From patchwork Fri Feb 23 10:28:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13568846 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5075F5D72A for ; Fri, 23 Feb 2024 10:29:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684170; cv=none; b=ZRQT0GltgKVFmwCK/a7QhyXKh0KHen0gk8MzlIgb8wBGr/joN+O0XOtxDf215aDKxlVgJqFYF7R167HhzSJYNlLDVUqG186j1G5ahca7nYBRlmbwY7t5czHHePQsjh/RgS8wtIxrZvS+DrP58OjflKPfRbR5ePXFcX9mEgSbPX0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684170; c=relaxed/simple; bh=XU3xXP1Z1r/XTAA9F5jpuZg6AyOJdHSI7WZD8Yabjkk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Qd1Oj3t8v2qSHLwHKqbJfa7D4IP/7b6ZSxHnF+JRNLaty5Y+3LkKoCMej0IREdpJGO4poCKGECsDxmAa6RdPPTsF0Y3g3dL8Etmy6Ya38+5a5Z37uwMX5OZgNdE+E0+1SlRJ61i0uE6X1EOGSrFWQaQAUugRaGIVl7N3zKPgtrI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=j/JmEKf8; arc=none smtp.client-ip=209.85.214.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="j/JmEKf8" Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1dc29f1956cso4261475ad.0 for ; Fri, 23 Feb 2024 02:29:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708684168; x=1709288968; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vGa3x8JeC2eEEsTxndb5FJy4brOQuJXVDeDrBzAkvIM=; b=j/JmEKf82+QUteSK261LLh1jdYkd4BxVSjGhPMzmcWA8uM6hAEhvXKvD5TtqnkG1ig sevEbunrRODmmKMj6sqGtthcIDfcWEeNYDW2Owge+nqPEv8sI6/SiPpaMcey4dc0wiMD edz5qzpUjECCmDWQm1RCzw3WxSu4Vem9nctsjeYC8O5bqAbK3uJiAtv2wMaPteH1hb+n grCncfZ5vlwVjWM6wVUQiIjT6S/iaSawybvhmjiRbsLLQS6CJT3hcH8OCOVQHtA2ODdC sDKqEOx6YyZh/ybKY6Cwbo3xHBYy8mSvGcpvWgjhIzSujvnBQPDhZaFc4G9OMfa688Xe PfNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708684168; x=1709288968; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vGa3x8JeC2eEEsTxndb5FJy4brOQuJXVDeDrBzAkvIM=; b=SE4SrbAz0dFQ5X2AKM+Y7ENf6PGJt6ITSk6AKZBI/B3wzZ8nJqc3hUG4//jDD3EZIz yoFH/7swByG9XMX48e0KoijGnvCQNk1Gwrc3UVcNDkZZYemf6EK3/X2FDv3M+vl806HE 17Q0NNvs44XvYPkggJcPx5G0AMedMOzmf8lF+577aES7goPXeFH/63N5AXjG79v8v0Fq IMzUIs7POzmDUTJchSSiDJWesPZhD1yRapjGwuNzaWUiyy5mu6tzJIvnFwI3cEe5h2CB W3fUR7uvMhulW53oIst0qL6W7e5mXXQUzNwQhezWcX4JQCCIgrecETXiZFm8vsP8eid6 WG6Q== X-Gm-Message-State: AOJu0YyBoVZ2JClMmavJmColKU2sQdTqK0n6JWpoMnOSX0TjattMgji6 lP6AV9AQ0J33Xio1JFTieINq0V0Eaiaq3U/0k0CzaJ3M+duUaerft7zkqFOn2Qc= X-Google-Smtp-Source: AGHT+IFBiAhiOjzIZsuicMLXcUbNJ1vWvyD5TLthLhQE7i6+pQzR/gOIwPKmgbSd33urocb0nMM5Dg== X-Received: by 2002:a17:902:f7c7:b0:1dc:1ef:aeb4 with SMTP id h7-20020a170902f7c700b001dc01efaeb4mr1492972plw.35.1708684168451; Fri, 23 Feb 2024 02:29:28 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id jz8-20020a170903430800b001db717d2dbbsm11380543plb.210.2024.02.23.02.29.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 02:29:28 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v9 01/10] tcp: add a dropreason definitions and prepare for cookie check Date: Fri, 23 Feb 2024 18:28:42 +0800 Message-Id: <20240223102851.83749-2-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240223102851.83749-1-kerneljasonxing@gmail.com> References: <20240223102851.83749-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Adding one drop reason to detect the condition of skb dropped because of hook points in cookie check and extending NO_SOCKET to consider another two cases can be used later. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89iJ3gLMn5psbzfVCOo2=v4nMn4m41wpr6svxyAmO4R1m6g@mail.gmail.com/ 1. add reviewed-by tag (Eric) v7 Link: https://lore.kernel.org/all/20240219040630.94637-1-kuniyu@amazon.com/ 1. nit: change "invalid" to "valid" (Kuniyuki) 2. add more description. v6 Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Modify the description NO_SOCKET to extend other two kinds of invalid socket cases. What I think about it is we can use it as a general indicator for three kinds of sockets which are invalid/NULL, like what we did to TCP_FLAGS. Any better ideas/suggestions are welcome :) v5 Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ Link: https://lore.kernel.org/netdev/632c6fd4-e060-4b8e-a80e-5d545a6c6b6c@kernel.org/ 1. Use SKB_DROP_REASON_IP_OUTNOROUTES instead of introducing a new one (Eric, David) 2. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 3. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD 4. Reuse IP_OUTNOROUTES instead of INVALID_DST (Eric) 5. adjust the title and description. v4 Link: https://lore.kernel.org/netdev/20240212172302.3f95e454@kernel.org/ 1. fix misspelled name in kdoc as Jakub said --- include/net/dropreason-core.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 6d3a20163260..a871f061558d 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -54,6 +54,7 @@ FN(NEIGH_QUEUEFULL) \ FN(NEIGH_DEAD) \ FN(TC_EGRESS) \ + FN(SECURITY_HOOK) \ FN(QDISC_DROP) \ FN(CPU_BACKLOG) \ FN(XDP) \ @@ -105,7 +106,13 @@ enum skb_drop_reason { SKB_CONSUMED, /** @SKB_DROP_REASON_NOT_SPECIFIED: drop reason is not specified */ SKB_DROP_REASON_NOT_SPECIFIED, - /** @SKB_DROP_REASON_NO_SOCKET: socket not found */ + /** + * @SKB_DROP_REASON_NO_SOCKET: no valid socket that can be used. + * Reason could be one of three cases: + * 1) no established/listening socket found during lookup process + * 2) no valid request socket during 3WHS process + * 3) no valid child socket during 3WHS process + */ SKB_DROP_REASON_NO_SOCKET, /** @SKB_DROP_REASON_PKT_TOO_SMALL: packet size is too small */ SKB_DROP_REASON_PKT_TOO_SMALL, @@ -271,6 +278,8 @@ enum skb_drop_reason { SKB_DROP_REASON_NEIGH_DEAD, /** @SKB_DROP_REASON_TC_EGRESS: dropped in TC egress HOOK */ SKB_DROP_REASON_TC_EGRESS, + /** @SKB_DROP_REASON_SECURITY_HOOK: dropped due to security HOOK */ + SKB_DROP_REASON_SECURITY_HOOK, /** * @SKB_DROP_REASON_QDISC_DROP: dropped by qdisc when packet outputting ( * failed to enqueue to current qdisc) From patchwork Fri Feb 23 10:28:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13568847 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 02D8E5D46B for ; Fri, 23 Feb 2024 10:29:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684173; cv=none; b=C69igUZMJZ5kgf4VkAA2QHsdg/Z2rIijJheAbn41jqt6qmOaUF9Yeq28dFD6lvZMZ4kWhejMmz53OKOEOikPaHLHJpWtSQ2tPRopeVwecNTb10X1ZQFsKIK4C3ig0oxMe2hubstRkrfXJikALECOXZiHOAZi62v6lMNXHsgTQzE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684173; c=relaxed/simple; bh=RTnwmupBOYfKe3zaPNw8b8LZ6kq8GKT/E/SmZKeIaZw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=W0jGmdGiMES1n47jIkM5wiUTChsoOVA3aaPcii+PHBClKCM6xFOvmI+nTN156J/rC0yw71JzlpcbN/kcM1lyDZgQljg79C1R5wJInrdLGk2JAzBvopWtuZHJClJtREnLVnTMxWL9TZ7wn2wGG3ztl1r/wqVIvWDPw+smxHWoYIU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=kPkRFKvh; arc=none smtp.client-ip=209.85.214.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="kPkRFKvh" Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-1d7431e702dso964825ad.1 for ; Fri, 23 Feb 2024 02:29:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708684171; x=1709288971; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=e/qUIqzG6cW/AClaTA+wsAnlXkMG+HDloY0t3WTwDFI=; b=kPkRFKvh5aFAxvp4xgPcZEJi5D3xax6EEVLYQsPEOIcETq0mgCWxtcutvQitF/RiFe rsBBlfoA14be1zGqNK2BabQer7ax5lrm/z5frZ3je50R8Bm8yMvIxwlLbcQiRwdzRy+D hLZn8qQqhh8shrjbwh9ReMTPtFWM7ruJM7qULapUt9C6vVkI0LEvm8HK3fJYsdCBJkwW XDigRyXA80U75TjGjSwUKv4OF8G5mRlUmxMzbm4HnmWUsrj2S1yUZoLat5MVdmofkWGu gwkbLAOoeVpOJ3kSVzScrS0lG6IvZXjFFq/ivQsfdihYMQbS83gi1twBDg0dK3MbE2cg U9Aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708684171; x=1709288971; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=e/qUIqzG6cW/AClaTA+wsAnlXkMG+HDloY0t3WTwDFI=; b=gViByCIAEpMmXsDLONhumr6zyg4w0mp3Yv/bDXJ/zV7gBw2k5N+Ie9xb4sO4rXo91+ FZQ2poHjUv0eIblj3GBM3hnq3YBE1bGi4Zgz9B7lo08sKIEKacMZGAAwfHNHrYC7O4+8 pZy4SDVe/mbaePhjVnVS+riGHF4QNJMjxgDmkYNEvtXX/SHX70X354fA3Zi5Om5Sunr9 Mt1xsmVFRaWEKYIgpzmZ4bFESue4872ecR28CcOJipQ4VDCDzafkNT4JgWPvaaUyTN4p vVsE96NqHQHWClpt/zRXsOtz4XN/4SxAZfMwUdb243/0sm0WFyse0zhCffhJeFshYswp Ltkg== X-Gm-Message-State: AOJu0YyJy/uxleuJ9KoiiCmlcUWEk3wf7/jg4DgNDtN+8qujf1a6j0r0 dsFgNItzodsxRgQfJQ9J9GLoHFBMr/7W1lhG3xGVBr6ituNthknv X-Google-Smtp-Source: AGHT+IGvyFR5BKv8LmYNArH+90c5yG7I44FygACqC2vl6lxudZarUviqBqJchJitR2gpt08vz4vnpA== X-Received: by 2002:a17:902:e881:b0:1dc:6cda:bcd2 with SMTP id w1-20020a170902e88100b001dc6cdabcd2mr784605plg.34.1708684171343; Fri, 23 Feb 2024 02:29:31 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id jz8-20020a170903430800b001db717d2dbbsm11380543plb.210.2024.02.23.02.29.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 02:29:30 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v9 02/10] tcp: directly drop skb in cookie check for ipv4 Date: Fri, 23 Feb 2024 18:28:43 +0800 Message-Id: <20240223102851.83749-3-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240223102851.83749-1-kerneljasonxing@gmail.com> References: <20240223102851.83749-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Only move the skb drop from tcp_v4_do_rcv() to cookie_v4_check() itself, no other changes made. It can help us refine the specific drop reasons later. Signed-off-by: Jason Xing Reviewed-by: Kuniyuki Iwashima Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89i+foA-AW3KCNw232eCC5GDi_3O0JG-mpvyiQJYuxKxnRA@mail.gmail.com/ 1. add reviewed-by tag (Eric) v7 Link: https://lore.kernel.org/all/20240219041350.95304-1-kuniyu@amazon.com/ 1. add reviewed-by tag (Kuniyuki) --- net/ipv4/syncookies.c | 4 ++++ net/ipv4/tcp_ipv4.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index be88bf586ff9..38f331da6677 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -408,6 +408,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) struct rtable *rt; __u8 rcv_wscale; int full_space; + SKB_DR(reason); if (!READ_ONCE(net->ipv4.sysctl_tcp_syncookies) || !th->ack || th->rst) @@ -477,10 +478,13 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) */ if (ret) inet_sk(ret)->cork.fl.u.ip4 = fl4; + else + goto out_drop; out: return ret; out_free: reqsk_free(req); out_drop: + kfree_skb_reason(skb, reason); return NULL; } diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 0c50c5a32b84..0a944e109088 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1915,7 +1915,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) struct sock *nsk = tcp_v4_cookie_check(sk, skb); if (!nsk) - goto discard; + return 0; if (nsk != sk) { if (tcp_child_process(sk, nsk, skb)) { rsk = nsk; From patchwork Fri Feb 23 10:28:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13568848 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 02C785D46B for ; Fri, 23 Feb 2024 10:29:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684176; cv=none; b=VgxVQJ2qPfazwYr0rWwmaY/y4AGHbf9aBiMK82mPHWnmnUiO6RYTmI8vrYDYMb8Xsanv/isHNpk6JFsabCAmkttehROyWv2wbOB7RlDstT/cGlSumYGfHtX3BIaM39vdOKvL9yOktRJuEfZVNnVApMZUb66XejgVKyCDtirg62c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684176; c=relaxed/simple; bh=TGCErkX8iQOMN9LkaELEW8hioL7AtJCV85UQUvVFmFA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=jZb6SnguxIfV7eSrkwz+masO+EKX7Q6Zrc+7qIMNMyMX5uuLGnrsMlk45FpZZW7/VYvMS9kvLxDb2G1hSFEBygj8eyg5ujT3lxAvhT54XeqazGwgbiKPYlzyq3eZSkF/QcE3boBFleSBAOHsS5UJHZsmqDgjCWke6wHo0yZmGe0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=WLBHrOhl; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WLBHrOhl" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1dc75972f25so70035ad.1 for ; Fri, 23 Feb 2024 02:29:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708684174; x=1709288974; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=lt7qqkAKaDUJR7/ka49EJkc/2UvYhaHsVUoYcqGxyWY=; b=WLBHrOhlW/SczVT8Pbm3zhCVokQGK13uw4J6exiebPKSukjqQc2cHmLHPAXbfIp9BJ uklFz5vDNP+RktVGTcmpn9bLlGHg7h/pBHFzgeUP4bbxL4i/fzjDqd0Hm1iPTjtG4h+R 6S79L0uR4SpZTYZM+mOJcCf2cG1GJQ+VZUUBPSD0XRhWa4BmAqsW2PNlLe1GIM4Rg+b8 dajGSSS77wAcfluCQcIXObjtrlYVqyF1FPq/7W7ibIhwNq1986eMs0sHNLAP2VTkDli6 BQY26APOgzmqK+lJQXCDjXNtIU1nHVvfI3CPyIHZCNBIbXqH3Lb8PbEi9+qliS4NwzYO nAtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708684174; x=1709288974; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lt7qqkAKaDUJR7/ka49EJkc/2UvYhaHsVUoYcqGxyWY=; b=NH4+EQtokcDgm2e8K5VqjWRFX+8k8oNKsIz9CCrQWgVrUlR1ZH0u2xICS1hfrze+SN 8lzrnjAkJJUshH8CsTnfV/L2CgQKI973Lr6wAQajSY6Ipi5Bufz9B/3IfaLYx/J6mJkE fUD7l6B8en+3K10mCuxFlRZYno6y+aEncqBJ7tpRevBdFmjofHxbUuLRUZ4n5/6+BzBf XOqPDJnuSHHZHArrHGWeHniWf0JMEXATLoTt4SGn/3BYMVhAcmJhQ5P/9v4BkssGgRxQ D9PnqovJ8X0e0Wyo1KjiLStoy1HXRgX5EoLFScJTky3SRpVS1dpJWbcqFBQE64qpSTsn PiwQ== X-Gm-Message-State: AOJu0YycIo0Piow1kByLkSscsV9RuVyCDAoYjlKdliyS8592g+v4zKsf arbnHM3KcgPX1N/gNA3Gmv8UujI3GNePb7TPvoRManVZJKbi41+m X-Google-Smtp-Source: AGHT+IHLE0Z7H8GBMNs+xMcrZQfN4v43x1TIeG3zKH7ZDTxTDNZwEQWU+h6XA8EL4iaPWH/EpUfong== X-Received: by 2002:a17:902:780e:b0:1db:e245:8c35 with SMTP id p14-20020a170902780e00b001dbe2458c35mr1062354pll.30.1708684174254; Fri, 23 Feb 2024 02:29:34 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id jz8-20020a170903430800b001db717d2dbbsm11380543plb.210.2024.02.23.02.29.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 02:29:33 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v9 03/10] tcp: use drop reasons in cookie check for ipv4 Date: Fri, 23 Feb 2024 18:28:44 +0800 Message-Id: <20240223102851.83749-4-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240223102851.83749-1-kerneljasonxing@gmail.com> References: <20240223102851.83749-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Now it's time to use the prepared definitions to refine this part. Four reasons used might enough for now, I think. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ Link: https://lore.kernel.org/netdev/CANn89iLOxJxmOCH1LxXf-YwRBzKXcjPRmgQeQ6A3bKRmW8=ksg@mail.gmail.com/ 1. add reviewed-by tag (David) 2. add reviewed-by tag (Eric) v8 Link: https://lore.kernel.org/netdev/CANn89iL-FH6jzoxhyKSMioj-zdBsHqNpR7YTGz8ytM=FZSGrug@mail.gmail.com/ 1. refine the codes (Eric) v6: Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Not use NOMEM because of MPTCP (Kuniyuki). I chose to use NO_SOCKET as an indicator which can be used as three kinds of cases to tell people that we're unable to get a valid one. It's a relatively general reason like what we did to TCP_FLAGS. Any better ideas/suggestions are welcome :) v5: Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ Link: https://lore.kernel.org/netdev/632c6fd4-e060-4b8e-a80e-5d545a6c6b6c@kernel.org/ 1. Use SKB_DROP_REASON_IP_OUTNOROUTES instead of introducing a new one (Eric, David) 2. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 3. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD --- net/ipv4/syncookies.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 38f331da6677..7972ad3d7c73 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -421,8 +421,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) if (IS_ERR(req)) goto out; } - if (!req) + if (!req) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } ireq = inet_rsk(req); @@ -434,8 +436,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) */ RCU_INIT_POINTER(ireq->ireq_opt, tcp_v4_save_options(net, skb)); - if (security_inet_conn_request(sk, skb, req)) + if (security_inet_conn_request(sk, skb, req)) { + SKB_DR_SET(reason, SECURITY_HOOK); goto out_free; + } tcp_ao_syncookie(sk, skb, req, AF_INET); @@ -452,8 +456,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) ireq->ir_loc_addr, th->source, th->dest, sk->sk_uid); security_req_classify_flow(req, flowi4_to_flowi_common(&fl4)); rt = ip_route_output_key(net, &fl4); - if (IS_ERR(rt)) + if (IS_ERR(rt)) { + SKB_DR_SET(reason, IP_OUTNOROUTES); goto out_free; + } /* Try to redo what tcp_v4_send_synack did. */ req->rsk_window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW); @@ -476,10 +482,11 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) /* ip_queue_xmit() depends on our flow being setup * Normal sockets get it right from inet_csk_route_child_sock() */ - if (ret) - inet_sk(ret)->cork.fl.u.ip4 = fl4; - else + if (!ret) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } + inet_sk(ret)->cork.fl.u.ip4 = fl4; out: return ret; out_free: From patchwork Fri Feb 23 10:28:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13568849 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D8CB95D742 for ; Fri, 23 Feb 2024 10:29:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684179; cv=none; b=pvN7/vLtXw9bHP4fT/dal4+kuZJyfYjkkPEZePJ4CBhlrfCfWWQoYlnhHJT7Ob4dD/6qyZaC7m0wTnLCDW5qWs+P81RRIAvRyg5O58mB7yPfGY/qey+N0MuhENOQLSFwo4Az5qDPoyxzibWRSezx9Q0sEEQQSUoCuUKyvZ4+vmM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684179; c=relaxed/simple; bh=Rgm41UcdXBS07B+ZKVHvQ+vPqWFRLNGFFZv3HOiexsQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=r6XWqkoP2fiVW9zraCXEhn6RN8m4LDNungNuZttoCfxNw/nnRLDIf3r7oWj3+qig+F1OrUr3OU3GRbMSORDRr36sJUgKmQkB6QJnOt7jtLdp/J54x4b61au3V1sCPezIe2KAoZrFnWkDQr6XLHZ0BrEZ7kog0mFoi2ghUyw9k5k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=N/NXET+i; arc=none smtp.client-ip=209.85.215.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="N/NXET+i" Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-5e44a2e34eeso613518a12.1 for ; Fri, 23 Feb 2024 02:29:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708684177; x=1709288977; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=O+q9YrFx1+moUKp/BkCodCIUYpDo2u/Zf3Lo0LNX6Yc=; b=N/NXET+irE2YQYE6Vzm7iXuTEvh7vUK1jpT7gigg13LpX/RlY2UnO0T5sqUEqIpcdZ hijzCkz6IrWwIw8Y1HZGBxeV9VRkWwSCuLNBz0TJ8zxxuhJkFs7+eyOTMKo/agG2sdtY HZsMo1EORKcG8ko20LishF8HirMzkesmptuPJ8PUV5qSZEcY+TtSLZahg5+W09vr61XS LKSmkU+p+GktmCdBOtL7RzZYnXQYg7YXEjatPUbLqVrcccyQE/JlIwHnTBNLfikRvw75 W83WvOMj84d4kNvr3wLW4vQIeJD96XudvNZr2Mz3mkEgZiav7Vyu5KzZPnu2nFrDwGYx /xwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708684177; x=1709288977; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O+q9YrFx1+moUKp/BkCodCIUYpDo2u/Zf3Lo0LNX6Yc=; b=ViiaWk1NZQGGTtOoDvMaZhGgpSNxN0sgcrkqFl+Yb5OS/VPKa3MA8CcGNudVEUh9oJ S9QL7HjT3n6fbgcVdBjCojv5c0MCe97+Kkje+vgjKxhGP23S9jl+3v4+FW0jtd1+ukpH ag8m3VvSe1Rm30HVJdkmbyk7OQvt1QjAmWEh7iLz6SxKPUFZnQWSpkfXgVfZuZqHkFaS /M6dE7Hw1LkmeHO/4Ptgk1uiWgf8jiwU+Xu4/VBjADoHEw08vfTK25UD6FznHvpIsZwb UkymOsZez+xV6HTZU+kCjchRLZq+5EG6IpKi0Zw1A9oEtIUfspy5lzq9x3dLLc04HQIw eroA== X-Gm-Message-State: AOJu0YxLAo/t82QzmFJGbArdrHX3j7Q2WAxkPQoKkLo19sNyxXMCmwHK FFh9ucZPc8c9faLJQj9whsOjghsBVFgxVVX3Yc1YRxpwI3dYYvOD X-Google-Smtp-Source: AGHT+IEh28HLnoPR53apqrFnDQ8GYdv8W3OQPkLuR5v0LdepxP4X8Hrh3KqRwJx81hca94SG8xATdw== X-Received: by 2002:a05:6a21:3942:b0:1a0:e179:3889 with SMTP id ac2-20020a056a21394200b001a0e1793889mr1203833pzc.56.1708684177178; Fri, 23 Feb 2024 02:29:37 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id jz8-20020a170903430800b001db717d2dbbsm11380543plb.210.2024.02.23.02.29.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 02:29:36 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v9 04/10] tcp: directly drop skb in cookie check for ipv6 Date: Fri, 23 Feb 2024 18:28:45 +0800 Message-Id: <20240223102851.83749-5-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240223102851.83749-1-kerneljasonxing@gmail.com> References: <20240223102851.83749-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Like previous patch does, only moving skb drop logical code to cookie_v6_check() for later refinement. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89iL8M=1vFdZ1hBb4POuz+MKQ50fmBAewfbowEH3jpEtpZQ@mail.gmail.com/ 1. add reviewed-by tag (Eric) v7: Link: https://lore.kernel.org/all/20240219043815.98410-1-kuniyu@amazon.com/ 1. refine the code (by removing redundant check), no functional changes. (Kuniyuki) v6 Link: https://lore.kernel.org/all/c987d2c79e4a4655166eb8eafef473384edb37fb.camel@redhat.com/ Link: https://lore.kernel.org/all/CAL+tcoAgSjwsmFnDh_Gs9ZgMi-y5awtVx+4VhJPNRADjo7LLSA@mail.gmail.com/ 1. take one case into consideration, behave like old days, or else it will trigger errors. v5 Link: https://lore.kernel.org/netdev/CANn89iKz7=1q7e8KY57Dn3ED7O=RCOfLxoHQKO4eNXnZa1OPWg@mail.gmail.com/ 1. avoid duplication of these opt_skb tests/actions (Eric) --- net/ipv6/syncookies.c | 4 ++++ net/ipv6/tcp_ipv6.c | 5 +---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 6b9c69278819..ea0d9954a29f 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c @@ -177,6 +177,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) struct sock *ret = sk; __u8 rcv_wscale; int full_space; + SKB_DR(reason); if (!READ_ONCE(net->ipv4.sysctl_tcp_syncookies) || !th->ack || th->rst) @@ -256,10 +257,13 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ireq->ecn_ok &= cookie_ecn_ok(net, dst); ret = tcp_get_cookie_sock(sk, skb, req, dst); + if (!ret) + goto out_drop; out: return ret; out_free: reqsk_free(req); out_drop: + kfree_skb_reason(skb, reason); return NULL; } diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 57b25b1fc9d9..0c180bb8187f 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1653,11 +1653,8 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) if (sk->sk_state == TCP_LISTEN) { struct sock *nsk = tcp_v6_cookie_check(sk, skb); - if (!nsk) - goto discard; - if (nsk != sk) { - if (tcp_child_process(sk, nsk, skb)) + if (nsk && tcp_child_process(sk, nsk, skb)) goto reset; if (opt_skb) __kfree_skb(opt_skb); From patchwork Fri Feb 23 10:28:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13568850 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E4A205D742 for ; Fri, 23 Feb 2024 10:29:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684182; cv=none; b=AbCL1VLGxRCCH8BJGVRN0Xa35ofRisqwtnODiUhieEKRmqSj0xpncDqBAC7cFLyUJbceMHOXmtTYDgijxrnU9zlnzlgr3hf79DjRI/eUaBQEY0tlZNytQZcNCDm43KDVZfuSfrw7yrIp0nN7jWWFuX6iYr2pIzUv30k4agvHjVc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684182; c=relaxed/simple; bh=1XTETACOo9PjIiHhJnzTywZhbd9iulkh3w2XrlviGeU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=mtx3Pctx2pae6pbNVDGt9Qm4/kLPXzn7EnwHCCzYR/dyMtbG2NlCB4du3GPlGIypZJNuS5aI5DLTHPzvCSRfyy8lxZ+2bjMRgfxoJ8b3+nRu5+C+9rsxFTKRAYt0qKbXXxOdQx53jFLdjck4WLJgB6KTJm3ZZmhTZwyg9XHAAhM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=TVHV6KDc; arc=none smtp.client-ip=209.85.214.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TVHV6KDc" Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1d918008b99so749735ad.3 for ; Fri, 23 Feb 2024 02:29:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708684180; x=1709288980; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GCaZ25K8kIjaFoMB5t9hG/x40yLesoIIfEeGnKZtbpc=; b=TVHV6KDcMBUClitQz6UezBw5DzpkW4lxNMSYpzfejqatbxgqkQDfjX4lIb8iam6o1G nNmfDU3z9ge4HNrDktfYCy3fUiyj3HDH7YkaHZK4lyjIgMStQLkUCa9t8IxHPG7sUlKg /6orAYiMsDpYxw7WhOEpcuS0jIB82syqzlR5LqByR/2hk9tWips8WG8iTaXFcNg4rJWb l8oBNcMcGejxd4GsxNoSYlobmgbdFH3gDueLo+Rk+V7bWvdMpBgE8IGSNeLr9KlvN0s1 hYjUcxgPrgs2gM3xxvVM+P22GtX9BNx2GONvIwIR9Ktk/DHCa7+nWkOyiQpKzwus5oE0 JJqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708684180; x=1709288980; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GCaZ25K8kIjaFoMB5t9hG/x40yLesoIIfEeGnKZtbpc=; b=PlZvYlbdv0mh5fghTRu7Dr4xglH9THlftmJs2AM+fBaBrVnOJVqowM7xawRvIeTlPX toC1iabL6QVSGXQvWVcR373t2fUs4b0UJjTobrVizj5/5TCrpam++gq+TjntUvPhEEad IJ+LaX2KEblqK8ujWEkRer6awCHJWwX9A4Q5XUQ8FioAYyrO7Ht8Q173m5yVPyP8YIU3 Y3aON7uTFaBT345ThZjJqmwRDo7T/2TbSxXmo7CeyZi95m555iN8ShXLojx0uVUlMHrW cv+AJmbk8bqTaZkOYJzpQdXv6oMUsUns6J3/iagTKnh4/I9lGfgC4zq5SFk1dU6ZhLNP 7peg== X-Gm-Message-State: AOJu0YyjSKLbsrLtBL8DBXFWMuCukpVYJyyomyTxv8+52R9/1YLE8wHj xyEEfgXxvG0I1w68zpyjwm52ZhuQ2x5i67iC8xM7qnj6NPHG5Mwv X-Google-Smtp-Source: AGHT+IG8oYcb/dDTveFmroYN0rrDgAz0QMJsj7IKoBIFI5MuEVWaWgLQDtBCUlczcJLmyMKMlsdtNw== X-Received: by 2002:a17:903:230f:b0:1dc:248:28d2 with SMTP id d15-20020a170903230f00b001dc024828d2mr1532872plh.39.1708684180193; Fri, 23 Feb 2024 02:29:40 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id jz8-20020a170903430800b001db717d2dbbsm11380543plb.210.2024.02.23.02.29.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 02:29:39 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v9 05/10] tcp: use drop reasons in cookie check for ipv6 Date: Fri, 23 Feb 2024 18:28:46 +0800 Message-Id: <20240223102851.83749-6-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240223102851.83749-1-kerneljasonxing@gmail.com> References: <20240223102851.83749-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Like what I did to ipv4 mode, refine this part: adding more drop reasons for better tracing. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89i+b+bYqX0aVv9KtSm=nLmEQznamZmqaOzfqtJm_ux9JBw@mail.gmail.com/ 1. add reviewed-by tag (Eric) v6: Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Not use NOMEM because of MPTCP (Kuniyuki). I chose to use NO_SOCKET as an indicator which can be used as three kinds of cases to tell people that we're unable to get a valid one. It's a relatively general reason like what we did to TCP_FLAGS. v5: Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ 1. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 2. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD 3. Reuse IP_OUTNOROUTES instead of INVALID_DST (Eric) --- net/ipv6/syncookies.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index ea0d9954a29f..8bad0a44a0a6 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c @@ -190,16 +190,20 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) if (IS_ERR(req)) goto out; } - if (!req) + if (!req) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } ireq = inet_rsk(req); ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; - if (security_inet_conn_request(sk, skb, req)) + if (security_inet_conn_request(sk, skb, req)) { + SKB_DR_SET(reason, SECURITY_HOOK); goto out_free; + } if (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) || np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || @@ -236,8 +240,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) security_req_classify_flow(req, flowi6_to_flowi_common(&fl6)); dst = ip6_dst_lookup_flow(net, sk, &fl6, final_p); - if (IS_ERR(dst)) + if (IS_ERR(dst)) { + SKB_DR_SET(reason, IP_OUTNOROUTES); goto out_free; + } } req->rsk_window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW); @@ -257,8 +263,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ireq->ecn_ok &= cookie_ecn_ok(net, dst); ret = tcp_get_cookie_sock(sk, skb, req, dst); - if (!ret) + if (!ret) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } out: return ret; out_free: From patchwork Fri Feb 23 10:28:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13568851 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E37275D742 for ; Fri, 23 Feb 2024 10:29:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684185; cv=none; b=KNdQRlmqPv6KvSK5a2Tmdtekxq/d2daePTIuVAtchfoLlJvPzfPL7lzyqueSqo5WQOgk5jJfGWGA77slOzyaBRzkkfLQvxYh49fMK+0YeRhOmxf10KISlKOljhaTg7WmFzHcXHdSxCweyvQWb9Ig9KowDSiZGbdk2WvDn89tuiU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684185; c=relaxed/simple; bh=AREo23cwfwzchyqwHLU3RqgiUIuL0S6YBbBo6jUuBSQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=I11u/n3qWZUJef+YuKAxrQMklbzh1UObpwrC8XL97QHdqVomvrRUur6Bl8Vq9/1A6rZ/Nh4Nymyly9QYBuzjPNFS3ivCefjP+1jHk8eHYlHldgDwsfY44BTlkJxuHeNp/HW7eHWdkcE9J2vvVRRSyIbVp4bXR4lXvdc4Gnmh1vw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=BUSlOCRm; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="BUSlOCRm" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1dbf1fe91fcso5133415ad.3 for ; Fri, 23 Feb 2024 02:29:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708684183; x=1709288983; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=inDueKCVz75DWzfXh5jhlCQ4SZ0ppOahXRbM39RRwQQ=; b=BUSlOCRmf4Bq3AH4Fy1VIRRaNbS4RkyrNWNJay5bNXPJKzD+zcFo45Ap9u/Tl7vXOb OaCwUOKTg+BOD978hIg+mteqVprcYkII8s7+iYCkerUix6/C0REDgOgP8oaUB9s6Fl4H H6s5Qv1IV1CVdkep3ocjJOz62+iUWsItYlVJ4ShEBAGfkhuJ7zne5io7AzU/OHftz4S3 W2G39MMbJbGYEksACqljeGUCVY7Lh+hjND3M5IydL0GS6q2456GIzdb+WowO6Q/gorac D3Up6M2LGBeqkCulGLQk4h0dIU5tDq9Pmzf3KtxM9c5yOimDbJR8Ed8PKlsnVDs+FffI m0uQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708684183; x=1709288983; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=inDueKCVz75DWzfXh5jhlCQ4SZ0ppOahXRbM39RRwQQ=; b=GCVuFXja7JE1xCUj+Jj6qbTD94nYn2xd4Ck8ZXQmClWRPlLBImuf2OZikeRG4nOc8R 1jwwndd3QNrkfB/b4v2gFkX/6MGCTQ7dHxukD9wOO0KeHY+N59/bfpul1RSm1CBQ+9eA bG12SU1GziM/9SnYnxRKP1RRZ7O8II6yjyTN/BPC4TBUZFYYIJU4K9q1AjH2AUlVy8Fx qEMNuI6VvOzk62tnj7nCv+n0ukpXpNO+fEsS0c0y1i5vCWrvGx5fAZ5x3h2GqqHVHmU5 DUTl6LzpBv8UjeW4VTp3ucj7MfXyI+3gK9EAgNF/Bnszgny3yt+AmMQB/KtSNlM6cpHu 0buw== X-Gm-Message-State: AOJu0Yz2oC4GoOKC96aCVhPV7kVVwvo59hvhKBzfVeP0sR5Z+EReMuSt W4yeH1pT8dWElgYtUCGmp7Ufy+Wf3q1b8srj24g6yajBEXN7uAFx X-Google-Smtp-Source: AGHT+IFzqxNpJyNO8qARXKtPaPLXGjVfuSpS9m9ZJy5093Q6F0/QLH7r6zyEO7LUi6dTPgArdiP6ug== X-Received: by 2002:a17:902:8606:b0:1dc:9dd:961d with SMTP id f6-20020a170902860600b001dc09dd961dmr1397541plo.62.1708684183094; Fri, 23 Feb 2024 02:29:43 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id jz8-20020a170903430800b001db717d2dbbsm11380543plb.210.2024.02.23.02.29.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 02:29:42 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v9 06/10] tcp: introduce dropreasons in receive path Date: Fri, 23 Feb 2024 18:28:47 +0800 Message-Id: <20240223102851.83749-7-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240223102851.83749-1-kerneljasonxing@gmail.com> References: <20240223102851.83749-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Soon later patches can use these relatively more accurate reasons to recognise and find out the cause. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ Link: https://lore.kernel.org/netdev/CANn89i+j55o_1B2SV56n=u=NHukmN_CoRib4VBzpUBVcKRjAMw@mail.gmail.com/ 1. add reviewed-by tag (David) 2. add reviewed-by tag (Eric) v7 Link: https://lore.kernel.org/all/20240219044744.99367-1-kuniyu@amazon.com/ 1. nit: nit: s/. because of/ because/ (Kuniyuki) v5: Link: https://lore.kernel.org/netdev/3a495358-4c47-4a9f-b116-5f9c8b44e5ab@kernel.org/ 1. Use new name (TCP_ABORT_ON_DATA) for readability (David) 2. change the title of this patch --- include/net/dropreason-core.h | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index a871f061558d..af7c7146219d 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -30,6 +30,7 @@ FN(TCP_AOFAILURE) \ FN(SOCKET_BACKLOG) \ FN(TCP_FLAGS) \ + FN(TCP_ABORT_ON_DATA) \ FN(TCP_ZEROWINDOW) \ FN(TCP_OLD_DATA) \ FN(TCP_OVERWINDOW) \ @@ -37,6 +38,7 @@ FN(TCP_RFC7323_PAWS) \ FN(TCP_OLD_SEQUENCE) \ FN(TCP_INVALID_SEQUENCE) \ + FN(TCP_INVALID_ACK_SEQUENCE) \ FN(TCP_RESET) \ FN(TCP_INVALID_SYN) \ FN(TCP_CLOSE) \ @@ -204,6 +206,11 @@ enum skb_drop_reason { SKB_DROP_REASON_SOCKET_BACKLOG, /** @SKB_DROP_REASON_TCP_FLAGS: TCP flags invalid */ SKB_DROP_REASON_TCP_FLAGS, + /** + * @SKB_DROP_REASON_TCP_ABORT_ON_DATA: abort on data, corresponding to + * LINUX_MIB_TCPABORTONDATA + */ + SKB_DROP_REASON_TCP_ABORT_ON_DATA, /** * @SKB_DROP_REASON_TCP_ZEROWINDOW: TCP receive window size is zero, * see LINUX_MIB_TCPZEROWINDOWDROP @@ -228,13 +235,19 @@ enum skb_drop_reason { SKB_DROP_REASON_TCP_OFOMERGE, /** * @SKB_DROP_REASON_TCP_RFC7323_PAWS: PAWS check, corresponding to - * LINUX_MIB_PAWSESTABREJECTED + * LINUX_MIB_PAWSESTABREJECTED, LINUX_MIB_PAWSACTIVEREJECTED */ SKB_DROP_REASON_TCP_RFC7323_PAWS, /** @SKB_DROP_REASON_TCP_OLD_SEQUENCE: Old SEQ field (duplicate packet) */ SKB_DROP_REASON_TCP_OLD_SEQUENCE, /** @SKB_DROP_REASON_TCP_INVALID_SEQUENCE: Not acceptable SEQ field */ SKB_DROP_REASON_TCP_INVALID_SEQUENCE, + /** + * @SKB_DROP_REASON_TCP_INVALID_ACK_SEQUENCE: Not acceptable ACK SEQ + * field because ack sequence is not in the window between snd_una + * and snd_nxt + */ + SKB_DROP_REASON_TCP_INVALID_ACK_SEQUENCE, /** @SKB_DROP_REASON_TCP_RESET: Invalid RST packet */ SKB_DROP_REASON_TCP_RESET, /** From patchwork Fri Feb 23 10:28:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13568852 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2A56D533 for ; Fri, 23 Feb 2024 10:29:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684188; cv=none; b=afnDpbMU8033WlQrZnvDgcCuh6cirqjCvcU52vZp27MbjaJAinwwYIsUsL4yRGHRHLuOQ/TyHRHiWjq4zSRtSIDpd7+m9RDih5TsSWLCkNYR3VkGRxjf8r0cV7cKtI4Aq3VdepyQdIAb25vE8lSVHs5SVgQxls0V5QHSQz2eecY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684188; c=relaxed/simple; bh=/i3A3wQT5Z2ehZu0rjrkw9GwUEs5YduexTTNvHdgku4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=MDtiOAt1NhSDYaV8VxTG0NQuflVwcJ+zptL3hshRBH/ichJEJJxK/Gkk2kBRzONN4h1xY/ie9yHA33Ju2ZHU1NYSykkGzhNu01h+8an6EV3IFG+7u/L1MHGfKjDlsmQL2M56YHs1yP1xAIXVZEVgKMmUpRByEf4qqhy7JdPtoMo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=edurkSNt; arc=none smtp.client-ip=209.85.214.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="edurkSNt" Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-1dbae7b8ff2so583285ad.3 for ; Fri, 23 Feb 2024 02:29:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708684186; x=1709288986; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Cf9BwtgVLn98CO74o8ZuqNBPza3uikkUdz8+DwVrcYQ=; b=edurkSNtfXTf+GfsXbGw7pYFpNlFlP9v/BI3KjXbpk5r04PEAsVT/IMn0CBHbl9aq4 kimS6d6p8AvvpSGf1FC0bnW+lipwlMDIpdTEKVsrFmpruTVo2jFl80pmwGQjOtQVxs25 1y8ikxrkC2pTOpvsCF7hBbzIbfuCFPK66AT25MWCW60lZDRaD13JOX+i9xtecW0KU8Xu it25LIR5jDb+4UKzwQcsmKImxyWlG7oyUXLfGQpTvaBS0elclo+mwlAv1Kss5AXNuDTW t4L2uZcWemMB0X3y9cWb4Nv56OsBEwXaegF+u/y8OGxcFnisPNuoQdkEWUU/QxQ+i/Lh 0AvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708684186; x=1709288986; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Cf9BwtgVLn98CO74o8ZuqNBPza3uikkUdz8+DwVrcYQ=; b=jxmCxgIilAyWH7/CCfzSMXW/eRlQfRT6otDC/F+SUDb/8lRqCC8yYml1f8W62KaNJg dWQ10Zuo0vxeDBIocwk2tORSxmvm9Nv2EKrA/Wh1KWAqLa2liP9FZWAgquowo7l8sCUz Mt3SDAeFwu5XrRfuDmKTd1vxDOYrKo+wNNzmTY4PAFV6v9usIRJnV0jKZmo3D5B2Yz0k oiWrrC6ZvQqxL+/YKtuMfdRRBzbH4xQLd13ryarp6fQkpvDV894JMcZrzZVq6Zq5b3gX tuunprfufprRrpoBkJfeYDtUSCQwueIqEtIU2sTcCG8AWn7/xs2iTsdTfdDync31bBYA Wg2Q== X-Gm-Message-State: AOJu0Ywrs7/pyfFbq/j3FQ8ijEy/pCHxaZqRowTqeNaprMbJRrrm9FqU HXPpHryngwqI+OhVMBN3zoPGzG4UOEGiASAN3su3k3js3pSmI8/V X-Google-Smtp-Source: AGHT+IEJ1ELdRLAo1CFu4HzWgYnFFmpEgtQHpzyjqUfntIqMweNcjJS4/+hiQc98kYt8QkYXocsafA== X-Received: by 2002:a17:902:a502:b0:1db:e792:bb38 with SMTP id s2-20020a170902a50200b001dbe792bb38mr1203690plq.63.1708684185966; Fri, 23 Feb 2024 02:29:45 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id jz8-20020a170903430800b001db717d2dbbsm11380543plb.210.2024.02.23.02.29.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 02:29:45 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v9 07/10] tcp: add more specific possible drop reasons in tcp_rcv_synsent_state_process() Date: Fri, 23 Feb 2024 18:28:48 +0800 Message-Id: <20240223102851.83749-8-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240223102851.83749-1-kerneljasonxing@gmail.com> References: <20240223102851.83749-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing This patch does two things: 1) add two more new reasons 2) only change the return value(1) to various drop reason values for the future use For now, we still cannot trace those two reasons. We'll implement the full function in the subsequent patch in this series. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89i+EF77F5ZJbbkiDQgwgAqSKWtD3djUF807zQ=AswGvosQ@mail.gmail.com/ 1. add reviewed-by tag (Eric) --- net/ipv4/tcp_input.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 74c03f0a6c0c..83308cca1610 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6361,6 +6361,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, TCP_TIMEOUT_MIN, TCP_RTO_MAX); + SKB_DR_SET(reason, TCP_INVALID_ACK_SEQUENCE); goto reset_and_undo; } @@ -6369,6 +6370,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, tcp_time_stamp_ts(tp))) { NET_INC_STATS(sock_net(sk), LINUX_MIB_PAWSACTIVEREJECTED); + SKB_DR_SET(reason, TCP_RFC7323_PAWS); goto reset_and_undo; } @@ -6572,7 +6574,8 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, reset_and_undo: tcp_clear_options(&tp->rx_opt); tp->rx_opt.mss_clamp = saved_clamp; - return 1; + /* we can reuse/return @reason to its caller to handle the exception */ + return reason; } static void tcp_rcv_synrecv_state_fastopen(struct sock *sk) From patchwork Fri Feb 23 10:28:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13568853 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9AD38D533 for ; Fri, 23 Feb 2024 10:29:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684191; cv=none; b=ZfMF6N5bIuWgRzw29s9M9c3QNeaWoe0xQf/Q2pMuPVHypi8+d2RxTEN5WLKBNt3o16jXQoi7Z8kyKPJTXxZA/Kurqtfb0vOtQ70lIBl2BmKujLwVX7kGBCROcVSerh3GrHLdLBjtxhNWaeu9O8gHP0joyr/Yr7zJOq7CtFFjlT0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684191; c=relaxed/simple; bh=OJyNQxskch6r8J2NCNPPhHcPQoogBWOJ2DdPpHf1mHc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=pgUYtszpNWIUk09QsOhx9zn798u6rRY5+gRMn4z28w5dOsA0acABkoOAereRct158T2h+NOJIyBxLh+4PsIPnOe+Kj6Wnfd8dqaU5jkpaNld57iFEZ63VpnzOGQchRPH2dSxHXgszXhZwT/iRCnJSK1HmmU1Hp0yXl4aWTST6Q4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bdMNLaBY; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bdMNLaBY" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-1d7431e702dso966815ad.1 for ; Fri, 23 Feb 2024 02:29:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708684189; x=1709288989; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FwLzJvWqpVHxOpW3RD1ZVO8+ZftdgYXF0aN1hMOMMss=; b=bdMNLaBYeyRGZFF2rv55ZqWVANrkUgle930OJiXKHoB2+Sv0U1i0sSDtZd50sd06VD hs3jEMpOMwQoRClkZPT7c53HDPIyQy4XqBGS6j+TwTWE8nUH9DIkmQMldP02M6CX7xE1 Bj1KcHoZdHQG431HLEdpeJ6g4bYOQAa9qOXpCHCOHcx6LUPSWSOkifzo2nE0uR5X33+8 O0Xv7Ud7RavTYipWOALl27bEYe8MFamvtSthfb2Xzyqq5J9Yu4f2ufE9o9PD/b9Ahchi sNcHorP0d+EucVueRcPfELmmTBVUd/PpiJXB6cDXFfTqu5wTv5cu+CEeb6jAXeRAfFOd Clqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708684189; x=1709288989; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FwLzJvWqpVHxOpW3RD1ZVO8+ZftdgYXF0aN1hMOMMss=; b=Xp7sSg64DVyaqi75h8fx4X8saZdj3eE1Yjrif/yHKzodX3WcDpDntRVV0Xme1VBG+1 c2H+Nt5oredTY/41FBM8cbwjHYfyJpwe4SU1c7HIqOTJFBMCi5sGzkXjqpm8WhMazBs6 fhhMQPhMGdL3+3dEoGgC5V/rzUQSFd1qi9u2GAGeP9Wa6J5ZFtK/Mf8GLIm+R/l/T0Lb 1g1WYWHdgJvErbOcvXxqvR935mI8DojJFd0UK6c4emyEZFX/mpiLAo4OOR+Qz3KmT8fA 4T6jfLe+6bRHTEw2KRYxT6hLlVt6tdogpqf+RhPX/oBJIU1vjo5pkxmI0azHZ/pHqHzc TNbA== X-Gm-Message-State: AOJu0Yw5bg7kYVdSerchxLjVGApsV5AY/6tuU9sSm71DOJek+ajQU6Zh qin+Cf2ZPTDIgLCX8OyU0LLcCkXoABbRXQnb9xzje/BzkqIKeWEU X-Google-Smtp-Source: AGHT+IGK/csm5/OhlKcxGDH55wTwTp97XKBCIsLPRaCK/Dj1oLfSbiiVqTBo2XCQvMaH10+njENX5g== X-Received: by 2002:a17:902:d2cf:b0:1dc:4b04:13d4 with SMTP id n15-20020a170902d2cf00b001dc4b0413d4mr1835427plc.8.1708684188906; Fri, 23 Feb 2024 02:29:48 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id jz8-20020a170903430800b001db717d2dbbsm11380543plb.210.2024.02.23.02.29.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 02:29:48 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v9 08/10] tcp: add dropreasons in tcp_rcv_state_process() Date: Fri, 23 Feb 2024 18:28:49 +0800 Message-Id: <20240223102851.83749-9-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240223102851.83749-1-kerneljasonxing@gmail.com> References: <20240223102851.83749-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing In this patch, I equipped this function with more dropreasons, but it still doesn't work yet, which I will do later. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/CAL+tcoCbsbM=HyXRqs2+QVrY8FSKmqYC47m87Axiyk1wk4omwQ@mail.gmail.com/ Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. nit: remove unnecessary else (David) 2. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89iJJ9XTVeC=qbSNUnOhQMAsfBfouc9qUJY7MxgQtYGmB3Q@mail.gmail.com/ 1. add reviewed-by tag (Eric) v5: Link: https://lore.kernel.org/netdev/3a495358-4c47-4a9f-b116-5f9c8b44e5ab@kernel.org/ 1. Use new name (TCP_ABORT_ON_DATA) for readability (David) --- include/net/tcp.h | 2 +- net/ipv4/tcp_input.c | 19 ++++++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index 58e65af74ad1..e5af9a5b411b 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -348,7 +348,7 @@ void tcp_wfree(struct sk_buff *skb); void tcp_write_timer_handler(struct sock *sk); void tcp_delack_timer_handler(struct sock *sk); int tcp_ioctl(struct sock *sk, int cmd, int *karg); -int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb); +enum skb_drop_reason tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb); void tcp_rcv_established(struct sock *sk, struct sk_buff *skb); void tcp_rcv_space_adjust(struct sock *sk); int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp); diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 83308cca1610..5d874817a78d 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6619,7 +6619,8 @@ static void tcp_rcv_synrecv_state_fastopen(struct sock *sk) * address independent. */ -int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) +enum skb_drop_reason +tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) { struct tcp_sock *tp = tcp_sk(sk); struct inet_connection_sock *icsk = inet_csk(sk); @@ -6635,7 +6636,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) case TCP_LISTEN: if (th->ack) - return 1; + return SKB_DROP_REASON_TCP_FLAGS; if (th->rst) { SKB_DR_SET(reason, TCP_RESET); @@ -6704,8 +6705,12 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) FLAG_NO_CHALLENGE_ACK); if ((int)reason <= 0) { - if (sk->sk_state == TCP_SYN_RECV) - return 1; /* send one RST */ + if (sk->sk_state == TCP_SYN_RECV) { + /* send one RST */ + if (!reason) + return SKB_DROP_REASON_TCP_OLD_ACK; + return -reason; + } /* accept old ack during closing */ if ((int)reason < 0) { tcp_send_challenge_ack(sk); @@ -6781,7 +6786,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) if (READ_ONCE(tp->linger2) < 0) { tcp_done(sk); NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } if (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq && after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) { @@ -6790,7 +6795,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) tcp_fastopen_active_disable(sk); tcp_done(sk); NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } tmo = tcp_fin_time(sk); @@ -6855,7 +6860,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); tcp_reset(sk, skb); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } } fallthrough; From patchwork Fri Feb 23 10:28:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13568854 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F930D533 for ; Fri, 23 Feb 2024 10:29:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684193; cv=none; b=ttLKbOeHdHfmzdbZI40QlfA7ntJ/hVXrG7X/wcjnlZ3gJJ2ehRHhmCuONhxls6XHuEzhrqSWwhNXpBS4lK+LIb09lwWB/KBI7+o4jTbe9RwHFq0fUcO21CwALc49jKFvBWrt7DmAYeZvhI5eTFhEWVsHkoHr6DfhGT0rBewa1AQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684193; c=relaxed/simple; bh=wEHuE1rauwop6W079PH7gANF6oPZtTcaf6JWO+EgyiA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=qQVY78qY9yV94vYrx+nqB4gHDsuOlWmTxLVBQniWtW+AHpp3VZ1dGPp6frwR1mPoPA7JSzHWBvtZhF3ZSbsxHBY9Dkl0H2CejGYRFqirJsC9eFDxEIvas47EVFSIsMgXrIy/PEgyM3+3svfLHFyBZTTHBSvDR5Y1bSi1BZ3dN4E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=FQyz6nk1; arc=none smtp.client-ip=209.85.214.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="FQyz6nk1" Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1d71cb97937so7761845ad.3 for ; Fri, 23 Feb 2024 02:29:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708684192; x=1709288992; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=N16M0/5IG3v1j3LIKq8uEOTY7VMyNxn3foEajFTtlQU=; b=FQyz6nk1qZ0mhlsk6s6yPbq1pQEl03JVF097n820/KI3MbsCOqIFVDHHQTKiIGG2oh kwoj9Utgw3gwlA2/yoAAf7T9gaZeJW9nB1pAvkxwj7QlTZpNzmqg/pSdOjX7oRQ7Nno6 J2VqjjnjVY6oNd7yCKzqBHUmghoxtRio+44CKmq5EK5aK/D96ViMwR2myuhbb6q474qC I1iHx2KtqarmlEAfI68ooV9bGCd4EQ0Uk0uNS9a25LrjqqzUBDY31EPpLMhacEktjKJ1 DJhX+v++ZqLtXIkzfSwmNi04xoq9NtKWR+4Ng6B6Fu5/83FlosVub4y2nNxdUuD7M7xe 98Sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708684192; x=1709288992; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=N16M0/5IG3v1j3LIKq8uEOTY7VMyNxn3foEajFTtlQU=; b=K0b02eyZlm70MX732237ScMGXMxSojR4xFgXUnRCd8nbrCzQBnL6w9KEkdRHlW3e/U KzO6V3wxMkH1llTFtsSHrvri4qyZytBnIZh4aEPAVWnWFvNtm+d/OmzBYAWpytC1gJIA YRVig9o9xnfpXJbmgyJ0y9iU2eEksADPOSlQFCa0F99AHlGELk9gLd/Gq51MDeSuvrUa OVVZQSdgN0O860N01Ktq3EbEgm35T6LuGvtynIpurCRgvbCH2wUv5DLvy3j895tWX6qR RYB+HXIo8NS1EbXpxspNTQChjQuoFUW/oe4fuLJzvZEo/CdZ0jUd4sUzLMa/jnqVIZGp d3YQ== X-Gm-Message-State: AOJu0YyP1+Qg/hirDBv3mh73GI8r9L5Ixr0ktNb4BeffGqf2xO5fQfuj Jp+rh+HO2IMq2lZhAC8eI1uFtGmhoWWwdcdN0CqXVEQARTAzwr8r X-Google-Smtp-Source: AGHT+IH5PdhrpEYxhkK2nz4xD1q0DHP+ktmzMTIO5KI8mjl5qJYM1uj1PsyzcR8gkvEZNvDjJEv0uQ== X-Received: by 2002:a17:902:8649:b0:1dc:4d63:7a0d with SMTP id y9-20020a170902864900b001dc4d637a0dmr1047915plt.41.1708684191830; Fri, 23 Feb 2024 02:29:51 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id jz8-20020a170903430800b001db717d2dbbsm11380543plb.210.2024.02.23.02.29.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 02:29:51 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v9 09/10] tcp: make the dropreason really work when calling tcp_rcv_state_process() Date: Fri, 23 Feb 2024 18:28:50 +0800 Message-Id: <20240223102851.83749-10-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240223102851.83749-1-kerneljasonxing@gmail.com> References: <20240223102851.83749-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Update three callers including both ipv4 and ipv6 and let the dropreason mechanism work in reality. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89i+Uikp=NvB7SVQpYnX-2FqJrH3hWw3sV0XpVcC55MiNUg@mail.gmail.com/ 1. add reviewed-by tag (Eric) --- include/net/tcp.h | 2 +- net/ipv4/tcp_ipv4.c | 3 ++- net/ipv4/tcp_minisocks.c | 9 +++++---- net/ipv6/tcp_ipv6.c | 3 ++- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index e5af9a5b411b..1d9b2a766b5e 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -396,7 +396,7 @@ enum tcp_tw_status tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb, struct request_sock *req, bool fastopen, bool *lost_race); -int tcp_child_process(struct sock *parent, struct sock *child, +enum skb_drop_reason tcp_child_process(struct sock *parent, struct sock *child, struct sk_buff *skb); void tcp_enter_loss(struct sock *sk); void tcp_cwnd_reduction(struct sock *sk, int newly_acked_sacked, int newly_lost, int flag); diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 0a944e109088..c79e25549972 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1926,7 +1926,8 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) } else sock_rps_save_rxhash(sk, skb); - if (tcp_rcv_state_process(sk, skb)) { + reason = tcp_rcv_state_process(sk, skb); + if (reason) { rsk = sk; goto reset; } diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index 9e85f2a0bddd..08d5b48540ea 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -911,11 +911,12 @@ EXPORT_SYMBOL(tcp_check_req); * be created. */ -int tcp_child_process(struct sock *parent, struct sock *child, +enum skb_drop_reason +tcp_child_process(struct sock *parent, struct sock *child, struct sk_buff *skb) __releases(&((child)->sk_lock.slock)) { - int ret = 0; + enum skb_drop_reason reason = SKB_NOT_DROPPED_YET; int state = child->sk_state; /* record sk_napi_id and sk_rx_queue_mapping of child. */ @@ -923,7 +924,7 @@ int tcp_child_process(struct sock *parent, struct sock *child, tcp_segs_in(tcp_sk(child), skb); if (!sock_owned_by_user(child)) { - ret = tcp_rcv_state_process(child, skb); + reason = tcp_rcv_state_process(child, skb); /* Wakeup parent, send SIGIO */ if (state == TCP_SYN_RECV && child->sk_state != state) parent->sk_data_ready(parent); @@ -937,6 +938,6 @@ int tcp_child_process(struct sock *parent, struct sock *child, bh_unlock_sock(child); sock_put(child); - return ret; + return reason; } EXPORT_SYMBOL(tcp_child_process); diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 0c180bb8187f..4f8464e04b7f 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1663,7 +1663,8 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) } else sock_rps_save_rxhash(sk, skb); - if (tcp_rcv_state_process(sk, skb)) + reason = tcp_rcv_state_process(sk, skb); + if (reason) goto reset; if (opt_skb) goto ipv6_pktoptions; From patchwork Fri Feb 23 10:28:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13568855 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 69D1AD533 for ; Fri, 23 Feb 2024 10:29:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684196; cv=none; b=VJVMPxfS2KZ3ZDpQAxTcli6qgD7imUBEOZaafQJ46w+HlzSimthH6IpFWVVkIkOlSLvY9X8TtX2lJ3G+utbbvWNUJrZdgItgkXXi/o39pa1Z3gojgBU4pYxAfudaFApv1hXcra2yetFIbbHNt5dykrhQFFZREyCcohAoCZBo5Pc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708684196; c=relaxed/simple; bh=yEAllsE96wvEpz2DnJM4KoPvaSqQcx9/yVwsmblksZg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=NsknFHYd/NmR9glJ62hAgHKcZnKOKW6ZydYqmBsLhQOvQBsw4b6v4r/4x8B2pr2ooxfQQ+FrVa1frjLDXgZ/KanpEwHiDTEwJq77/F+gEkbIg3IJ9UCdLCS14mei6mvfnBumaeKznqRUghbXrSHQRsT3IDmdjqme9r6LEGM4MXs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=VmZQykME; arc=none smtp.client-ip=209.85.214.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VmZQykME" Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-1dc5d0162bcso5109875ad.0 for ; Fri, 23 Feb 2024 02:29:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708684195; x=1709288995; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GOCFI9RbqeLkjoxApq6ZMHZcBJCyJLiYHOO7IsAZvZI=; b=VmZQykMEx7mmkec3VrMc5TqQ9nfAdSBP1XewWnS0rVO8ctw9ZM29IeD6pq+PtRCcGg nEwu8V6B0zLim071FFf/etLVUCrf9EZudCahbfZg4YK7C9bRmetuQODB4JTXGMAcERjj PUum2e6vdvLuzsvWi4IAWyr6p1LoTtsHuy+CeGdyRnsVkksXzKFQIiUHcqTeoDNcc3mK eTBaEsJgTabDrMWB8qnE1JYRXgemzW0hBcZfwlqdxFU0r0CxulookBUPr/cveOpteSJ7 berMnJWuuBq+JBYLwlJyv8r5pF0U0m7JVzrBtxMF/8AaAxnWQGaDO6XtkflQJlhVjJoI cZVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708684195; x=1709288995; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GOCFI9RbqeLkjoxApq6ZMHZcBJCyJLiYHOO7IsAZvZI=; b=WQKXBsmD5eV4Mjh63PfWaRw7+53xZD02PzSTW8US+9YK2Yej99tPFjRPbjMgaxy1L0 0cFmlIvOk7HQ7dppjXMV046aVjxYBtuIJxURhcgDTvApZ2LWHIsXBdATQe7g6gNlFEXX 6N88rfl9LYeublHDQYSdkDyEauF2f/RFr2So9XSKbcAh32VtnViSigYH5ixLCho19Btf UHx5jyYvGky1jM4RiKwzmO384/fPicp0zYb8NXiWrnZWQfaFSK0F+5pYlak/NbFXmehT W+9toffoKVqbJWcWx/Pe4kNqSUSqkPGsK/dRs7M1Xjuw9FtU8Vwy3rkpIY9+3yYUhvFI YNWA== X-Gm-Message-State: AOJu0Ywd+Fu+KUZdcmKop0eEkXZJTcMH7iGKm65x3xwx8j6vB9jQ+qPA ILwVp5f+gVvT07r5D5J/mp1+WS82+s5NsehUfvVvVGbQYkR003kk X-Google-Smtp-Source: AGHT+IGkVi3r2URNnrN+YiiktEefhgdnvAbpDhVvqfLEpKhPP6GOsRRx6riupDeFvm0dI8Kahvfimg== X-Received: by 2002:a17:903:247:b0:1db:9fa4:c770 with SMTP id j7-20020a170903024700b001db9fa4c770mr1510914plh.34.1708684194748; Fri, 23 Feb 2024 02:29:54 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.23]) by smtp.gmail.com with ESMTPSA id jz8-20020a170903430800b001db717d2dbbsm11380543plb.210.2024.02.23.02.29.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 02:29:54 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v9 10/10] tcp: make dropreason in tcp_child_process() work Date: Fri, 23 Feb 2024 18:28:51 +0800 Message-Id: <20240223102851.83749-11-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240223102851.83749-1-kerneljasonxing@gmail.com> References: <20240223102851.83749-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing It's time to let it work right now. We've already prepared for this:) Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ Link: https://lore.kernel.org/netdev/CANn89iKE2vYz_6sYd=u3HbqdgiU0BWhdMY9-ivs0Rcht+X+Rfg@mail.gmail.com/ 1. add reviewed-by tag (David) 2. add reviewed-by tag (Eric) v8 Link: https://lore.kernel.org/netdev/CANn89i+huvL_Zidru_sNHbjwgM7==-q49+mgJq7vZPRgH6DgKg@mail.gmail.com/ Link: https://lore.kernel.org/netdev/CANn89iKmaZZSnk5+CCtSH43jeUgRWNQPV4cjc0vpWNT7nHnQQg@mail.gmail.com/ 1. squash v7 patch [11/11] into the current patch. 2. refine the rcv codes. (Eric) v7 Link: https://lore.kernel.org/all/20240219043815.98410-1-kuniyu@amazon.com/ 1. adjust the related part of code only since patch [04/11] is changed. --- net/ipv4/tcp_ipv4.c | 12 +++++++----- net/ipv6/tcp_ipv6.c | 16 ++++++++++------ 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index c79e25549972..a22ee5838751 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1907,7 +1907,6 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; } - reason = SKB_DROP_REASON_NOT_SPECIFIED; if (tcp_checksum_complete(skb)) goto csum_err; @@ -1917,7 +1916,8 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) if (!nsk) return 0; if (nsk != sk) { - if (tcp_child_process(sk, nsk, skb)) { + reason = tcp_child_process(sk, nsk, skb); + if (reason) { rsk = nsk; goto reset; } @@ -2276,10 +2276,12 @@ int tcp_v4_rcv(struct sk_buff *skb) if (nsk == sk) { reqsk_put(req); tcp_v4_restore_cb(skb); - } else if (tcp_child_process(sk, nsk, skb)) { - tcp_v4_send_reset(nsk, skb); - goto discard_and_relse; } else { + drop_reason = tcp_child_process(sk, nsk, skb); + if (drop_reason) { + tcp_v4_send_reset(nsk, skb); + goto discard_and_relse; + } sock_put(sk); return 0; } diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 4f8464e04b7f..f677f0fa5196 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1623,7 +1623,6 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) if (np->rxopt.all) opt_skb = skb_clone_and_charge_r(skb, sk); - reason = SKB_DROP_REASON_NOT_SPECIFIED; if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ struct dst_entry *dst; @@ -1654,8 +1653,11 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) struct sock *nsk = tcp_v6_cookie_check(sk, skb); if (nsk != sk) { - if (nsk && tcp_child_process(sk, nsk, skb)) - goto reset; + if (nsk) { + reason = tcp_child_process(sk, nsk, skb); + if (reason) + goto reset; + } if (opt_skb) __kfree_skb(opt_skb); return 0; @@ -1854,10 +1856,12 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb) if (nsk == sk) { reqsk_put(req); tcp_v6_restore_cb(skb); - } else if (tcp_child_process(sk, nsk, skb)) { - tcp_v6_send_reset(nsk, skb); - goto discard_and_relse; } else { + drop_reason = tcp_child_process(sk, nsk, skb); + if (drop_reason) { + tcp_v6_send_reset(nsk, skb); + goto discard_and_relse; + } sock_put(sk); return 0; }