From patchwork Mon Feb 26 03:22:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13571197 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 728B314263 for ; Mon, 26 Feb 2024 03:22:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917773; cv=none; b=caf6eEwF/zvu2D/20PLG0PZTjIyc6t20g2CPwSme/h1sSm+3DtS+0lBEYw2Ghq2wBTNRJEa93osApVXkqOdAoX3OJTXYKxWTY8olb+BRwqsK2E/LoDz5XBfsy8sNuhdhZpwrc1PeEbLXJISvjZfy6Fjd7L7b9ghvuePjVnIRdOU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917773; c=relaxed/simple; bh=J/mAy7it+D2yD+hqcIT0b27b80IhoZe5v8+aEV5Kesc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ZUimz6FIaoIyYxA1EFjZAGm71MqNT2te20xVAmT+7CUkmpVpIu5C8gPlj1XfRcscejaFXCD6q8aPV9XNOciaFw4ujh10WtTHjpg34mIXCFJ8s+Hm9/xgzVHursGJxt5angQcUjM+aqNq+JnSt5ly5NNYnpCr8+MPaOUy3MRcdho= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Lc2NIcNl; arc=none smtp.client-ip=209.85.215.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Lc2NIcNl" Received: by mail-pg1-f177.google.com with SMTP id 41be03b00d2f7-5d4d15ec7c5so2036625a12.1 for ; Sun, 25 Feb 2024 19:22:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708917772; x=1709522572; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=g2MxW//NuJvbOxIgqnwV9AwctPjgUYVm/k4pGlCFbrs=; b=Lc2NIcNl6O9+ciENTDBWOVJmymZDTQ//Vk+mciXnGp6K9rEETbUAYJ+E5meauG1rsd Chha/3TNHPBAG3bE4oii65zwLOyjLCJAcb65KivJtt9NI6eM7u+O/RB0mFPHnMWNZFQD bW8P2Re/W5TLkn6CH8h+SgkmQOlA8/TLHFUxfFohXXFb33wVaJdvQm0gFHm9cfnnkR5F 0BS34RgzE/iuQ4mN1ij33x3aXyKvWIAfthKcYhpUCW2Cf39Yp+J1bvIOYYXnx25oaWMz AOCpVJcGU53VicDg+5cwmJzjh87jtEVLphpBM/DM9QCWcTUlDiwEvAYrCielP0i13Ogn VN+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708917772; x=1709522572; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=g2MxW//NuJvbOxIgqnwV9AwctPjgUYVm/k4pGlCFbrs=; b=IS8OtDDQNmeV354itAC/oOC4cJd2m5plL8S6PYTkbIHZIBizXC36q5jHf4AkIr25Yl lQoDQYt8AvGLWJzAmEtm1UZnGNvo4cWM4DTP8A7vQv8JXYvERg8ji+gzp7Kjh8qgwOTR EowShVYcdg4fftpI+c6z44FnLByAfFLmOcXHCekt+Ajr7Awdk+1duFj2zZfuuFC8gqJR uPfdJEB1Iqs8xSH07aeJyp1MUziL4A8b9UknUEpyFupMRjngGe5i2AudRFJKcwFvt1Tp n/OhSdnUrU+Ar9699nKsvVXYAhApQc89Vg0TykBCrQivRIoYmQNHACGP3HBooOu1KtMJ FxYQ== X-Gm-Message-State: AOJu0YxxwVRdnaN2XomzUu74yAtsU1J2RlWosdEQYSxsHDJz60iDPdww KJ9OShfAZZjaBzOqQIzqZxS/aZbCipmrC9EEXJpxH5uga01sCFH4 X-Google-Smtp-Source: AGHT+IEOadXtTh3JSG04gw7M0y3usO3nRwAz8+ZnKn7sdnFE+OtGvmRo4aPBfl0kliCN1qjKTfIo/g== X-Received: by 2002:a05:6a20:4390:b0:1a0:e80a:b79e with SMTP id i16-20020a056a20439000b001a0e80ab79emr10201946pzl.14.1708917771754; Sun, 25 Feb 2024 19:22:51 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.21]) by smtp.gmail.com with ESMTPSA id fr12-20020a17090ae2cc00b0029a78f22bd2sm3262521pjb.33.2024.02.25.19.22.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Feb 2024 19:22:51 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v10 01/10] tcp: add a dropreason definitions and prepare for cookie check Date: Mon, 26 Feb 2024 11:22:18 +0800 Message-Id: <20240226032227.15255-2-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240226032227.15255-1-kerneljasonxing@gmail.com> References: <20240226032227.15255-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Adding one drop reason to detect the condition of skb dropped because of hook points in cookie check and extending NO_SOCKET to consider another two cases can be used later. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89iJ3gLMn5psbzfVCOo2=v4nMn4m41wpr6svxyAmO4R1m6g@mail.gmail.com/ 1. add reviewed-by tag (Eric) v7 Link: https://lore.kernel.org/all/20240219040630.94637-1-kuniyu@amazon.com/ 1. nit: change "invalid" to "valid" (Kuniyuki) 2. add more description. v6 Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Modify the description NO_SOCKET to extend other two kinds of invalid socket cases. What I think about it is we can use it as a general indicator for three kinds of sockets which are invalid/NULL, like what we did to TCP_FLAGS. Any better ideas/suggestions are welcome :) v5 Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ Link: https://lore.kernel.org/netdev/632c6fd4-e060-4b8e-a80e-5d545a6c6b6c@kernel.org/ 1. Use SKB_DROP_REASON_IP_OUTNOROUTES instead of introducing a new one (Eric, David) 2. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 3. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD 4. Reuse IP_OUTNOROUTES instead of INVALID_DST (Eric) 5. adjust the title and description. v4 Link: https://lore.kernel.org/netdev/20240212172302.3f95e454@kernel.org/ 1. fix misspelled name in kdoc as Jakub said --- include/net/dropreason-core.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 6d3a20163260..a871f061558d 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -54,6 +54,7 @@ FN(NEIGH_QUEUEFULL) \ FN(NEIGH_DEAD) \ FN(TC_EGRESS) \ + FN(SECURITY_HOOK) \ FN(QDISC_DROP) \ FN(CPU_BACKLOG) \ FN(XDP) \ @@ -105,7 +106,13 @@ enum skb_drop_reason { SKB_CONSUMED, /** @SKB_DROP_REASON_NOT_SPECIFIED: drop reason is not specified */ SKB_DROP_REASON_NOT_SPECIFIED, - /** @SKB_DROP_REASON_NO_SOCKET: socket not found */ + /** + * @SKB_DROP_REASON_NO_SOCKET: no valid socket that can be used. + * Reason could be one of three cases: + * 1) no established/listening socket found during lookup process + * 2) no valid request socket during 3WHS process + * 3) no valid child socket during 3WHS process + */ SKB_DROP_REASON_NO_SOCKET, /** @SKB_DROP_REASON_PKT_TOO_SMALL: packet size is too small */ SKB_DROP_REASON_PKT_TOO_SMALL, @@ -271,6 +278,8 @@ enum skb_drop_reason { SKB_DROP_REASON_NEIGH_DEAD, /** @SKB_DROP_REASON_TC_EGRESS: dropped in TC egress HOOK */ SKB_DROP_REASON_TC_EGRESS, + /** @SKB_DROP_REASON_SECURITY_HOOK: dropped due to security HOOK */ + SKB_DROP_REASON_SECURITY_HOOK, /** * @SKB_DROP_REASON_QDISC_DROP: dropped by qdisc when packet outputting ( * failed to enqueue to current qdisc) From patchwork Mon Feb 26 03:22:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13571198 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7554517741 for ; Mon, 26 Feb 2024 03:22:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917776; cv=none; b=J36yBVhK3uKYDcb+G2ZLxwXoGlfAT51FqALD2izIP3VR3agZdi3pBBmH+/AL2Dz69+X1jHfXJF5Qze4sG1N+khbEBHBgY1pf3RjsfWaK2GW9Fv8E5VYRa6sMCOzRdzJjxHYET5t+4nOU4KhjGUzhIyhPNU1f1bZ2vzBcMM9EB+s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917776; c=relaxed/simple; bh=RTnwmupBOYfKe3zaPNw8b8LZ6kq8GKT/E/SmZKeIaZw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=N388VYQ18b8zkhM755Ge+3y/g+2w38oMqrF7/hvxqOn0W01TRr4a3T4LjHb+e0f2pF8wx+fbMVkY4aFV2/KGrzIrErYWvuDYik1PZZjSXZnOGvBR67zLS51ywxfehPt4RJjdWwJAY/tCsiddnx9FtTXcB++96J552+WgXkQ6o9c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=iWnw7kbn; arc=none smtp.client-ip=209.85.215.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="iWnw7kbn" Received: by mail-pg1-f169.google.com with SMTP id 41be03b00d2f7-5d81b08d6f2so2733967a12.0 for ; Sun, 25 Feb 2024 19:22:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708917775; x=1709522575; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=e/qUIqzG6cW/AClaTA+wsAnlXkMG+HDloY0t3WTwDFI=; b=iWnw7kbn26tAiOw1R836qNFfXXGr49u25uLhztuLX6vlN0AVWqZ9RicBP78+NA17Eb accCkGBbpcnGIIX8UjUMc8CKmsGsyMTUS4u+CaYf9vEuYhJv3e93HvCB99L/Yjpyqeb8 6HDraXfuR/rIeEYAjGCz2YqUNfx8l11RTElQliVYNitiQPyeQ8+73gyByeU9MKL2vkkn wdVH1Nac1hB3UqmXM5/gu4bFtsXzycAs3P0Q4wJi0rk1002iU1suhacPCn1/Z/4A7Scp y1JDAaiyp4E1fikTEbwFwjN7hvePjWg8YjDn9QJnbiwO8C5oCGeNxJ7DqhdghfygBVIV OfQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708917775; x=1709522575; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=e/qUIqzG6cW/AClaTA+wsAnlXkMG+HDloY0t3WTwDFI=; b=tHqnDxSvdCrdtF/ct+Qe2An9hZzvu+neFMJbIsOIR6ntmpbIIAp0ou0pVa8tduPSxl E+bcWljMsPUcMvYsIkCaTZrfGIbDkbUFlmpLeXvw7pN4JysOW+q80QCax4PwKi5he28t n0PkwzgNTBaEiHxMG/ZQ/mHk6mmcOiLrngCDxD34Itii9NZsiJEA/f5YrnaN1vvJYF2Y 7LJh+Jpb1hYUzaJmFaE4+3Utj1LBtjU7z9kmIQifdV+LC+xwn/jOjmxl3RSYETaG/ewT EBCghVhwKr7wS6TDE5Isk9SStaVvhvIrw73GP6EpH+/Ju/0mesUhJ0hdsy4pHWI61ucv PZNw== X-Gm-Message-State: AOJu0YyAgJ5mYGzvtvgnc2KOPxR88IREX/Cke58+DkPJOwjn+xvmi+OU ZDqvPp51GBq7kyg+z4p9+JjhVVSoOKswcstZejM42PNqmjpCQVXSDxfsjY+9Btw= X-Google-Smtp-Source: AGHT+IGAjuCX7Y0cMm3BQAo7wpJ3L2JlOFV3caELXxV4lC6lUxUPrUZzcIS2l5mlsSWbIrDL7EBdJA== X-Received: by 2002:a05:6a20:6f02:b0:1a0:5841:669d with SMTP id gt2-20020a056a206f0200b001a05841669dmr8164717pzb.39.1708917774754; Sun, 25 Feb 2024 19:22:54 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.21]) by smtp.gmail.com with ESMTPSA id fr12-20020a17090ae2cc00b0029a78f22bd2sm3262521pjb.33.2024.02.25.19.22.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Feb 2024 19:22:54 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v10 02/10] tcp: directly drop skb in cookie check for ipv4 Date: Mon, 26 Feb 2024 11:22:19 +0800 Message-Id: <20240226032227.15255-3-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240226032227.15255-1-kerneljasonxing@gmail.com> References: <20240226032227.15255-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Only move the skb drop from tcp_v4_do_rcv() to cookie_v4_check() itself, no other changes made. It can help us refine the specific drop reasons later. Signed-off-by: Jason Xing Reviewed-by: Kuniyuki Iwashima Reviewed-by: Eric Dumazet Reviewed-by: David Ahern --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89i+foA-AW3KCNw232eCC5GDi_3O0JG-mpvyiQJYuxKxnRA@mail.gmail.com/ 1. add reviewed-by tag (Eric) v7 Link: https://lore.kernel.org/all/20240219041350.95304-1-kuniyu@amazon.com/ 1. add reviewed-by tag (Kuniyuki) --- net/ipv4/syncookies.c | 4 ++++ net/ipv4/tcp_ipv4.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index be88bf586ff9..38f331da6677 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -408,6 +408,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) struct rtable *rt; __u8 rcv_wscale; int full_space; + SKB_DR(reason); if (!READ_ONCE(net->ipv4.sysctl_tcp_syncookies) || !th->ack || th->rst) @@ -477,10 +478,13 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) */ if (ret) inet_sk(ret)->cork.fl.u.ip4 = fl4; + else + goto out_drop; out: return ret; out_free: reqsk_free(req); out_drop: + kfree_skb_reason(skb, reason); return NULL; } diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 0c50c5a32b84..0a944e109088 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1915,7 +1915,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) struct sock *nsk = tcp_v4_cookie_check(sk, skb); if (!nsk) - goto discard; + return 0; if (nsk != sk) { if (tcp_child_process(sk, nsk, skb)) { rsk = nsk; From patchwork Mon Feb 26 03:22:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13571199 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 823AC18AF6 for ; Mon, 26 Feb 2024 03:22:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917780; cv=none; b=iHOEprWCmRxRaac3UqexnPh9h3yfGNmTcWsfVwEHAn1pCzKRKWxD9yMl/Vrx7hAgvahPHWSC68sw8peyTWvNhEN4AhlBm9Qu1+v3/mpzLIIzgOiMRXE4ooirm/xsGsURnuWQrq703DIiPwOu4KNHva86aboKTNncqwgIx01bn0w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917780; c=relaxed/simple; bh=RTEfjOJ+/4ucfYlh06t4QOIdeLP8sTi+N1Pj3CXctfI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=IM0HS8LXJtFnJ5w1R6a9WQFIUqygPzyk5WLpCvJdKm9mFr4pO069hBP2NQAd1vpO2HlSGZ762NR8TK+QRTL05b7fjYaoHgZzoD9521DAJOr/joQFmZm+ZcJ11/E0QcQ8YMnJCuQ5/+oqRO5etgHE4bPSMRm66bzIrRn+kpsNB8Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=T2LhFExo; arc=none smtp.client-ip=209.85.216.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="T2LhFExo" Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-299a2456948so1600490a91.1 for ; Sun, 25 Feb 2024 19:22:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708917778; x=1709522578; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4K8MZgEXV+k8WfP9MgcrMCUWIuACApKPPtdyd2KNGTY=; b=T2LhFExoDMPkSOB3BOQvf6IgoaqNSVlJjMeRM9pTlA30y4+92x+xArgCZ1fgDvLYtT iT9CjZQ27Sz5ZRx1mLZWmaUa8EnnR3ktTB2by5bHnrEwmWqZI9BnxvomzgDpPEudLj0J fecbgxAZ0grlMRl17mgfiaX2dJoBYyqBDiKRaXKVpwFIf/K4u0iw3gxTDkrdoj0+9r81 gPlu2qUu/QE/ok14RXrMD3nSle9hEqqhU1Lsgco99VLKACsJ2OrtkNMvpDwtKTIBqIzw hWEx3L3AdVbuCsH0Ik+Yyk4pgJpulXsj0R1WhiekErjRXZzLhG8kb0YwwiA4/rdVLT2N lv5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708917778; x=1709522578; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4K8MZgEXV+k8WfP9MgcrMCUWIuACApKPPtdyd2KNGTY=; b=Db2cpWbsfjPRa2vAHarxQuMGoYzmTRXcXwzwUd5ur+5YTwgm3d3fQ8AJUm64Mzwtet 2nx3mWhhddNtyPple24PPxLGyWR8suPY9q7OuUJCyslKng3SU+SB1yp9ICMtc0LvCYqC xidAVmbQFnWoyef/R7LYnrvktCM/LAI6lBKAstxPj2B74OrBo8iVJbLDe3tYSw4EA1UB NgAHDTNgZ4ELFSJ+52OlAjw+UGJooQiO07xFwpV6IMq+Xu1RTc6FWgnvs65XErc3kdNz VLbQpBkKQKXtuXXu8jcOiGnXXaJqjJ15teQ8us4Oszu2DB74ry53b55V8ULtyzfgpann dj/Q== X-Gm-Message-State: AOJu0YztuS1OAAsgWouwxsrAlKlX6300FLM4rASPpac6qcvtbpa4HTuy WW+N5rW6JsuWAsfWgShs7azY631RzrXOO6wOL8l1cN5ki6cqyzwu X-Google-Smtp-Source: AGHT+IG3IY0WmzekizlC6IXzXnhFfAZQUPCwScSqEWESRzgVPRA+VDl4vmcU7C4Z1WByvc13uZ3OfA== X-Received: by 2002:a17:90b:484:b0:29a:638c:620c with SMTP id bh4-20020a17090b048400b0029a638c620cmr4597823pjb.43.1708917777810; Sun, 25 Feb 2024 19:22:57 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.21]) by smtp.gmail.com with ESMTPSA id fr12-20020a17090ae2cc00b0029a78f22bd2sm3262521pjb.33.2024.02.25.19.22.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Feb 2024 19:22:57 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v10 03/10] tcp: use drop reasons in cookie check for ipv4 Date: Mon, 26 Feb 2024 11:22:20 +0800 Message-Id: <20240226032227.15255-4-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240226032227.15255-1-kerneljasonxing@gmail.com> References: <20240226032227.15255-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Now it's time to use the prepared definitions to refine this part. Four reasons used might enough for now, I think. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ Link: https://lore.kernel.org/netdev/CANn89iLOxJxmOCH1LxXf-YwRBzKXcjPRmgQeQ6A3bKRmW8=ksg@mail.gmail.com/ 1. add reviewed-by tag (David) 2. add reviewed-by tag (Eric) v8 Link: https://lore.kernel.org/netdev/CANn89iL-FH6jzoxhyKSMioj-zdBsHqNpR7YTGz8ytM=FZSGrug@mail.gmail.com/ 1. refine the codes (Eric) v6: Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Not use NOMEM because of MPTCP (Kuniyuki). I chose to use NO_SOCKET as an indicator which can be used as three kinds of cases to tell people that we're unable to get a valid one. It's a relatively general reason like what we did to TCP_FLAGS. Any better ideas/suggestions are welcome :) v5: Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ Link: https://lore.kernel.org/netdev/632c6fd4-e060-4b8e-a80e-5d545a6c6b6c@kernel.org/ 1. Use SKB_DROP_REASON_IP_OUTNOROUTES instead of introducing a new one (Eric, David) 2. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 3. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD --- net/ipv4/syncookies.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 38f331da6677..7972ad3d7c73 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -421,8 +421,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) if (IS_ERR(req)) goto out; } - if (!req) + if (!req) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } ireq = inet_rsk(req); @@ -434,8 +436,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) */ RCU_INIT_POINTER(ireq->ireq_opt, tcp_v4_save_options(net, skb)); - if (security_inet_conn_request(sk, skb, req)) + if (security_inet_conn_request(sk, skb, req)) { + SKB_DR_SET(reason, SECURITY_HOOK); goto out_free; + } tcp_ao_syncookie(sk, skb, req, AF_INET); @@ -452,8 +456,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) ireq->ir_loc_addr, th->source, th->dest, sk->sk_uid); security_req_classify_flow(req, flowi4_to_flowi_common(&fl4)); rt = ip_route_output_key(net, &fl4); - if (IS_ERR(rt)) + if (IS_ERR(rt)) { + SKB_DR_SET(reason, IP_OUTNOROUTES); goto out_free; + } /* Try to redo what tcp_v4_send_synack did. */ req->rsk_window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW); @@ -476,10 +482,11 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) /* ip_queue_xmit() depends on our flow being setup * Normal sockets get it right from inet_csk_route_child_sock() */ - if (ret) - inet_sk(ret)->cork.fl.u.ip4 = fl4; - else + if (!ret) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } + inet_sk(ret)->cork.fl.u.ip4 = fl4; out: return ret; out_free: From patchwork Mon Feb 26 03:22:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13571200 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 62AA719BCA for ; Mon, 26 Feb 2024 03:23:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917782; cv=none; b=NCenIdUsEiqfcflt2+zPkXG9go0FMMx0i/hARg/xLdemb5X62s7f770moW9vYRcNQCZ1iWDwuvDhxL35OYSR2xYj0EKJLs23QmKUDSmAcTKz0dOK5xzl1zaX4/cgnAr26YMSCFnTjqUhUipLiWeeInZR6HJlX011fDogeh0TA90= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917782; c=relaxed/simple; bh=gH/hkyJfT6zdVSdzb7cr6no12htyjX3oawFQPbDyKbk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=YtF2enuAmOhqZtXqqGbFuz0y5woRyp1ltYvuzbUyCElgJbgmdiDhRX1pxKnP2XtAd0ejSmmAtq2SiqcAM216FEQB3S4ZHYBjED5AH90Bl3PnnYDUH7g5eBxmyqOzILGsiJmkZBj9UDZKnUW90zsFmlOKIDif9D7iSo/fq8K/nk4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=l3CEX4+V; arc=none smtp.client-ip=209.85.216.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="l3CEX4+V" Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-299a2456948so1600501a91.1 for ; Sun, 25 Feb 2024 19:23:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708917781; x=1709522581; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=U2vlajGrlnwSJ/SyaM2EvXqgpQHHf+iBOrg05aAk/GY=; b=l3CEX4+VEvz07rmqc3BdfHOv408J+wbHPIGNvnRXOmn67GeY3iOgQINOXfmoXARUHk 2LSHVML35FPP5VpiU78swxy/UsTHDXsk5IH9FHYJUHIlIIi4IYUgl9S6oVWNFk4xVoUm yea8iRVuNJDn84gGe6j7F6zdR+yoIgQ1MUYNY1M6yTdlkA5MBGLZ6arbbI3bikNVLS9y svRo8Kg4bfKlph0VbR6VRB2nDHG+DrmrLyDZnoT4jd3JJrXa6bGD+/wYTWxe7cjBttNy EX6/tRhE/Tf4fDpLAf2D4m+7M3XguBfVIA6jNpC9EuttJDmzDSo6h7rX/yu/Sarl1+dn SQrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708917781; x=1709522581; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=U2vlajGrlnwSJ/SyaM2EvXqgpQHHf+iBOrg05aAk/GY=; b=EoBCVoXd/eWk+s9mBIuj5Uv1Yk+jLu4rWWsEYzY2mSdvgAP2z31KlilpGMUcNk8hpI 5YVZP7hm8+mz3oaTGYs7GQG43wrslvf8liEp+dOydCdNUbnLPq22NCEp0FW/dfsm+E1/ E6TXppXMZ3w7rl13VIL3sqOjVOnNEdgE0CFrJnC/EeKK9W+VlytwFNTKHhzzrYyzLVdM sH/+X1zaGnI9/iYG26TQGgP/aZ/NMVmyLZyz1fOBlJbAJzp+bVMBEkX2qmZwOsf4KSyI OVyUnvcm76ezYodcH9Ui9DJ+FexBb0w5TCZKn4wGkM51VfDizk2BEN2M04d+SWyRWsVP WNSw== X-Gm-Message-State: AOJu0YyCriUlNy8nhobGA26knhXk8koV7ZnroSoqqWoTbq/ukz57Rg5X 09jGUgQibaYBBxLwshHYA+37lop48lvMX0T5adzVE0nvfODan1Te X-Google-Smtp-Source: AGHT+IHgvMN0c9DJQ4zE2VOi3vGPi1ZTeMZF1HKAp4TY5U2i3T6gFB92GppqXpIVTAdls5ax8Nl/lQ== X-Received: by 2002:a17:90b:3652:b0:29a:ce3f:e26f with SMTP id nh18-20020a17090b365200b0029ace3fe26fmr119141pjb.21.1708917780836; Sun, 25 Feb 2024 19:23:00 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.21]) by smtp.gmail.com with ESMTPSA id fr12-20020a17090ae2cc00b0029a78f22bd2sm3262521pjb.33.2024.02.25.19.22.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Feb 2024 19:23:00 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v10 04/10] tcp: directly drop skb in cookie check for ipv6 Date: Mon, 26 Feb 2024 11:22:21 +0800 Message-Id: <20240226032227.15255-5-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240226032227.15255-1-kerneljasonxing@gmail.com> References: <20240226032227.15255-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Like previous patch does, only moving skb drop logical code to cookie_v6_check() for later refinement. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89iL8M=1vFdZ1hBb4POuz+MKQ50fmBAewfbowEH3jpEtpZQ@mail.gmail.com/ 1. add reviewed-by tag (Eric) v7: Link: https://lore.kernel.org/all/20240219043815.98410-1-kuniyu@amazon.com/ 1. refine the code (by removing redundant check), no functional changes. (Kuniyuki) v6 Link: https://lore.kernel.org/all/c987d2c79e4a4655166eb8eafef473384edb37fb.camel@redhat.com/ Link: https://lore.kernel.org/all/CAL+tcoAgSjwsmFnDh_Gs9ZgMi-y5awtVx+4VhJPNRADjo7LLSA@mail.gmail.com/ 1. take one case into consideration, behave like old days, or else it will trigger errors. v5 Link: https://lore.kernel.org/netdev/CANn89iKz7=1q7e8KY57Dn3ED7O=RCOfLxoHQKO4eNXnZa1OPWg@mail.gmail.com/ 1. avoid duplication of these opt_skb tests/actions (Eric) --- net/ipv6/syncookies.c | 4 ++++ net/ipv6/tcp_ipv6.c | 5 +---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 6b9c69278819..ea0d9954a29f 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c @@ -177,6 +177,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) struct sock *ret = sk; __u8 rcv_wscale; int full_space; + SKB_DR(reason); if (!READ_ONCE(net->ipv4.sysctl_tcp_syncookies) || !th->ack || th->rst) @@ -256,10 +257,13 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ireq->ecn_ok &= cookie_ecn_ok(net, dst); ret = tcp_get_cookie_sock(sk, skb, req, dst); + if (!ret) + goto out_drop; out: return ret; out_free: reqsk_free(req); out_drop: + kfree_skb_reason(skb, reason); return NULL; } diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 57b25b1fc9d9..0c180bb8187f 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1653,11 +1653,8 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) if (sk->sk_state == TCP_LISTEN) { struct sock *nsk = tcp_v6_cookie_check(sk, skb); - if (!nsk) - goto discard; - if (nsk != sk) { - if (tcp_child_process(sk, nsk, skb)) + if (nsk && tcp_child_process(sk, nsk, skb)) goto reset; if (opt_skb) __kfree_skb(opt_skb); From patchwork Mon Feb 26 03:22:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13571201 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7DF6B1A58E for ; Mon, 26 Feb 2024 03:23:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917785; cv=none; b=WFl5lxxY5SG8SjtgrB6DjtdcFbHya0UJ/YXhluSNOH1Qli+EBXBdMpq+15b1JuTF7AwOnMCzwYTmbTKSXx05jPXA+Psj1lG4qUiyOQgfSVOKtVF4TpqxpbP8g9XjuuXk03p7DP0zw1yMgx6uQ1N/6gbhoqRwkI0GJuCdwmcKxTI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917785; c=relaxed/simple; bh=9KWQNBOVxs5AW+n0JZ7U/B4coXteYFG+kqt6SSvxAqo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=OdP20jSANPYCYDJ/QqHzkfxLqfs0bR6cp5EAWWnvAeqB79g37kq6Jt3Qodhk4zdCyFeuNWtJ6Ao6uu1BL2ZZhIm0bhHFCJ/+1na9LgCQjN1WoN0FkDr2SWrq9tHySpkqHBYXMRL3KjoFY4g4CMChMIJgS7dIdpins7hAAsFaNTM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OQTlvY3X; arc=none smtp.client-ip=209.85.215.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OQTlvY3X" Received: by mail-pg1-f174.google.com with SMTP id 41be03b00d2f7-5c66b093b86so1538605a12.0 for ; Sun, 25 Feb 2024 19:23:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708917784; x=1709522584; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YfIkNQoYOjYRtCpb4caKAYJhlb1RDFwgkt9PcU2LcSA=; b=OQTlvY3Xi8sNYUreOlpe/aS9MbcL2BFE7YPUwB6x82ZHRPx/RKsEuCSc8KfCIWJ0/j wQ4y0Q3hXMMACC7OCZnJ2yOavHrVuRnjH8yHs7YNqGa9faDCmw6oR/Vyjx8K/RFe/25x YVNpAvDjXSMw43HLRyUIvRfnMMVI92DQxCAZlqzK3h3a6vevgjB7P4GTKsavkjZ3zcNq xLSzmlLWDQrrxw2afFShTU9XCk3zoWH+28Db44omp0sp3+RPejF3Y14SCmcB4kJ3SN8a ScCQNCttFKChLclewM0k+pyiZWLHulN8cSz1u8UxiI4KAXbSXurOoQ9cy4mKlaDd3KTo rPeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708917784; x=1709522584; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YfIkNQoYOjYRtCpb4caKAYJhlb1RDFwgkt9PcU2LcSA=; b=psKiTAXovfJHK1VckrJ2r24VMsH1TDEPfP8s/zC+vepdX2IwlwEagUXi80PTE1226A eNN5tf/s/zdRcr34Ycu9xX1ASXla9hFYvdpi611VFmJpf5BMstXBlKEndPxH++HGZU6f 3xzoYYCONNphLs4U81thRVipLfuexlIsNxQKiGE59S3ubXU7YeK+IQSHXdy+aBBIkmdX DjIAkLCDcr7txrdXeXjBS4AaWX8Tov4cUDy9LI0BO20gadKVUMSrx6WWkEA21JHQP4f6 yYOSsBaHxsSI8B7HThCkTgfFeAYKp3FwCZeSxLni/YlUebP3k//DXPD64nmq0Qd+bo/g Kj3g== X-Gm-Message-State: AOJu0YxmFUnWz/6uFJt2zUnzjC+lebHknxmQfUAQxg2SH5qCeHylE5Nk erxnaS/sKcWMQektFZ3lw3jIcO1UumMwlz0dUomKmSsW6e80PG0/ X-Google-Smtp-Source: AGHT+IHVhjBRllcYV4FMfHNnk6kah5wjRAJQF3DQYQmn/8OBqZvfMtcD5NVJbcNpi+12hvDOw0xHQg== X-Received: by 2002:a17:90a:c20d:b0:29a:4f60:3f94 with SMTP id e13-20020a17090ac20d00b0029a4f603f94mr7347161pjt.1.1708917783814; Sun, 25 Feb 2024 19:23:03 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.21]) by smtp.gmail.com with ESMTPSA id fr12-20020a17090ae2cc00b0029a78f22bd2sm3262521pjb.33.2024.02.25.19.23.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Feb 2024 19:23:03 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v10 05/10] tcp: use drop reasons in cookie check for ipv6 Date: Mon, 26 Feb 2024 11:22:22 +0800 Message-Id: <20240226032227.15255-6-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240226032227.15255-1-kerneljasonxing@gmail.com> References: <20240226032227.15255-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Like what I did to ipv4 mode, refine this part: adding more drop reasons for better tracing. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89i+b+bYqX0aVv9KtSm=nLmEQznamZmqaOzfqtJm_ux9JBw@mail.gmail.com/ 1. add reviewed-by tag (Eric) v6: Link: https://lore.kernel.org/netdev/20240215210922.19969-1-kuniyu@amazon.com/ 1. Not use NOMEM because of MPTCP (Kuniyuki). I chose to use NO_SOCKET as an indicator which can be used as three kinds of cases to tell people that we're unable to get a valid one. It's a relatively general reason like what we did to TCP_FLAGS. v5: Link: https://lore.kernel.org/netdev/CANn89i+iELpsoea6+C-08m6+=JkneEEM=nAj-28eNtcOCkwQjw@mail.gmail.com/ 1. Reuse SKB_DROP_REASON_NOMEM to handle failure of request socket allocation (Eric) 2. Reuse NO_SOCKET instead of introducing COOKIE_NOCHILD 3. Reuse IP_OUTNOROUTES instead of INVALID_DST (Eric) --- net/ipv6/syncookies.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index ea0d9954a29f..8bad0a44a0a6 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c @@ -190,16 +190,20 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) if (IS_ERR(req)) goto out; } - if (!req) + if (!req) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } ireq = inet_rsk(req); ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; - if (security_inet_conn_request(sk, skb, req)) + if (security_inet_conn_request(sk, skb, req)) { + SKB_DR_SET(reason, SECURITY_HOOK); goto out_free; + } if (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) || np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || @@ -236,8 +240,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) security_req_classify_flow(req, flowi6_to_flowi_common(&fl6)); dst = ip6_dst_lookup_flow(net, sk, &fl6, final_p); - if (IS_ERR(dst)) + if (IS_ERR(dst)) { + SKB_DR_SET(reason, IP_OUTNOROUTES); goto out_free; + } } req->rsk_window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW); @@ -257,8 +263,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ireq->ecn_ok &= cookie_ecn_ok(net, dst); ret = tcp_get_cookie_sock(sk, skb, req, dst); - if (!ret) + if (!ret) { + SKB_DR_SET(reason, NO_SOCKET); goto out_drop; + } out: return ret; out_free: From patchwork Mon Feb 26 03:22:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13571202 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2CB61B7E4 for ; Mon, 26 Feb 2024 03:23:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917789; cv=none; b=TW+eOG1nn2RDFpvYyLDL+WNtrhPU5moYMM91FC6bapA4/fjVhjllV232P9sWVlRu/sTUrMaIbQXkR5jAFiZXEFvZ4/uNPjfAHQFXDl5KE4VCBr9HL8cfaVNhNsU8CiNuaPqETdU92FmWLPJsXJRdKKqAFaVxeSyY7bFLnCZYBWY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917789; c=relaxed/simple; bh=KaaiJ18KYQmqhFkXjULw9YatzoqaSa/KaNvtu6kfjMs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=noiWCpmVV72n51H/RndmOc83307kWxe0gFVBz2sYqvE/iuxN2Mt6aN6FWi53IkkrtRgUoLUNx6yITw6by/mjr6MLLWcdWJRdIftLJeXQH73RanYPqM1zmEVcEyDgw7dABcsXL7uaWp+U+Os/o5jzAmZkpNATdgYfWGpgTeM6OoY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=FuFtG3vF; arc=none smtp.client-ip=209.85.215.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="FuFtG3vF" Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-53fbf2c42bfso2594773a12.3 for ; Sun, 25 Feb 2024 19:23:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708917787; x=1709522587; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=x3qlBSMKAox2vGn4VMLrenRBnLFBak7dDbUh01hBi3U=; b=FuFtG3vF9yCyj89jiWsuqTUVDbutNN0pUSCBBieXqOQwzE+oLIQM/9C+45KqI7CKpI VU2TONZzDnroZHpg8Hfz8nL1f2GLdjZOlSbuXthIB0dgZlqnd6Vk3Z4U+NR6bdB8XK4f nQFANA1Cy0OrM3yWq65wE0Xsank/7aDEmIcJPH+fZjVyQe/wH8o+Li+J4X4Ugw+JA7mt ODbwVx3OP8uWHs+icK8fuOzMaX75cjnOSSxGHoIUUOk0QrLIJLJ2aBnAMM7/fEDrp9Ww GgntPt6wns7KvJI19H0Wds3MLaQ+ymyPQypLxabxCc9FkbJF+ClnCSf2C7Of8k9Zbe9Q 1yDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708917787; x=1709522587; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=x3qlBSMKAox2vGn4VMLrenRBnLFBak7dDbUh01hBi3U=; b=Ptu4MGYSgSriPSJzn9eeT3FATzqJFfR+pb86E81loeip1DmdOlpGWvRgL4RXbZ7CZS 6vrflXmI75Kdm/Mmw9F4vOKtFCiqcWkDy4lLChyth8fP0/WrtOXyQcPnFmB+Nd95Dfr6 2FSKIRz3tw4+fYovtqE6hVU1JlNwbC9IYAdKO73+p9SUVu3VMv+3zXN3e+2GcmuxzTln KypEM/xZA086Pn2/+1Da3ywduWOH6eEzFWkuwwqWNifciGQCxL+VE1EGfXp0/sAmj68u WmStGlCUfg6tHLM4GBRBCmohG2PlFLEtZ5GiLj8MQBkrnSBd1bl+L6+HNS8snuP31uns idOg== X-Gm-Message-State: AOJu0YyzzZqzQNzmyEyIR3aUaWflAxQmgBqJoLYRigO9JLiN3oFOvqfU OmUF5ZBvRmjUhHoywbFAqusYXcvQiNE1isixiy/NCCaRrLW4TtAl X-Google-Smtp-Source: AGHT+IFbhWNupKrvwAGSnFWDjeSe9cZoPUsjPyOOJIkw+FEKV8BESH1SYxE56miKvnNiPQFyLoBqqw== X-Received: by 2002:a17:90a:9201:b0:29a:c886:243e with SMTP id m1-20020a17090a920100b0029ac886243emr963925pjo.39.1708917786975; Sun, 25 Feb 2024 19:23:06 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.21]) by smtp.gmail.com with ESMTPSA id fr12-20020a17090ae2cc00b0029a78f22bd2sm3262521pjb.33.2024.02.25.19.23.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Feb 2024 19:23:06 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v10 06/10] tcp: introduce dropreasons in receive path Date: Mon, 26 Feb 2024 11:22:23 +0800 Message-Id: <20240226032227.15255-7-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240226032227.15255-1-kerneljasonxing@gmail.com> References: <20240226032227.15255-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Soon later patches can use these relatively more accurate reasons to recognise and find out the cause. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v10 Link: https://lore.kernel.org/netdev/20240223193321.6549-1-kuniyu@amazon.com/ 1. nit, fix the trailing tab problem. v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ Link: https://lore.kernel.org/netdev/CANn89i+j55o_1B2SV56n=u=NHukmN_CoRib4VBzpUBVcKRjAMw@mail.gmail.com/ 1. add reviewed-by tag (David) 2. add reviewed-by tag (Eric) v7 Link: https://lore.kernel.org/all/20240219044744.99367-1-kuniyu@amazon.com/ 1. nit: nit: s/. because of/ because/ (Kuniyuki) v5: Link: https://lore.kernel.org/netdev/3a495358-4c47-4a9f-b116-5f9c8b44e5ab@kernel.org/ 1. Use new name (TCP_ABORT_ON_DATA) for readability (David) 2. change the title of this patch --- include/net/dropreason-core.h | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index a871f061558d..9707ab54fdd5 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -30,6 +30,7 @@ FN(TCP_AOFAILURE) \ FN(SOCKET_BACKLOG) \ FN(TCP_FLAGS) \ + FN(TCP_ABORT_ON_DATA) \ FN(TCP_ZEROWINDOW) \ FN(TCP_OLD_DATA) \ FN(TCP_OVERWINDOW) \ @@ -37,6 +38,7 @@ FN(TCP_RFC7323_PAWS) \ FN(TCP_OLD_SEQUENCE) \ FN(TCP_INVALID_SEQUENCE) \ + FN(TCP_INVALID_ACK_SEQUENCE) \ FN(TCP_RESET) \ FN(TCP_INVALID_SYN) \ FN(TCP_CLOSE) \ @@ -204,6 +206,11 @@ enum skb_drop_reason { SKB_DROP_REASON_SOCKET_BACKLOG, /** @SKB_DROP_REASON_TCP_FLAGS: TCP flags invalid */ SKB_DROP_REASON_TCP_FLAGS, + /** + * @SKB_DROP_REASON_TCP_ABORT_ON_DATA: abort on data, corresponding to + * LINUX_MIB_TCPABORTONDATA + */ + SKB_DROP_REASON_TCP_ABORT_ON_DATA, /** * @SKB_DROP_REASON_TCP_ZEROWINDOW: TCP receive window size is zero, * see LINUX_MIB_TCPZEROWINDOWDROP @@ -228,13 +235,19 @@ enum skb_drop_reason { SKB_DROP_REASON_TCP_OFOMERGE, /** * @SKB_DROP_REASON_TCP_RFC7323_PAWS: PAWS check, corresponding to - * LINUX_MIB_PAWSESTABREJECTED + * LINUX_MIB_PAWSESTABREJECTED, LINUX_MIB_PAWSACTIVEREJECTED */ SKB_DROP_REASON_TCP_RFC7323_PAWS, /** @SKB_DROP_REASON_TCP_OLD_SEQUENCE: Old SEQ field (duplicate packet) */ SKB_DROP_REASON_TCP_OLD_SEQUENCE, /** @SKB_DROP_REASON_TCP_INVALID_SEQUENCE: Not acceptable SEQ field */ SKB_DROP_REASON_TCP_INVALID_SEQUENCE, + /** + * @SKB_DROP_REASON_TCP_INVALID_ACK_SEQUENCE: Not acceptable ACK SEQ + * field because ack sequence is not in the window between snd_una + * and snd_nxt + */ + SKB_DROP_REASON_TCP_INVALID_ACK_SEQUENCE, /** @SKB_DROP_REASON_TCP_RESET: Invalid RST packet */ SKB_DROP_REASON_TCP_RESET, /** From patchwork Mon Feb 26 03:22:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13571203 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 944131B947 for ; Mon, 26 Feb 2024 03:23:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917792; cv=none; b=fohzyyzBtcHwFR/p9CdlzaDn1GtoytMapIqao4byKkSyZyP4VkR1KGRthygjsaKx+0tlYMGPeweKwd2MOXhrChtNC6XS2kVFSbol8urY0E5cp9ZFLnSNUA0ot2oulUrh+x+RT9KnyZepTsNU/zBKYJVMNOv7o9bKMjzJ9gs8d4g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917792; c=relaxed/simple; bh=IvVzRJKpHu6Y9FrWeV/oU1VDolb6oSYyI6DL7+sH+HY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=tgpLHcWwRICSJO+Peab3vuDJ/GW9tW5UHtqdyKIDJ3suH63Ju9mzJmIxUI5+m4AVJxnw829EiSkiiE1uf2fKodY73w6VS6LsccvnP/lgTYVXHmi4uItkyop1xYd6LSizfkA8zuNVOrfRIsULrStvlc1kpgsI/cgM/g5QK/PFP70= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=TgXORYXf; arc=none smtp.client-ip=209.85.216.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TgXORYXf" Received: by mail-pj1-f51.google.com with SMTP id 98e67ed59e1d1-29acdf99d5aso43071a91.2 for ; Sun, 25 Feb 2024 19:23:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708917790; x=1709522590; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VPQwmoTWvSZeHjoH5ZeiSRxpMNixM5ZS064sX1hE8hY=; b=TgXORYXfvV0agxz5VG0ARVPGjKbM9NpvrF3CV1uCUap3tuYd5hTfwjwpR3urmW7Gjd Ev2tE1Xu0hllzOCJT2CDedObRScIxku0GZ23+8vRYvhk9caIAYfLl/tOSrjeTKe0u2pM im8e0uqORKlJQjPuwRhIE95sTyYwRq3h67/RL40MDQqmbqDfM+dyIEx5LwRygcgMvRAL g+btHsvIJiS8ZLyRgZxKgVtsQgJNhedwMymdqZTPdC2+wKotQyCU1DR//6uMnaqusarB vkDQ5spkKy1+B99JIWeMoOLCrdgc6yB6dP5GFD63wfe0bDqIM2pZgia7wXJuKoPCqHrZ zdIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708917790; x=1709522590; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VPQwmoTWvSZeHjoH5ZeiSRxpMNixM5ZS064sX1hE8hY=; b=qU5QgbEZJgv0NOWGEMwiiPaP52GbVJhbg8hTROFGfjZI8x7usXsKO5KZxyDGouWF+7 t7Qe17ltf0T6H3XiNUaSApER/8Q6pOoxOCYEv8GY+MnOnXl1ZiOgtr9z2oLhS3TCUqsE 418CyKgB31/rdFlWiaGkLADdF+7NxIhLwpdU06gAPrS800RDCEuqy/32PGJKOMqVwLqJ YlNGPDCt0aV5j5x+xqIY/XqeW1c1XNiQSmy3jUB0LRaSExWilm4mAsb1HAfOTGUZEHcM EA3sT/iq8zJX22rGINPidivzYU8ecMNJfGTKR+V5ehN/nwIhcYCqBTKOwjB+UYFTipuM O3Nw== X-Gm-Message-State: AOJu0Yx9xySKqnvw1RKUmAG9Kp6S+Zb07JvXT99pUjKwRQfVgDLlLBFB xOKaTlalkVdNS+xpVPWaU/FACxa95086JkXofJtiXbaE4JofXY4p3CjPCIxMMTg= X-Google-Smtp-Source: AGHT+IEY49aBYUjN2WoZMr1iSrYKVQOOZAs1JohQM8d7mns2GrBfRPhJvbyujWOGNjrsGn5ybnjLLg== X-Received: by 2002:a17:90b:1989:b0:29a:cb25:bde9 with SMTP id mv9-20020a17090b198900b0029acb25bde9mr568113pjb.26.1708917789957; Sun, 25 Feb 2024 19:23:09 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.21]) by smtp.gmail.com with ESMTPSA id fr12-20020a17090ae2cc00b0029a78f22bd2sm3262521pjb.33.2024.02.25.19.23.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Feb 2024 19:23:09 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v10 07/10] tcp: add more specific possible drop reasons in tcp_rcv_synsent_state_process() Date: Mon, 26 Feb 2024 11:22:24 +0800 Message-Id: <20240226032227.15255-8-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240226032227.15255-1-kerneljasonxing@gmail.com> References: <20240226032227.15255-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing This patch does two things: 1) add two more new reasons 2) only change the return value(1) to various drop reason values for the future use For now, we still cannot trace those two reasons. We'll implement the full function in the subsequent patch in this series. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89i+EF77F5ZJbbkiDQgwgAqSKWtD3djUF807zQ=AswGvosQ@mail.gmail.com/ 1. add reviewed-by tag (Eric) --- net/ipv4/tcp_input.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 74c03f0a6c0c..83308cca1610 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6361,6 +6361,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, TCP_TIMEOUT_MIN, TCP_RTO_MAX); + SKB_DR_SET(reason, TCP_INVALID_ACK_SEQUENCE); goto reset_and_undo; } @@ -6369,6 +6370,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, tcp_time_stamp_ts(tp))) { NET_INC_STATS(sock_net(sk), LINUX_MIB_PAWSACTIVEREJECTED); + SKB_DR_SET(reason, TCP_RFC7323_PAWS); goto reset_and_undo; } @@ -6572,7 +6574,8 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, reset_and_undo: tcp_clear_options(&tp->rx_opt); tp->rx_opt.mss_clamp = saved_clamp; - return 1; + /* we can reuse/return @reason to its caller to handle the exception */ + return reason; } static void tcp_rcv_synrecv_state_fastopen(struct sock *sk) From patchwork Mon Feb 26 03:22:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13571204 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A00601B96E for ; Mon, 26 Feb 2024 03:23:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917796; cv=none; b=Bt4KfD6g2Wg/iIVlbQUQMJTMcK42QVieyx2pzd9aLsABdfXbKN/N2o9DbgJ6FPznLbQVp6/oGxfFEtR5+WjdXe6QYchyc3FASxXt/LC2ED+3YDyGmA+tvqqBnjnnqsYqfrDQVT6bZcLthCTOv/wGMe4EO+6Gq4Nd04iqFiJzRWs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917796; c=relaxed/simple; bh=6dJY0Cce8uN29hsDRdz4fvwunIYY2HUk8hZwLEWgNag=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=YgOIYP2nQOua6w5dj6QjDOzYsmZKkDsq7Ml9lDMqDQSwTyQTtnPjWQax705Cz3AY2zSTIdy+BVONyi5i8BiE9CmhJYsgvTfNYMDLwXX+N13A+PF81OHu6wJH4iVnhwlEzXMcd2JRu4SYntPv9CqAdKdanaiYWFKLPRYBx/yn2Vs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=A+mhvfdu; arc=none smtp.client-ip=209.85.215.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="A+mhvfdu" Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-5ce6b5e3c4eso1976659a12.2 for ; Sun, 25 Feb 2024 19:23:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708917793; x=1709522593; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DhVJxnxsjYy1CQHjwp5CWR744K7dGB0pYYdgBqOzJhk=; b=A+mhvfduNbKm+eaLvhTD8svbgB9yj1tZqINuGmzhGVe9s6Y1X4+Mojn7PL9Ejoej/k elt9KOdMIOTofRQXATQrtuSvgJnwKmVf3yjpJ+VDKEVKDmRU0huRmW5gLgl+qR8KjB7t w4P7XVYEsqF1T5DkCj++S53YoTHT+mp7YnGPFFbyiaAxQdaQr7qM1nhXlmP81dTZyxw2 ci/5qwIDaI3sq2U5YLco4ngVqHGk3j3Q8pU3l/35N6wAGadI5GMYvMkyNaLdep9tD5bW 4EuHFmkdHcIZBQSc8Z4OJXgop2oqX0YXwEQ3P4g1bGe/9Cl0je31vTolcBqL3aGKrmUE /wgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708917793; x=1709522593; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DhVJxnxsjYy1CQHjwp5CWR744K7dGB0pYYdgBqOzJhk=; b=YXJW/9JcTEm8lSFDuRmH6YQgQ4/zabTrAWNV90jmBgzivXJf8OJSW3LYjnvux8B3Uf 7zfW4HdfK+zztI+qqoTHZRWFjBy7Rgjoua3UOsRjQFpSvVmGE1FoczaRNlvff0KyVDGD V6dm0JWGLzv3FCkinjpwES7Fw/xVFLjgdw2W4EJAjZAhGngYr06KMTeToyCByXoYOLvk 8d/ALSdrq2V2qswsD3JhK9nStAoEB1mua+UOkuzJfFRMS16ZIcwsi4Qbx53OJ6xYmQY8 YQoMW21acPEfTnPq3Icn2zqAa6ZsMIPDtLxDgHtgkX8R1IpF5rHEPLvCaLxv1RVA9aHI o8jg== X-Gm-Message-State: AOJu0Yxut4GdQCoYAHg8yZlc5TLIEVLmHQblrCvvezdMRdLUseGAC+BO n9QZerHG+DJs/9mjQWJFrDq5DNRB4hkdIfIC/bB68+/BDwekSbQd X-Google-Smtp-Source: AGHT+IEEsDB+lCzO0ISkaqRynFKzr/IvgBgmxd9039hfDsdjo3KNm1QvbPaXdnwhjg6OYu8JTPCLQg== X-Received: by 2002:a05:6a20:10a0:b0:19e:9c82:b139 with SMTP id w32-20020a056a2010a000b0019e9c82b139mr3670529pze.45.1708917793071; Sun, 25 Feb 2024 19:23:13 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.21]) by smtp.gmail.com with ESMTPSA id fr12-20020a17090ae2cc00b0029a78f22bd2sm3262521pjb.33.2024.02.25.19.23.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Feb 2024 19:23:12 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v10 08/10] tcp: add dropreasons in tcp_rcv_state_process() Date: Mon, 26 Feb 2024 11:22:25 +0800 Message-Id: <20240226032227.15255-9-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240226032227.15255-1-kerneljasonxing@gmail.com> References: <20240226032227.15255-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing In this patch, I equipped this function with more dropreasons, but it still doesn't work yet, which I will do later. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/CAL+tcoCbsbM=HyXRqs2+QVrY8FSKmqYC47m87Axiyk1wk4omwQ@mail.gmail.com/ Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. nit: remove unnecessary else (David) 2. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89iJJ9XTVeC=qbSNUnOhQMAsfBfouc9qUJY7MxgQtYGmB3Q@mail.gmail.com/ 1. add reviewed-by tag (Eric) v5: Link: https://lore.kernel.org/netdev/3a495358-4c47-4a9f-b116-5f9c8b44e5ab@kernel.org/ 1. Use new name (TCP_ABORT_ON_DATA) for readability (David) --- include/net/tcp.h | 2 +- net/ipv4/tcp_input.c | 19 ++++++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index 33bf92dff0af..af2a4dcd4518 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -348,7 +348,7 @@ void tcp_wfree(struct sk_buff *skb); void tcp_write_timer_handler(struct sock *sk); void tcp_delack_timer_handler(struct sock *sk); int tcp_ioctl(struct sock *sk, int cmd, int *karg); -int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb); +enum skb_drop_reason tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb); void tcp_rcv_established(struct sock *sk, struct sk_buff *skb); void tcp_rcv_space_adjust(struct sock *sk); int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp); diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 83308cca1610..5d874817a78d 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6619,7 +6619,8 @@ static void tcp_rcv_synrecv_state_fastopen(struct sock *sk) * address independent. */ -int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) +enum skb_drop_reason +tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) { struct tcp_sock *tp = tcp_sk(sk); struct inet_connection_sock *icsk = inet_csk(sk); @@ -6635,7 +6636,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) case TCP_LISTEN: if (th->ack) - return 1; + return SKB_DROP_REASON_TCP_FLAGS; if (th->rst) { SKB_DR_SET(reason, TCP_RESET); @@ -6704,8 +6705,12 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) FLAG_NO_CHALLENGE_ACK); if ((int)reason <= 0) { - if (sk->sk_state == TCP_SYN_RECV) - return 1; /* send one RST */ + if (sk->sk_state == TCP_SYN_RECV) { + /* send one RST */ + if (!reason) + return SKB_DROP_REASON_TCP_OLD_ACK; + return -reason; + } /* accept old ack during closing */ if ((int)reason < 0) { tcp_send_challenge_ack(sk); @@ -6781,7 +6786,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) if (READ_ONCE(tp->linger2) < 0) { tcp_done(sk); NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } if (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq && after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) { @@ -6790,7 +6795,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) tcp_fastopen_active_disable(sk); tcp_done(sk); NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } tmo = tcp_fin_time(sk); @@ -6855,7 +6860,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); tcp_reset(sk, skb); - return 1; + return SKB_DROP_REASON_TCP_ABORT_ON_DATA; } } fallthrough; From patchwork Mon Feb 26 03:22:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13571205 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9EAD14AAD for ; Mon, 26 Feb 2024 03:23:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917798; cv=none; b=qiqhrhU2RNkR8UcxrYTf/iV0nw2qlyiWks/fJZxu4WsmPeD3L4MDPA7vYYl9UtPcmi5vnY8PXI+XlkF8T0mf3HLZveQcwSgUFUqdJDiZvJav0VUEOdZjVyo1+1WxxnSm/wb4MqEH3fwjYLjf8U8h3ZshQWkxwwHLJM0BYLQO6C0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917798; c=relaxed/simple; bh=zUJKASVQRhkjXina43WvHkVHnrsnpqc0yOw+Zk/3Lvc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AclI/VUSzE3hy/yJdmKkMNUTt50/KVcqc7HrSPaMmLlUrmTa6bsbqomnrnbogCgXyHTGatsVN5uyPJieNz/rGSzw5EukTJzM+fEv6by9o80CmhzWi8LG7vGr2j1P8SXHPAN03xIYxTm9AEjIwHNwcLb84WfXtE+MXmfkeGJQAZQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=KZyjUA7k; arc=none smtp.client-ip=209.85.216.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="KZyjUA7k" Received: by mail-pj1-f44.google.com with SMTP id 98e67ed59e1d1-29a2d0f69a6so1851816a91.3 for ; Sun, 25 Feb 2024 19:23:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708917796; x=1709522596; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=jqAc5pOiR2QsfttJTIYOyiLrFFIgSuUpPWR1dWccF7o=; b=KZyjUA7kG+rCuk+hftbCyhUadHyEFo8P2VDpxokzyjG2q2fd0rh46S6MFdFrzU/peG zcLHq6bgKgA4S7tBOUKZJb5VDm0xaX8KHydisyBd6DueHup4wK5aYlo3rzk4QMEHoTZW 52QyBVo/7IgsCDV5ge/lgjfoYYvdTIUIlryTIYQwIITbffivy+wR40m84g2kd05hrl4v dKNydLH/qJZX2Rq6e7eRSLhrKgPSeq5pgd5H+xGkRhTIBeccxQ2SKA6ss1GAQkHR71uS et8vY58ohWgDtvYKxzh+YFCAtNmjpPFFwpY8bLC/m/qhA/wQYaVUbeu70lkMUOiOMn8v 0Y0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708917796; x=1709522596; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jqAc5pOiR2QsfttJTIYOyiLrFFIgSuUpPWR1dWccF7o=; b=JVO+ywp9EFR3hWTFBrHnlzTfsD1lnjLVt9qHlvllaN8XHLsG6UnBme47zE2cmMKkH+ zQxRK1VFIyWHT9TQvvQTu2Z8liItBnefHkMyrqFVrcWF/blO6w5zIgiIo3g3759anrdi LbP/lS/mTycyuIzyh1F8v9kWdkKSK3hdq3cABr7N9K/WNdMNRvWtUZjAtLoA2ej/qi/X z4ALS+K3yA9Fpv/pLanx6zI5NjdZKcqnhdj5WDVfhVh64xQ4o2m9U3MweHhcefRqW27c AzxawtqXXdnn+CmuUx6wllJ+MPWWy1bQ4OgYu0vPKQQjQa6B5cudliWu8AfQUhllww7Y DQ+g== X-Gm-Message-State: AOJu0YyOYpzBiU9s7lEPx+O2aAnRZm0jaYpdxSocxkHocevYz6q9Yrxg XiN21je4vgkXqrqrj25+2d0GvILm9VH7mLSZcKnRvQbg/FziEZi/ X-Google-Smtp-Source: AGHT+IH3rdpaPstIg451VV9WKzuac3vxxfXmFcsP2C4u/6MfDCo/dU1S7gB8IwQ/xFpkZWyAiG20ZQ== X-Received: by 2002:a17:90a:4747:b0:299:7824:6a06 with SMTP id y7-20020a17090a474700b0029978246a06mr4804435pjg.8.1708917796254; Sun, 25 Feb 2024 19:23:16 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.21]) by smtp.gmail.com with ESMTPSA id fr12-20020a17090ae2cc00b0029a78f22bd2sm3262521pjb.33.2024.02.25.19.23.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Feb 2024 19:23:15 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v10 09/10] tcp: make the dropreason really work when calling tcp_rcv_state_process() Date: Mon, 26 Feb 2024 11:22:26 +0800 Message-Id: <20240226032227.15255-10-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240226032227.15255-1-kerneljasonxing@gmail.com> References: <20240226032227.15255-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing Update three callers including both ipv4 and ipv6 and let the dropreason mechanism work in reality. Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v10 Link: https://lore.kernel.org/netdev/20240223194445.7537-1-kuniyu@amazon.com/ 1. nit, fix the indendation problem (Kuniyuki) 2. add reviewed-by tag (Kuniyuki) -- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ 1. add reviewed-by tag (David) v8 Link: https://lore.kernel.org/netdev/CANn89i+Uikp=NvB7SVQpYnX-2FqJrH3hWw3sV0XpVcC55MiNUg@mail.gmail.com/ 1. add reviewed-by tag (Eric) --- include/net/tcp.h | 4 ++-- net/ipv4/tcp_ipv4.c | 3 ++- net/ipv4/tcp_minisocks.c | 10 +++++----- net/ipv6/tcp_ipv6.c | 3 ++- 4 files changed, 11 insertions(+), 9 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index af2a4dcd4518..6ae35199d3b3 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -396,8 +396,8 @@ enum tcp_tw_status tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb, struct request_sock *req, bool fastopen, bool *lost_race); -int tcp_child_process(struct sock *parent, struct sock *child, - struct sk_buff *skb); +enum skb_drop_reason tcp_child_process(struct sock *parent, struct sock *child, + struct sk_buff *skb); void tcp_enter_loss(struct sock *sk); void tcp_cwnd_reduction(struct sock *sk, int newly_acked_sacked, int newly_lost, int flag); void tcp_clear_retrans(struct tcp_sock *tp); diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 0a944e109088..c79e25549972 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1926,7 +1926,8 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) } else sock_rps_save_rxhash(sk, skb); - if (tcp_rcv_state_process(sk, skb)) { + reason = tcp_rcv_state_process(sk, skb); + if (reason) { rsk = sk; goto reset; } diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index 9e85f2a0bddd..52040b0e2616 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -911,11 +911,11 @@ EXPORT_SYMBOL(tcp_check_req); * be created. */ -int tcp_child_process(struct sock *parent, struct sock *child, - struct sk_buff *skb) +enum skb_drop_reason tcp_child_process(struct sock *parent, struct sock *child, + struct sk_buff *skb) __releases(&((child)->sk_lock.slock)) { - int ret = 0; + enum skb_drop_reason reason = SKB_NOT_DROPPED_YET; int state = child->sk_state; /* record sk_napi_id and sk_rx_queue_mapping of child. */ @@ -923,7 +923,7 @@ int tcp_child_process(struct sock *parent, struct sock *child, tcp_segs_in(tcp_sk(child), skb); if (!sock_owned_by_user(child)) { - ret = tcp_rcv_state_process(child, skb); + reason = tcp_rcv_state_process(child, skb); /* Wakeup parent, send SIGIO */ if (state == TCP_SYN_RECV && child->sk_state != state) parent->sk_data_ready(parent); @@ -937,6 +937,6 @@ int tcp_child_process(struct sock *parent, struct sock *child, bh_unlock_sock(child); sock_put(child); - return ret; + return reason; } EXPORT_SYMBOL(tcp_child_process); diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 0c180bb8187f..4f8464e04b7f 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1663,7 +1663,8 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) } else sock_rps_save_rxhash(sk, skb); - if (tcp_rcv_state_process(sk, skb)) + reason = tcp_rcv_state_process(sk, skb); + if (reason) goto reset; if (opt_skb) goto ipv6_pktoptions; From patchwork Mon Feb 26 03:22:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Xing X-Patchwork-Id: 13571206 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1B6581BC3C for ; Mon, 26 Feb 2024 03:23:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917801; cv=none; b=RbbQUleayuhH2d2jPEUMhu+lnpbfwUZrNxpFC5sdj2U751USrYCMFVUpFB/VXXA8VDAa2sXhvPdPgmSPLblMo1qrruTYFLZMwp3D4dH/7nREmcXWQWIWzFPVmZJutQ1m0qCOsY812naW3wjpjpAU24oLat4sitf4G6t1wXFiZ3Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708917801; c=relaxed/simple; bh=lKG7ICoo3tIHtUX9QPr6Kt7PsVA1d+PiVXNcrumGgzs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=TpMa9yt5KDArE8HoQndaYWVC5KIwierOowcJV6hGtrlv8q/CYI22/qJ4IO8D59p6O7UuAssJ4TchdgumR+iaVHEKUs5rbUpnOOHkb2ryKPKl1xCrRAC3VmhB/wPRoVrPhgmBFH3iIdGJA7ulsdG5LNSHvua5gv3TsFiC5jTPJ+s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=TMyvz4Gw; arc=none smtp.client-ip=209.85.216.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TMyvz4Gw" Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-299566373d4so1641276a91.1 for ; Sun, 25 Feb 2024 19:23:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708917799; x=1709522599; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=j6YQoXiiei/X+kWZ9qjQ6CLGNDjh8Uon0AD/cN0fEjU=; b=TMyvz4Gwfna7SIeSFU2bV4kwRIxPmxr3PxQsDZ621khHOWUH8ArBQ+bACH69BqB+Vm Xig3Mh0/2ZM/eAd0Z9emeBavXmeVTReDHnoz6JmVaFGdJ0yzhp3rMzJHtnZCqI4oaL4T SJNTI7cfdM8GMNp6CKkncedrDBtUENyjtieERO4CGj2jgEo3qfu9vcqOSZwCqzWJYPOl 59NRmfHgVPCZKxRiNv+gYKVLIgKvNSYKm3bfnFuTPqofvutjn6PfFtIMbS+lazWzEo4j 3yu4ZF3R5sayV3UeFtrPFnXcSj/yi/vTN6PgrEVE1SANRIWQI98+MGneS22LJQA3x13h /Mdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708917799; x=1709522599; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=j6YQoXiiei/X+kWZ9qjQ6CLGNDjh8Uon0AD/cN0fEjU=; b=I38EakNKD4V2icc2eEU5gK4ZEKrFttrbVh3KUJtsprLd+mLQ5Xior/ScGbeZHrfbbG D7pvANwf31RsD+culk2rLtJbPZWtwqUm1rDBZr5KnT3Nh9pySuMVWq6Az4l9BR79xWwt xsjuCGOGFDvX58sLSRFVjXxHK0SZAyKw04yCjJi2MuSAwFXhKTdFdWKeJMWhJUmg9gtl J6/XtyAmucek8BytMkD+wMRO6InomtxSzY+z8KGBEE3cwgz1Zj//9Fkit/7yZM8zUZX8 0+oU9mgpgt+PHS13Ss+O7/NF1H8cmHvRe/75oP2q4nkEPXtjzOKNTS8ELBvQ8Fdi348D H5ug== X-Gm-Message-State: AOJu0Yxvdvp3c2gPh9LgiDS3cbbWzON/p/t3DzzuE1kTYFjb/j/R95wo ym6hoC6U7scZTJ62YSXJZyeGZy5hW4Cllx46THokuyUOJFLwlkyN X-Google-Smtp-Source: AGHT+IEVyaBVbg7X10VONFZTYPRIjJzAAo9wwEje7Wl7FqZnPPGDmRVxEf4TuHcUaYnsF3Odv+RIcw== X-Received: by 2002:a17:90a:f3c3:b0:299:365a:3db0 with SMTP id ha3-20020a17090af3c300b00299365a3db0mr3392629pjb.5.1708917799505; Sun, 25 Feb 2024 19:23:19 -0800 (PST) Received: from KERNELXING-MB0.tencent.com ([43.132.141.21]) by smtp.gmail.com with ESMTPSA id fr12-20020a17090ae2cc00b0029a78f22bd2sm3262521pjb.33.2024.02.25.19.23.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Feb 2024 19:23:18 -0800 (PST) From: Jason Xing To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, kuniyu@amazon.com Cc: netdev@vger.kernel.org, kerneljasonxing@gmail.com, Jason Xing Subject: [PATCH net-next v10 10/10] tcp: make dropreason in tcp_child_process() work Date: Mon, 26 Feb 2024 11:22:27 +0800 Message-Id: <20240226032227.15255-11-kerneljasonxing@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240226032227.15255-1-kerneljasonxing@gmail.com> References: <20240226032227.15255-1-kerneljasonxing@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Jason Xing It's time to let it work right now. We've already prepared for this:) Signed-off-by: Jason Xing Reviewed-by: Eric Dumazet Reviewed-by: David Ahern Reviewed-by: Kuniyuki Iwashima --- v9 Link: https://lore.kernel.org/netdev/c5640fc4-16dc-4058-97c6-bd84bae4fda1@kernel.org/ Link: https://lore.kernel.org/netdev/CANn89iKE2vYz_6sYd=u3HbqdgiU0BWhdMY9-ivs0Rcht+X+Rfg@mail.gmail.com/ 1. add reviewed-by tag (David) 2. add reviewed-by tag (Eric) v8 Link: https://lore.kernel.org/netdev/CANn89i+huvL_Zidru_sNHbjwgM7==-q49+mgJq7vZPRgH6DgKg@mail.gmail.com/ Link: https://lore.kernel.org/netdev/CANn89iKmaZZSnk5+CCtSH43jeUgRWNQPV4cjc0vpWNT7nHnQQg@mail.gmail.com/ 1. squash v7 patch [11/11] into the current patch. 2. refine the rcv codes. (Eric) v7 Link: https://lore.kernel.org/all/20240219043815.98410-1-kuniyu@amazon.com/ 1. adjust the related part of code only since patch [04/11] is changed. --- net/ipv4/tcp_ipv4.c | 12 +++++++----- net/ipv6/tcp_ipv6.c | 16 ++++++++++------ 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index c79e25549972..a22ee5838751 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1907,7 +1907,6 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; } - reason = SKB_DROP_REASON_NOT_SPECIFIED; if (tcp_checksum_complete(skb)) goto csum_err; @@ -1917,7 +1916,8 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) if (!nsk) return 0; if (nsk != sk) { - if (tcp_child_process(sk, nsk, skb)) { + reason = tcp_child_process(sk, nsk, skb); + if (reason) { rsk = nsk; goto reset; } @@ -2276,10 +2276,12 @@ int tcp_v4_rcv(struct sk_buff *skb) if (nsk == sk) { reqsk_put(req); tcp_v4_restore_cb(skb); - } else if (tcp_child_process(sk, nsk, skb)) { - tcp_v4_send_reset(nsk, skb); - goto discard_and_relse; } else { + drop_reason = tcp_child_process(sk, nsk, skb); + if (drop_reason) { + tcp_v4_send_reset(nsk, skb); + goto discard_and_relse; + } sock_put(sk); return 0; } diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 4f8464e04b7f..f677f0fa5196 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1623,7 +1623,6 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) if (np->rxopt.all) opt_skb = skb_clone_and_charge_r(skb, sk); - reason = SKB_DROP_REASON_NOT_SPECIFIED; if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ struct dst_entry *dst; @@ -1654,8 +1653,11 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) struct sock *nsk = tcp_v6_cookie_check(sk, skb); if (nsk != sk) { - if (nsk && tcp_child_process(sk, nsk, skb)) - goto reset; + if (nsk) { + reason = tcp_child_process(sk, nsk, skb); + if (reason) + goto reset; + } if (opt_skb) __kfree_skb(opt_skb); return 0; @@ -1854,10 +1856,12 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb) if (nsk == sk) { reqsk_put(req); tcp_v6_restore_cb(skb); - } else if (tcp_child_process(sk, nsk, skb)) { - tcp_v6_send_reset(nsk, skb); - goto discard_and_relse; } else { + drop_reason = tcp_child_process(sk, nsk, skb); + if (drop_reason) { + tcp_v6_send_reset(nsk, skb); + goto discard_and_relse; + } sock_put(sk); return 0; }