmGfeNnYouekmobETPj4nPS9VNUqDNtzorIvG OrvQ== X-Gm-Message-State: AOJu0YzfbNYmoSNhJ1aFiio0d3JEFfki7jC39KIsapRTNfIc1GacxMPE +UYHtTI0P56WVpfgXkC779DWKv/YcdWsY7jdDt+Yb8j3leHBZ7M8kqNAIefMs1c= X-Google-Smtp-Source: AGHT+IF11NWgK+bU5kkKnfuWKOBA8yZY0mylAaKvPf3NKeiEy0YZ2BfAo8p55FwqS9DWeacMeQkMgg== X-Received: by 2002:a17:902:7ed0:b0:1dc:4d63:7a0d with SMTP id p16-20020a1709027ed000b001dc4d637a0dmr816000plb.41.1708601418615; Thu, 22 Feb 2024 03:30:18 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id b3-20020a170902a9c300b001dc0955c635sm5978637plr.244.2024.02.22.03.30.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 03:30:18 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v8 03/10] tcp: use drop reasons in cookie check for ipv4 Date: Thu, 22 Feb 2024 19:29:56 +0800 Message-Id: <20240222113003.67558-4-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240222113003.67558-1-kerneljasonxing@gmail.com> References: <20240222113003.67558-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Now it's time to use the prepared definitions to refine this part. Four reasons used might enough for now, I think. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- v8 Link: https://lore.kernel.org/netdev/CANn89iL-FH6jzoxhyKSMioj-zdBsHqNpR7YTGz8ytM=FZSGrug@mail.gmail.com/ 1. refine the codes (Eric) v6: Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Not use NOMEM because of MPTCP (Kuniyuki). I chose to use NO_SOCKET as an indicator which can be used as three kinds of cases to tell people that we're unable to get a valid one. It's a relatively general reason like what we did to TCP_FLAGS. Any better ideas/suggestions are welcome :) v5: Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ Link: https://lore.kernel.org/netdev/632c6fd4-e060-4b8e-a80e-5d545a6c6b6c@kernel.org/ 1. Use SKB_DROP_REASON_IP_OUTNOROUTES instead of introducing a new one (Eric, David) 2. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 3. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD --- net/ipv4/syncookies.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 38f331da6677..7972ad3d7c73 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -421,8 +421,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) if (IS_ERR(req)) goto out; } - if (!req) + if (!req) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } ireq = inet_rsk(req); @@ -434,8 +436,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) */ RCU_INIT_POINTER(ireq->ireq_opt, tcp_v4_save_options(net, skb)); - if (security_inet_conn_request(sk, skb, req)) + if (security_inet_conn_request(sk, skb, req)) { + SKB_DR_SET(reason, SECURITY_HOOK); goto out_free; + } tcp_ao_syncookie(sk, skb, req, AF_INET); @@ -452,8 +456,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) ireq->ir_loc_addr, th->source, th->dest, sk->sk_uid); security_req_classify_flow(req, flowi4_to_flowi_common(&fl4)); rt = ip_route_output_key(net, &fl4); - if (IS_ERR(rt)) + if (IS_ERR(rt)) { + SKB_DR_SET(reason, IP_OUTNOROUTES); goto out_free; + } /* Try to redo what tcp_v4_send_synack did. */ req->rsk_window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW); @@ -476,10 +482,11 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) /* ip_queue_xmit() depends on our flow being setup * Normal sockets get it right from inet_csk_route_child_sock() */ - if (ret) - inet_sk(ret)->cork.fl.u.ip4 = fl4; - else + if (!ret) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } + inet_sk(ret)->cork.fl.u.ip4 = fl4; out: return ret; out_free: From patchwork Thu Feb 22 11:29:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13567114 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1782E41776 for ; Thu, 22 Feb 2024 11:30:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601423; cv=none; b=rfuJENUEAeA3cCPis70YOOi9LdxsKNe+ftQRCspo9252L8vdb5bqgmQgDhNQfWYMjxiuRmibsZDrfleKiWqOwQreIwVnxGCSjf0fcca/Urj3v0M/+Yzn59sT+Hx+fwyFs4bsmBZgqBaqmnF1S4TDmlhfjNx2ju35ErhzYD2fR70= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601423; c=relaxed/simple; bh=KLYLTXmd94pBOd7bqzFcGZ+fqyclyeE3Uqs0XWwQg/M=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=GFizpivM6mTX9strKnyG169U3OF0AGns75tMwTOC8U3bGbgYmHbnYdbg9epyx97R9SvCJpVMnvsTfmL3zviMV674Rw3lKomDi8dS6+tZQHki69r+cd7lAH/LbD07614iEO1znB1BlvgtGIGo2XJYuZrYiSqB9u3Di0d7LP14lxY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=cYMHinVi; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="cYMHinVi" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-1d71cb97937so76863795ad.3 for ; Thu, 22 Feb 2024 03:30:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708601421; x=1709206221; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wi3AtAzF9oVsyxIptdQo85kAQI6nXEbx1Fpjx51x9qk=; b=cYMHinVihd1xQJXKAjIZa3eHs0EaouihlpSoV5rJ2gyjgcIO4VGoU+rjIi5FuKQfuZ 5hq6yZuBwBU/6UrNxTip7via/En1x3ZaW4gNdlNjDx9Q53k+jyQhhfC+5yHao7GXQGwA mINJhEptFIas027W/kaUL1J2VuZfw6/efEnI3u3NZyua9nPwCpX5RHnpxxk6fKtHFxnP FCjRmUwA/TMF9gkhw7AcDIiJR6ibhUZadztAtJhK2iS8k1uNB6ZLwvv0Qv9WjqaxYtHl uFSefu/JTcQXzYqhmmm7m2xzVlgobTjQNbYKvxc9OCz5Ge1EOTZ4vTXiO0d1MOY4TidQ jjWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708601421; x=1709206221; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wi3AtAzF9oVsyxIptdQo85kAQI6nXEbx1Fpjx51x9qk=; b=jZB2e/HrSxgm6jridfboOQ8+T+FxSuue+KnqgD7QwvMNPpjNnPFuX5ZmScyy7EVUqA JSfezjxgV2XmV4iiSkw/pFMa0lS60nuUTVDPgemUfJ0k25cPwhXvyXRAwyuVf4J7vSGg CHRsWv5BE7LFLi2gYpC2w95nzqVcRPgjB3XDNE8jHDmk2ly9EA+FIycIC0JHVmUYE/0n 3iSqMdKEvLAhHlVe3LXEX15wjwoQVu7ZJyxmuVIj+PwhLfLnCc69wZyUJurSatI30f+K XFfaPt2QreciOU1nms7+okW1pWrHYKoyUftoXkSXL4CSpret6o/c6WAyQm5g5B4PHN6g yjxQ== X-Gm-Message-State: AOJu0Yw4kbUStV0gTTTl218vB7kNQ1K5Qj0dcd7AbhBwBBIsAb2g2NnF j2Dsl7eNNT0bi2EuLbAtbjq0vBqyc6pMCbUcXG+MWAwqltAAfUKb X-Google-Smtp-Source: AGHT+IFp8KzQxfpJT311C/zL7EcenE4WrNnbRsrsCgyQ3RNUl/tku1DVLhdF4SPLK2GkO7KvSZT61g== X-Received: by 2002:a17:902:e843:b0:1db:ba1c:1b99 with SMTP id t3-20020a170902e84300b001dbba1c1b99mr16792479plg.37.1708601421445; Thu, 22 Feb 2024 03:30:21 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id b3-20020a170902a9c300b001dc0955c635sm5978637plr.244.2024.02.22.03.30.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 03:30:21 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v8 04/10] tcp: directly drop skb in cookie check for ipv6 Date: Thu, 22 Feb 2024 19:29:57 +0800 Message-Id: <20240222113003.67558-5-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240222113003.67558-1-kerneljasonxing@gmail.com> References: <20240222113003.67558-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Like previous patch does, only moving skb drop logical code to cookie_v6_check() for later refinement. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- v8 Link: https://lore.kernel.org/netdev/CANn89iL8M=1vFdZ1hBb4POuz+MKQ50fmBAewfbowEH3jpEtpZQ@mail.gmail.com/ 1. add reviewed-by tag (Eric) v7: Link: https://lore.kernel.org/all/20240219043815.98410-1-kuniyu@amazon.com/ 1. refine the code (by removing redundant check), no functional changes. (Kuniyuki) v6 Link: https://lore.kernel.org/all/c987d2c79e4a4655166eb8eafef473384edb37fb.camel@redhat.com/ Link: https://lore.kernel.org/all/CAL+tcoAgSjwsmFnDh_Gs9ZgMi-y5awtVx+4VhJPNRADjo7LLSA@mail.gmail.com/ 1. take one case into consideration, behave like old days, or else it will trigger errors. v5 Link: https://lore.kernel.org/netdev/CANn89iKz7=1q7e8KY57Dn3ED7O=RCOfLxoHQKO4eNXnZa1OPWg@mail.gmail.com/ 1. avoid duplication of these opt_skb tests/actions (Eric) --- net/ipv6/syncookies.c | 4 ++++ net/ipv6/tcp_ipv6.c | 5 +---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 6b9c69278819..ea0d9954a29f 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c @@ -177,6 +177,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) struct sock *ret = sk; __u8 rcv_wscale; int full_space; + SKB_DR(reason); if (!READ_ONCE(net->ipv4.sysctl_tcp_syncookies) || !th->ack || th->rst) @@ -256,10 +257,13 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ireq->ecn_ok &= cookie_ecn_ok(net, dst); ret = tcp_get_cookie_sock(sk, skb, req, dst); + if (!ret) + goto out_drop; out: return ret; out_free: reqsk_free(req); out_drop: + kfree_skb_reason(skb, reason); return NULL; } diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 57b25b1fc9d9..0c180bb8187f 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1653,11 +1653,8 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) if (sk->sk_state == TCP_LISTEN) { struct sock *nsk = tcp_v6_cookie_check(sk, skb); - if (!nsk) - goto discard; - if (nsk != sk) { - if (tcp_child_process(sk, nsk, skb)) + if (nsk && tcp_child_process(sk, nsk, skb)) goto reset; if (opt_skb) __kfree_skb(opt_skb); From patchwork Thu Feb 22 11:29:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13567116 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0DBB346549 for ; Thu, 22 Feb 2024 11:30:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601426; cv=none; b=XYSOL+5jIR646RAQYHNDI1VjLwQVfEe0x0USypdT2PXo/s8vOENOlXnv8GZPfsmuyodILTfhtLyHXT4R8hsjiKE8lUQuPtmh1kT49/+PbiuH+QwWPnK+tyYl/YMD+YghmoxLcwCnapoRosPgS0ttknTbCsxqx/QhMhoQ/1uYiEA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601426; c=relaxed/simple; bh=owFC83ze/ayZK+Cyv+NZOOKWAKTXJs2Ueuovwxzirhk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=kvMKvagNdngG7IoZlw2Uz6kiZqlKciR9olI0H1+dH6b6uRco3goolAlkvWsCZXXznNx/jYr3c+tx/MVcdyoa4sK25kBD8hIpZ2mq7PfSHEk5LOKEGeHxbXdcGBCJt2EolIJQa8pUw+R7gFYdsapk82JyPYI2v3CKYTkZf5bXf24= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Kfx39W93; arc=none smtp.client-ip=209.85.214.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Kfx39W93" Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-1d918008b99so64657065ad.3 for ; Thu, 22 Feb 2024 03:30:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708601424; x=1709206224; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rQUWfbOp2Ls4pqPY5WRmEaamNhEJ00My7kwA2zz2tTY=; b=Kfx39W939zqOLFrbQuvH2lX4Qo5ATsqqYoNOp6lu2PA6dVP32+EoNYExhCBSe92Xki o8QtuitBdaJe/Yp7t+AR0Id6JFA2XY/9uRcEnbrFjee3X2+9H0AJ2EBgw7Lid8eEwPVT P8PeEmXZRi5Q/cCtzTSLZ9D/DahBvpEllnC7SZdhmvVICrCBSxCQtcC8YehJYM0EH5uJ e5ZzGD0oFttpUMKoTLOd/ijnDfEFXgnGn00Nx2Q30EBWWxCNZzl5ihrTSUl77+vox8On GZ8q32eleGbPvIxL7HhXDZnBIGXGrnhCTMY+bKAp5oFU72sL1URzmGUneuAcsaaTc8vC hEzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708601424; x=1709206224; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rQUWfbOp2Ls4pqPY5WRmEaamNhEJ00My7kwA2zz2tTY=; b=Px82P4NJH32hIm/Gj16pPFVpSnlYa1z7x1fV8E7ogoGJRvct0q9ZAY2n/2RYAbgGQS 0qebkHZl/XPWKFbfT/h82chSFBr9pMMq1j07Hgk4Vgcj6Mb+UJ0bfuTWu/nDlpMHnxv1 9SkJowCmiigIJHf7zPOASZi4esDTo73zupbGssWyTM0L7YmiJiTHUqRiZyudE7ufvJsz K+F/Hgsvd80Qg4sX9edwSKs+bZ2gKkFjKKoympV9nioA1mTZuK3hk0zDhc5YT+YZHpxQ Ue2LKPEgA+lDbYngDNi9zOKceQjxED4hsQ9vxbmZgUMHsQwJ2HwIaqUCLiIa4kcW74ma ntjw== X-Gm-Message-State: AOJu0YwMa5e75T58zsXxD+laeckbwWB5bl0j3D0SX5f5IQG+ZgBY0XXw qbvKkBcu5itSEFThNWDpUhk/JkBy9A2LqNOIkCnWygwa/pN3ZMcbNv20Aryxz30= X-Google-Smtp-Source: AGHT+IER2/+mgWbOai0GbbiT8DwIwJHxG6phwXA/IyJ37SA/qHqB1sF+bJGCui/EtByV3MU9dNsZHw== X-Received: by 2002:a17:902:c402:b0:1db:3a22:1fd6 with SMTP id k2-20020a170902c40200b001db3a221fd6mr23669575plk.66.1708601424353; Thu, 22 Feb 2024 03:30:24 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id b3-20020a170902a9c300b001dc0955c635sm5978637plr.244.2024.02.22.03.30.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 03:30:23 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v8 05/10] tcp: use drop reasons in cookie check for ipv6 Date: Thu, 22 Feb 2024 19:29:58 +0800 Message-Id: <20240222113003.67558-6-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240222113003.67558-1-kerneljasonxing@gmail.com> References: <20240222113003.67558-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Like what I did to ipv4 mode, refine this part: adding more drop reasons for better tracing. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- v8 Link: https://lore.kernel.org/netdev/CANn89i+b+bYqX0aVv9KtSm=nLmEQznamZmqaOzfqtJm_ux9JBw@mail.gmail.com/ 1. add reviewed-by tag (Eric) v6: Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Not use NOMEM because of MPTCP (Kuniyuki). I chose to use NO_SOCKET as an indicator which can be used as three kinds of cases to tell people that we're unable to get a valid one. It's a relatively general reason like what we did to TCP_FLAGS. v5: Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ 1. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 2. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD 3. Reuse IP_OUTNOROUTES instead of INVALID_DST (Eric) --- net/ipv6/syncookies.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index ea0d9954a29f..8bad0a44a0a6 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c @@ -190,16 +190,20 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) if (IS_ERR(req)) goto out; } - if (!req) + if (!req) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } ireq = inet_rsk(req); ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; - if (security_inet_conn_request(sk, skb, req)) + if (security_inet_conn_request(sk, skb, req)) { + SKB_DR_SET(reason, SECURITY_HOOK); goto out_free; + } if (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) || np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || @@ -236,8 +240,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) security_req_classify_flow(req, flowi6_to_flowi_common(&fl6)); dst = ip6_dst_lookup_flow(net, sk, &fl6, final_p); - if (IS_ERR(dst)) + if (IS_ERR(dst)) { + SKB_DR_SET(reason, IP_OUTNOROUTES); goto out_free; + } } req->rsk_window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW); @@ -257,8 +263,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ireq->ecn_ok &= cookie_ecn_ok(net, dst); ret = tcp_get_cookie_sock(sk, skb, req, dst); - if (!ret) + if (!ret) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } out: return ret; out_free: From patchwork Thu Feb 22 11:29:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13567117 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F11814501C for ; Thu, 22 Feb 2024 11:30:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601429; cv=none; b=prX55lD7mfP3rGZXgEvN8/TWkXfQJftwEV9iaBXNlRQu0GraRag7mm4iG0UpRKWfQ94fYAPrHKQVY7O0bmg66RRxtUsa/rC+r8fD7q/Seiyoo0fo4KKX6iporcUy3oqPiKFdCP5JC1dFhQQt+zlozL0kzwjPZAyUBVt/89+OLW0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601429; c=relaxed/simple; bh=7Zp7x785+/uhxiU2Ik7D9xJ4gfhXMG38++pvy5SIfvI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=lu3Ksf/dmfMmctQpzQ9YO2iLWpPKxoHQqcXSxkx3VzaF1HMLzl9Jf831yy5anPCFv8Fkd7Uk197IQP7fP8NctUbb0s+l2bWEW/LwIH2Q4ehrZAgskgPqJpmj5+T3rejl+PiA22mlTQyieTZzrI1MBG+TcBnTq8mgzixJmTjAAiw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gQxV93+L; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gQxV93+L" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1dbd32cff0bso39793875ad.0 for ; Thu, 22 Feb 2024 03:30:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708601427; x=1709206227; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hMelBBUb7lQfw+CAX9NdYFLemt4g519UfusTQ2lvYJQ=; b=gQxV93+LHpAlFVRiwCFB0a9xallqkaHWqcYUJlyq4IstjTV+te8hkwDZLSzHiHYK2L juuTF3Lejxx8WlRUOFc/WqiCvoUyVEDpfYmAOTz46t9u8NRiEA5dfkOTBA3sp8avzbdz xziGPb/AyIalvnauV71MmCO5xGaRg/Ra9BGHXZVKPGnIF4DrRHmdxnEZEuixlCsNE+mP lvF55GPllLA/19iaymhvP+G9c7YlMrKItCfgxdL+7kEm8AjgRPnSmjcpchdFH0UKzU8l mGAulSxNV+53IPtcwBU64iAjwzOPwZ9EicII4nRiRGdWSZT/ob5IYQfbXokqSujBkmu5 KqUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708601427; x=1709206227; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hMelBBUb7lQfw+CAX9NdYFLemt4g519UfusTQ2lvYJQ=; b=lkAfuyc98+7gZakBTvMYpgDkCYAxcjBamuD7SOfJjkf5Aja8sQKlaAj5e1kndC328n MJGrfwUqZvpvADJFrjROB/mhZGVCQV4amNg35M6LTYfO84Y0eELomd/AoXjdKRNXCz9M fVWyQPfe0LL7p/EtFBGjAK1Sff2cxgOY5GvDFnJAgQDr27qmVODIzk8uYxTgGa77WtYa nNe970/vem2zf2eZdsB8jDYFiiW45GT0v6N4+NuFaRNtYVwtHAHeCk7bwgg2ONlQVS6t oCfv07Esw0V5VGd0CFoLMkmcWfG3SWtlIi7+h8w5hJNZAQrLMGDjuFrUsbJG7uLo/COg x2Kg== X-Gm-Message-State: AOJu0Yyxnj9hrWOyKmfpzr4G1+ymblABHSidpw4W11gWVelMecWotKVo T8Y1/izfie3GqBmWoq19y8wzyXfGJpZA3UlTzKa7PE0ZRUYseuqd X-Google-Smtp-Source: AGHT+IHb3p0/C1nTmvMihu07POztlAzO3q8bzxp76+9fEhLBHv44elySLXQ84Jo6PtaQUoPjBY2Htg== X-Received: by 2002:a17:903:452:b0:1d0:b1f0:1005 with SMTP id iw18-20020a170903045200b001d0b1f01005mr17556253plb.63.1708601427188; Thu, 22 Feb 2024 03:30:27 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id b3-20020a170902a9c300b001dc0955c635sm5978637plr.244.2024.02.22.03.30.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 03:30:26 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v8 06/10] tcp: introduce dropreasons in receive path Date: Thu, 22 Feb 2024 19:29:59 +0800 Message-Id: <20240222113003.67558-7-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240222113003.67558-1-kerneljasonxing@gmail.com> References: <20240222113003.67558-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Soon later patches can use these relatively more accurate reasons to recognise and find out the cause. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- v7 Link: https://lore.kernel.org/all/20240219044744.99367-1-kuniyu@amazon.com/ 1. nit: nit: s/. because of/ because/ (Kuniyuki) v5: Link: https://lore.kernel.org/netdev/3a495358-4c47-4a9f-b116-5f9c8b44e5ab@kernel.org/ 1. Use new name (TCP_ABORT_ON_DATA) for readability (David) 2. change the title of this patch --- include/net/dropreason-core.h | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index a871f061558d..af7c7146219d 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -30,6 +30,7 @@ FN(TCP_AOFAILURE) \ FN(SOCKET_BACKLOG) \ FN(TCP_FLAGS) \ + FN(TCP_ABORT_ON_DATA) \ FN(TCP_ZEROWINDOW) \ FN(TCP_OLD_DATA) \ FN(TCP_OVERWINDOW) \ @@ -37,6 +38,7 @@ FN(TCP_RFC7323_PAWS) \ FN(TCP_OLD_SEQUENCE) \ FN(TCP_INVALID_SEQUENCE) \ + FN(TCP_INVALID_ACK_SEQUENCE) \ FN(TCP_RESET) \ FN(TCP_INVALID_SYN) \ FN(TCP_CLOSE) \ @@ -204,6 +206,11 @@ enum skb_drop_reason { SKB_DROP_REASON_SOCKET_BACKLOG, /** @SKB_DROP_REASON_TCP_FLAGS: TCP flags invalid */ SKB_DROP_REASON_TCP_FLAGS, + /** + * @SKB_DROP_REASON_TCP_ABORT_ON_DATA: abort on data, corresponding to + * LINUX_MIB_TCPABORTONDATA + */ + SKB_DROP_REASON_TCP_ABORT_ON_DATA, /** * @SKB_DROP_REASON_TCP_ZEROWINDOW: TCP receive window size is zero, * see LINUX_MIB_TCPZEROWINDOWDROP @@ -228,13 +235,19 @@ enum skb_drop_reason { SKB_DROP_REASON_TCP_OFOMERGE, /** * @SKB_DROP_REASON_TCP_RFC7323_PAWS: PAWS check, corresponding to - * LINUX_MIB_PAWSESTABREJECTED + * LINUX_MIB_PAWSESTABREJECTED, LINUX_MIB_PAWSACTIVEREJECTED */ SKB_DROP_REASON_TCP_RFC7323_PAWS, /** @SKB_DROP_REASON_TCP_OLD_SEQUENCE: Old SEQ field (duplicate packet) */ SKB_DROP_REASON_TCP_OLD_SEQUENCE, /** @SKB_DROP_REASON_TCP_INVALID_SEQUENCE: Not acceptable SEQ field */ SKB_DROP_REASON_TCP_INVALID_SEQUENCE, + /** + * @SKB_DROP_REASON_TCP_INVALID_ACK_SEQUENCE: Not acceptable ACK SEQ + * field because ack sequence is not in the window between snd_una + * and snd_nxt + */ + SKB_DROP_REASON_TCP_INVALID_ACK_SEQUENCE, /** @SKB_DROP_REASON_TCP_RESET: Invalid RST packet */ SKB_DROP_REASON_TCP_RESET, /** From patchwork Thu Feb 22 11:30:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13567118 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E3CB545943 for ; Thu, 22 Feb 2024 11:30:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601433; cv=none; b=Mfq9cTxOhzdp2A5ODhsSzOcwcf1A19cEbT49yAHb9EiQ6djAhsO2X4Nd9qfsl4m7GPFInDZt46E1eU/SttFAlCHEdtXHOLqnxeoAqFb9i1fnhMSkh5enEkqSu5mRsh1MGr5STAgZeEbUY7W83RiAnETDWVtDpeFpFQmyJxlkAqw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601433; c=relaxed/simple; bh=/7i9HNom86S0jZ5WI0UH5wwtkj6Zj4rZY3+iUEd4Xzg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Vf6nwIftu061n+DXQHE6ssgmAfqDrKgy0Um3TXZdyyR1kWvsBXAU2Yvq6XKbkLXtcs2dTBaM1dMnaqFvltpU0cHMY6Z8mXkQ9SSwh2dXE/aIxp0oHG4KryLx0L05DL3DQypqIMwCzCGhEDZwBYqgvipF4hSZLv4eTJjrkSbLDhA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bvInTVnx; arc=none smtp.client-ip=209.85.210.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bvInTVnx" Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-6e3ffafa708so4955818b3a.1 for ; Thu, 22 Feb 2024 03:30:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708601430; x=1709206230; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=N6tLAaflz1oPuS6Bxa5Ojahd9wniHFDgfVpAduBJSGU=; b=bvInTVnxton70VV6q2mkkzt/YJDBd8a35a1PFuKGQTwb4iLzUfDDgeqLcRB+NksJ0G zjML4nzWxk9Md8COMEGyKt4GqQbXmAthRLf4TzAz80LCF6J3CEHxo7BPcz51b3q5vN3Z t8mnv9N9BEu3oqv6tWI2k4oF4V+CYgldm8lrukOjLsi+k3tXvcKc+gKpIUG/PFyUeii6 C/iIBzYC9SwcsRetIv26V9SLWL2T5zhhOEF10gYUE+Pl8lUaQqb4i+JcE5G0IX9jGrgH VU+h6xID9zLRP9pMv8a3jPzclbX+kh38gtbi+XvkIOq7DK1TNnlJ49dA4mh7oelCDDda IrYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708601430; x=1709206230; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=N6tLAaflz1oPuS6Bxa5Ojahd9wniHFDgfVpAduBJSGU=; b=ggcbU0YP/QGw73EkPz4YAQy957vRj1bSKcCktW3N+XUSeZ/B0VYsObZ6hMb1QcGwiA 6pdbRztun6aigpBR6lm4mDUyAQm3kmLlgqwchdzW+cGXSdonsavQkYjqR8rPMS4bekv3 0jPY+Xyw3P3HEXwZjuPywLoWUntIs9mWdjK4w8dUZlv4PaZ1/PgeJvYi3Scn+tkJuHek Z9bceMaIQlNS/Yhdx/idh9n1eHAYd4Dj0wGJunInbF4+zIKXE6zHf/1OWsoXSee3HjjU sG8pLILHRjgRlxH1BN3WPLYy+RefcxOA4NaBI3lwdPh/uFKVY5JgaIaXzUJ45t58C7jf xK+w== X-Gm-Message-State: AOJu0Yy/oxg5nDxM+leHYfu1jDAi9pmZqLRJAe2vdqw9riApO38e2/A6 taVpaNxMSTa9Ykzf9h2VwGluLzdjENjaeGfcP6qsf1F5a40c7oYe X-Google-Smtp-Source: AGHT+IFjQNk0xwu4P0dNLo9tm5/QRDFO1hesjuCDy7GyyaE779+Yg/j8axC8ZaBUpX4RVj8Qd0sesA== X-Received: by 2002:a05:6a20:d80e:b0:19e:a2d5:2d7d with SMTP id iv14-20020a056a20d80e00b0019ea2d52d7dmr29242922pzb.37.1708601430116; Thu, 22 Feb 2024 03:30:30 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id b3-20020a170902a9c300b001dc0955c635sm5978637plr.244.2024.02.22.03.30.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 03:30:29 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v8 07/10] tcp: add more specific possible drop reasons in tcp_rcv_synsent_state_process() Date: Thu, 22 Feb 2024 19:30:00 +0800 Message-Id: <20240222113003.67558-8-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240222113003.67558-1-kerneljasonxing@gmail.com> References: <20240222113003.67558-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing This patch does two things: 1) add two more new reasons 2) only change the return value(1) to various drop reason values for the future use For now, we still cannot trace those two reasons. We'll implement the full function in the subsequent patch in this series. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- v8 Link: https://lore.kernel.org/netdev/CANn89i+EF77F5ZJbbkiDQgwgAqSKWtD3djUF807zQ=AswGvosQ@mail.gmail.com/ 1. add reviewed-by tag (Eric) --- net/ipv4/tcp_input.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 74c03f0a6c0c..83308cca1610 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6361,6 +6361,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, TCP_TIMEOUT_MIN, TCP_RTO_MAX); + SKB_DR_SET(reason, TCP_INVALID_ACK_SEQUENCE); goto reset_and_undo; } @@ -6369,6 +6370,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, tcp_time_stamp_ts(tp))) { NET_INC_STATS(sock_net(sk), LINUX_MIB_PAWSACTIVEREJECTED); + SKB_DR_SET(reason, TCP_RFC7323_PAWS); goto reset_and_undo; } @@ -6572,7 +6574,8 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, reset_and_undo: tcp_clear_options(&tp->rx_opt); tp->rx_opt.mss_clamp = saved_clamp; - return 1; + /* we can reuse/return @reason to its caller to handle the exception */ + return reason; } static void tcp_rcv_synrecv_state_fastopen(struct sock *sk) From patchwork Thu Feb 22 11:30:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13567119 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C1F2645979 for ; Thu, 22 Feb 2024 11:30:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601435; cv=none; b=DdH7D9rfNLXgTTOkuJ2u32QVfZ8NVB6DusLPIaweBpQ3SuTIeTJ2FTCib5O1kdEoWbwg1QIZkqVgJZGSq7W2KFO7FC+lFZgWvaLEClEtHX712Gdke1pbh2oOcOnSymA+6uNtlWltbFSHOs5zkWhBgP1X8RlpCBx/Owc5aus5C5k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601435; c=relaxed/simple; bh=REN+nsOSW0imqIcB8NPeeLgWjwbof1Jrr6EYVisdq9I=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=UH6S7XzxM8TfjEjHo232ulxkz34/1OYDrmwFFinmtuK6h2dmXqs/jf8VJ/r0Pv1XNbkivWEjFfGCo31k3Nu+IRZuPkjuMII/eJLvApC4pchR7pdNpEdQ059rf9qgmwcQ0i0/OIz9S03pa9BWSArX2r0cCR+2BsLJWnQS3bi9LYQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=E+CMj8WT; arc=none smtp.client-ip=209.85.214.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="E+CMj8WT" Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1d8da50bffaso40180765ad.2 for ; Thu, 22 Feb 2024 03:30:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708601433; x=1709206233; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=G0M9cdYppQLGFsn2JYXVxQTHSLH3Lnhwz1oMdpbjre8=; b=E+CMj8WTSz3fFwpzFTo7xXc7TgPFIMj7NwjEmHUtDCZyamAKCauSCyxYS/PHstcv8P YiRee7WVIrXxgo+cg3HJzWwhfdyHD86mvJltnMXQ/+gBuDdpwdX8/2PTdiXcj47C9BHz WbiDsTmkOY6Opxk3f0x15jci7m7mkaESyC9Oe8fym9MQrlMXs0nAC5JowaoEDX2OB9Hn VWMbgoeFNaTQ1LntbdYeJXmfDIBk7Tutd6DaFNgHirz/1O6MK5sU3T/KVMu4UBVb5uDi pKV2Ba0FO3nBTyPDwQ/mGrLVng1JOVhZVs4selmjV1jnE3Dol1CJqTvFpSUAiDghNHn9 J+jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708601433; x=1709206233; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=G0M9cdYppQLGFsn2JYXVxQTHSLH3Lnhwz1oMdpbjre8=; b=rEcKsWJMJyJNyolcE8wVNUluZ+YKDR5qJDeVPD5AnyZ7ko5C4HA/7Rghqa/IgS3Vfz vZWi1d71/yYlRdY/gdIOsLBs6o6kTiXUZn6Y+DH0sIv1B78dP8FTwqpUHyruftXDxT64 IqZFFR8IvbXcgOYz6ce/4fUbVAadotc42RMGfX/85nPzAjlM+51nffn6oQNRAgn4E4sy qehDLM6ChaqLL7NbA9DnhhroJyK3yczwpJPdw9gAukuzplnbdGxBIJ/1S48vC3wCL8YS 3wEHTS2nuW8pRaiAdo8kOAhnvWB8yAWfLdMlgnfZwNUz7PsRWPaKrOrrGr39hEWxfFcw X3dQ== X-Gm-Message-State: AOJu0YxLqH0SjmSQlEZUDF+9WJrVzAx3atH9zQrgdtTWUL6hDtncMLQP 1wgV500vmaSYf1aCykpn+JlPSJhhLtUAug+6yFOChYHwCYo1Vqmb X-Google-Smtp-Source: AGHT+IHqkIU5iyvAz1lxRXboSC5GqwBLX3gXKGeiZ3BWcoIRArQZgEvz0O7C8QuhcSMDzbw/bpbZ7w== X-Received: by 2002:a17:903:445:b0:1db:917f:5a42 with SMTP id iw5-20020a170903044500b001db917f5a42mr18587162plb.3.1708601433068; Thu, 22 Feb 2024 03:30:33 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id b3-20020a170902a9c300b001dc0955c635sm5978637plr.244.2024.02.22.03.30.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 03:30:32 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v8 08/10] tcp: add dropreasons in tcp_rcv_state_process() Date: Thu, 22 Feb 2024 19:30:01 +0800 Message-Id: <20240222113003.67558-9-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240222113003.67558-1-kerneljasonxing@gmail.com> References: <20240222113003.67558-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing In this patch, I equipped this function with more dropreasons, but it still doesn't work yet, which I will do later. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- v8 Link: https://lore.kernel.org/netdev/CANn89iJJ9XTVeC=qbSNUnOhQMAsfBfouc9qUJY7MxgQtYGmB3Q@mail.gmail.com/ 1. add reviewed-by tag (Eric) v5: Link: https://lore.kernel.org/netdev/3a495358-4c47-4a9f-b116-5f9c8b44e5ab@kernel.org/ 1. Use new name (TCP_ABORT_ON_DATA) for readability (David) --- include/net/tcp.h | 2 +- net/ipv4/tcp_input.c | 20 +++++++++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index 58e65af74ad1..e5af9a5b411b 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -348,7 +348,7 @@ void tcp_wfree(struct sk_buff *skb); void tcp_write_timer_handler(struct sock *sk); void tcp_delack_timer_handler(struct sock *sk); int tcp_ioctl(struct sock *sk, int cmd, int *karg); -int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb); +enum skb_drop_reason tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb); void tcp_rcv_established(struct sock *sk, struct sk_buff *skb); void tcp_rcv_space_adjust(struct sock *sk); int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp); diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 83308cca1610..b257da06c0c7 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6619,7 +6619,8 @@ static void tcp_rcv_synrecv_state_fastopen(struct sock *sk) * address independent. */ -int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) +enum skb_drop_reason +tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) { struct tcp_sock *tp = tcp_sk(sk); struct inet_connection_sock *icsk = inet_csk(sk); @@ -6635,7 +6636,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) case TCP_LISTEN: if (th->ack) - return 1; + return SKB_DROP_REASON_TCP_FLAGS; if (th->rst) { SKB_DR_SET(reason, TCP_RESET); @@ -6704,8 +6705,13 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) FLAG_NO_CHALLENGE_ACK); if ((int)reason <= 0) { - if (sk->sk_state == TCP_SYN_RECV) - return 1; /* send one RST */ + if (sk->sk_state == TCP_SYN_RECV) { + /* send one RST */ + if (!reason) + return SKB_DROP_REASON_TCP_OLD_ACK; + else + return -reason; + } /* accept old ack during closing */ if ((int)reason < 0) { tcp_send_challenge_ack(sk); @@ -6781,7 +6787,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) if (READ_ONCE(tp->linger2) < 0) { tcp_done(sk); NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } if (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq && after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) { @@ -6790,7 +6796,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) tcp_fastopen_active_disable(sk); tcp_done(sk); NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } tmo = tcp_fin_time(sk); @@ -6855,7 +6861,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); tcp_reset(sk, skb); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } } fallthrough; From patchwork Thu Feb 22 11:30:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13567120 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9605241211 for ; Thu, 22 Feb 2024 11:30:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601438; cv=none; b=qzAxKjK+950LFz2jl0E9HGMvaI2RIyzqy+Dqp90eVqofIrkk48OBsP4ZDWBdWtYPDIIiTNHzWRynBJzScYAtW9VeILPNr0qxzdMM0bI+89gtcbxvbr89m6tnacz9/Mg9h/fUqZavhSyYGnmB9H7bQ74q7EJaj8WAR3j0KiOMVAo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601438; c=relaxed/simple; bh=O4oTQs/aaFIIMLiBJKHYhDb2JP7Jc2T973iz2qUFbi4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=okNPdglkXL0JIXTVjex0yDTL9vGjGFGFa7aSx4AkTWr4z5Wp6BOVuRZz6rvvF5Gu6lzNFR2/qxKhQUuzD9B7Z2YXUeiAUtJjZpnY59kyPhyuuBFjVg7XeQa6FPIPfVh0f6EalB82XqbEA4fNDYyCQE+tAwOzzbz5hLrmh5zdwNQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=G9sDkZrk; arc=none smtp.client-ip=209.85.214.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="G9sDkZrk" Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1dc1ff697f9so21808275ad.0 for ; Thu, 22 Feb 2024 03:30:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708601436; x=1709206236; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VLbSM/Q1lnm2NxJHiR/LAY3PU1dn10NOJqAwvehnkmU=; b=G9sDkZrkExYX60xSAF64EYnKB6nH0rXxSGyJhaelL9x1600Nvc0+p3Va6Qscp6Eg8I 1DauSJ8VviN0WBqKL1DIMJOXsxMbwk1rp6JbRl03sYx+WS9vXh+yBiT1ebUlIqTHaKj9 qofpms6bKKX89CtaDz6XUuJGVS85l4qDfUEmv/qxhOYWSGf1wXR26NVf5MSO6h6EHaCD Afo2MRcv7BEEiLTlrttRPOh+dM+n5NqRvC5mjIaan2zR0z4wRiGRzTtM45bDkCwpPyUk pKW0ffuObZ7AWvIUS6jF9JLJNUrcwZ7o/lDPUzUbPs7PSam8RaVc2gnpfV248QhZWElN dvvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708601436; x=1709206236; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VLbSM/Q1lnm2NxJHiR/LAY3PU1dn10NOJqAwvehnkmU=; b=jUkwUxhXRDTT2xWbEW4YbHknkwcypEJVxVULjzW8+vZTTRlUAKeQ3Y/fMwBE4r207G exTa8DO5aYkMi6ChnEMYpnuA9e+o8D6T9oSXRPIeVDP9biQCjj/vEV1bJ9JvlVrWI6aD oxYctbe6rIFvdancFPoUQxFW0ZJqv6k3NFn/8wBt+knjsPY8r7taSSOFIO5oqgiXHz4+ 6WnSLb76lyL1LUHAjKJ8dwmJPf3PwiwWdhrcZdJhJ1o1Eh1vVKHMhwbrRzzUwSmjn1w9 kbM/BbDHXYncG8yIuFjZ9C7O3opdvblRX9WhDFz0n+rJT+cO2LyHzzNYjC2RBUwuXfpG 8Zyg== X-Gm-Message-State: AOJu0YzUSkinrc+BtR4556MPAWcoW7RRbHSkQfQ66Zz3DnpEP4H764uv tyUQ7UFFQwJqrAwau1kZHAvUv1cEZ1mHNz7Vd0PLDNjB9t1iFATi X-Google-Smtp-Source: AGHT+IEUbah/2V+NSuclgrnRpaySfb2/xumzvX0aEmrcQfKlI/mCSAtkm0dbcJpJvsTteZNnmE2K5Q== X-Received: by 2002:a17:902:7001:b0:1da:1e83:b961 with SMTP id y1-20020a170902700100b001da1e83b961mr17075140plk.63.1708601435913; Thu, 22 Feb 2024 03:30:35 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id b3-20020a170902a9c300b001dc0955c635sm5978637plr.244.2024.02.22.03.30.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 03:30:35 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v8 09/10] tcp: make the dropreason really work when calling tcp_rcv_state_process() Date: Thu, 22 Feb 2024 19:30:02 +0800 Message-Id: <20240222113003.67558-10-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240222113003.67558-1-kerneljasonxing@gmail.com> References: <20240222113003.67558-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Update three callers including both ipv4 and ipv6 and let the dropreason mechanism work in reality. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- v8 Link: https://lore.kernel.org/netdev/CANn89i+Uikp=NvB7SVQpYnX-2FqJrH3hWw3sV0XpVcC55MiNUg@mail.gmail.com/ 1. add reviewed-by tag (Eric) --- include/net/tcp.h | 2 +- net/ipv4/tcp_ipv4.c | 3 ++- net/ipv4/tcp_minisocks.c | 9 +++++---- net/ipv6/tcp_ipv6.c | 3 ++- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index e5af9a5b411b..1d9b2a766b5e 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -396,7 +396,7 @@ enum tcp_tw_status tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb, struct request_sock *req, bool fastopen, bool *lost_race); -int tcp_child_process(struct sock *parent, struct sock *child, +enum skb_drop_reason tcp_child_process(struct sock *parent, struct sock *child, struct sk_buff *skb); void tcp_enter_loss(struct sock *sk); void tcp_cwnd_reduction(struct sock *sk, int newly_acked_sacked, int newly_lost, int flag); diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 0a944e109088..c79e25549972 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1926,7 +1926,8 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) } else sock_rps_save_rxhash(sk, skb); - if (tcp_rcv_state_process(sk, skb)) { + reason = tcp_rcv_state_process(sk, skb); + if (reason) { rsk = sk; goto reset; } diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index 9e85f2a0bddd..08d5b48540ea 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -911,11 +911,12 @@ EXPORT_SYMBOL(tcp_check_req); * be created. */ -int tcp_child_process(struct sock *parent, struct sock *child, +enum skb_drop_reason +tcp_child_process(struct sock *parent, struct sock *child, struct sk_buff *skb) __releases(&((child)->sk_lock.slock)) { - int ret = 0; + enum skb_drop_reason reason = SKB_NOT_DROPPED_YET; int state = child->sk_state; /* record sk_napi_id and sk_rx_queue_mapping of child. */ @@ -923,7 +924,7 @@ int tcp_child_process(struct sock *parent, struct sock *child, tcp_segs_in(tcp_sk(child), skb); if (!sock_owned_by_user(child)) { - ret = tcp_rcv_state_process(child, skb); + reason = tcp_rcv_state_process(child, skb); /* Wakeup parent, send SIGIO */ if (state == TCP_SYN_RECV && child->sk_state != state) parent->sk_data_ready(parent); @@ -937,6 +938,6 @@ int tcp_child_process(struct sock *parent, struct sock *child, bh_unlock_sock(child); sock_put(child); - return ret; + return reason; } EXPORT_SYMBOL(tcp_child_process); diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 0c180bb8187f..4f8464e04b7f 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1663,7 +1663,8 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) } else sock_rps_save_rxhash(sk, skb); - if (tcp_rcv_state_process(sk, skb)) + reason = tcp_rcv_state_process(sk, skb); + if (reason) goto reset; if (opt_skb) goto ipv6_pktoptions; From patchwork Thu Feb 22 11:30:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13567121 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A89322099 for ; Thu, 22 Feb 2024 11:30:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601440; cv=none; b=KE78JMOYC7A/w2tRZmEt3fAMZZwkgKqPJJeGsx9jKM65J819s0M8cxOeOpF6lIVaAIVHY5C5ajOV1bz16YDTmei0d5BJWUKd5u+gLu3Rf3i/GxZVvPfa9kyY1LaxxlK7rRve5sBj12mpuihLFe/928+qb2pGAsh1Sjbv6jTHkCk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708601440; c=relaxed/simple; bh=9vObEw0daP1MZax2J/paAekIR2+zAOqCm/mP681mELs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=j7Z5Bhi67RtqdWBD6VYnwY1YdiqS9Nohwcr51rrU8eCFUT9jFoQ2dFGPKXje1SvKtseZMdmTFbdi5a/5mtbveSRtydtqj5jFoArBkKJSK264kUIIsT4j+g/e5CalzSDXRJ/fD2mQeQ09WvQMF/YvU+O5lXjktCpt3xqXx4rNGN0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=iecIJiW5; arc=none smtp.client-ip=209.85.214.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="iecIJiW5" Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1d95d67ff45so14373435ad.2 for ; Thu, 22 Feb 2024 03:30:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708601439; x=1709206239; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Xxx9oewCjmLxxoGy8R0ZdgnazTwiaiUyyMRu/7UH48Y=; b=iecIJiW5keWUDSxzwaQzp94KgU65tn60K6FTJXb+3M/wn/vPGyzA4q9743edTTP2dL 4N74CfzvScQrbcy1/6JBZD6ypD0PDX4HPKhuS0aCOfpES29E4IiJsdHhiRLmuOU2lWQ9 D+p4v5/72OVh0Iwe3NyVnxO9SdTbStEvV1N94tQgA+DWN6k9k2eQK83gBYQpLegHuD2a WYV8baTdWn7cJmOEOPJiRNrjj5HtXX0pNzaOP2hGwiswyPduoFkup9kWold/jB/g0AnU dTtph1CYWVQW3JjKSD12twYRZdmfik+r03T5yOCw2SxG0knsoFXhKFE74fzrA3kTCdgB QO+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708601439; x=1709206239; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Xxx9oewCjmLxxoGy8R0ZdgnazTwiaiUyyMRu/7UH48Y=; b=PvkcQVJeHuDWXSdEKqUwIQMEqRETiS+fR0dGlh/De71Zj/91n4oL3XJGqtGC6apy++ 4O30kvqYYAoOKpamVcaWzbvBjdadzjKo1JUtUOj2P9SjXsFIxA3ytmrT5Rk+5iWoK58h dLMheznEsUmVozDQ2nEm/8PjDvXVyVdmuXHi7eHJoxzAFq5qMi74YjGlefrCJfz34kS8 KtU1koCA6QXxP1tTH6/lBP/UTjvxnhZA53A/dW0bckMcjNbkcR7MnzK60KzX7qv3Fv6m J0WW2Yyt0kmIyh8KBxvy1WItoXkvV/CDFVHSRBJ7T/olqVvJxRZRMq+EUHgat/WbC0oY uC9Q== X-Gm-Message-State: AOJu0Yye+TT+KSC+aOvmXbNfdCz/CJDbZpKeqfz1mtLjcDn0ygirjgUd qp5c/rSYfkPcX86wCuFtAJ6Jzs4B63DCkNbl4BLseqmJRQoQfqIi X-Google-Smtp-Source: AGHT+IETQweYGizYjvQ3hehiPBxEkcXkKg6m7KgX0bl478jDrV7Rks70fU6lC/OLL9NWEEYdSBCWjg== X-Received: by 2002:a17:902:e804:b0:1dc:334:a85e with SMTP id u4-20020a170902e80400b001dc0334a85emr12377169plg.17.1708601438748; Thu, 22 Feb 2024 03:30:38 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id b3-20020a170902a9c300b001dc0955c635sm5978637plr.244.2024.02.22.03.30.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 03:30:38 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v8 10/10] tcp: make dropreason in tcp_child_process() work Date: Thu, 22 Feb 2024 19:30:03 +0800 Message-Id: <20240222113003.67558-11-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240222113003.67558-1-kerneljasonxing@gmail.com> References: <20240222113003.67558-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing It's time to let it work right now. We've already prepared for this:) Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet --- v8 Link: https://lore.kernel.org/netdev/CANn89i+huvL_Zidru_sNHbjwgM7==-q49+mgJq7vZPRgH6DgKg@mail.gmail.com/ Link: https://lore.kernel.org/netdev/CANn89iKmaZZSnk5+CCtSH43jeUgRWNQPV4cjc0vpWNT7nHnQQg@mail.gmail.com/ 1. squash v7 patch [11/11] into the current patch. 2. refine the rcv codes. (Eric) v7 Link: https://lore.kernel.org/all/20240219043815.98410-1-kuniyu@amazon.com/ 1. adjust the related part of code only since patch [04/11] is changed. --- net/ipv4/tcp_ipv4.c | 12 +++++++----- net/ipv6/tcp_ipv6.c | 16 ++++++++++------ 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index c79e25549972..a22ee5838751 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1907,7 +1907,6 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; } - reason = SKB_DROP_REASON_NOT_SPECIFIED; if (tcp_checksum_complete(skb)) goto csum_err; @@ -1917,7 +1916,8 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) if (!nsk) return 0; if (nsk != sk) { - if (tcp_child_process(sk, nsk, skb)) { + reason = tcp_child_process(sk, nsk, skb); + if (reason) { rsk = nsk; goto reset; } @@ -2276,10 +2276,12 @@ int tcp_v4_rcv(struct sk_buff *skb) if (nsk == sk) { reqsk_put(req); tcp_v4_restore_cb(skb); - } else if (tcp_child_process(sk, nsk, skb)) { - tcp_v4_send_reset(nsk, skb); - goto discard_and_relse; } else { + drop_reason = tcp_child_process(sk, nsk, skb); + if (drop_reason) { + tcp_v4_send_reset(nsk, skb); + goto discard_and_relse; + } sock_put(sk); return 0; } diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 4f8464e04b7f..f677f0fa5196 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1623,7 +1623,6 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) if (np->rxopt.all) opt_skb = skb_clone_and_charge_r(skb, sk); - reason = SKB_DROP_REASON_NOT_SPECIFIED; if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ struct dst_entry *dst; @@ -1654,8 +1653,11 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) struct sock *nsk = tcp_v6_cookie_check(sk, skb); if (nsk != sk) { - if (nsk && tcp_child_process(sk, nsk, skb)) - goto reset; + if (nsk) { + reason = tcp_child_process(sk, nsk, skb); + if (reason) + goto reset; + } if (opt_skb) __kfree_skb(opt_skb); return 0; @@ -1854,10 +1856,12 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb) if (nsk == sk) { reqsk_put(req); tcp_v6_restore_cb(skb); - } else if (tcp_child_process(sk, nsk, skb)) { - tcp_v6_send_reset(nsk, skb); - goto discard_and_relse; } else { + drop_reason = tcp_child_process(sk, nsk, skb); + if (drop_reason) { + tcp_v6_send_reset(nsk, skb); + goto discard_and_relse; + } sock_put(sk); return 0; }