From patchwork Sat Mar 29 16:26:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 14032736 X-Patchwork-Delegate: matthieu.baerts@tessares.net Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4FF723987D for ; Sat, 29 Mar 2025 16:26:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743265590; cv=none; b=NZ2OMQ7Z/F4jW8xAA45+ZDxDK+rQ8gyRrqj5eK7TzZHttV5ZQIMcuR01/Nt39l5wRXxT8TkjPv+eoe0Rx2J4u1TK4D8XHzIIZ/u36AcbMHU1xCOkkVcAKaw6H2PlKJ17OHpQRykbmY7/Qfy3n4RlREXv7KGIYOSEVDChzNnYxvE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743265590; c=relaxed/simple; bh=Hgx3dp8lBqd439Pi5SzxBD/40UAHe+cPmNaCfU9dsMA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Wdyano3oFB08M54llxeGt+36L7lqwh59KfY70MZxrgBjKLqwjSG862cIgBhHK/VsYUclcMopp01qceIH/cJcjpHUjaPwr5Ih+/LyKq64HQP5Os0YXvc++u8HskCrzFP3zRmtZHYODLrY3skLPs5GO8svKCwrbyfsOTTKJycr27U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=dMMreG6D; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="dMMreG6D" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2E0EFC4CEE9; Sat, 29 Mar 2025 16:26:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1743265589; bh=Hgx3dp8lBqd439Pi5SzxBD/40UAHe+cPmNaCfU9dsMA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=dMMreG6DwiigaGN412Z9uQkmIljU7+3jz5jm0NQz5GYH4/iaEyFR8PhW69HE0GV0Q d3AqIM41ZnP0osV8hMQLaIzI/QsLa8rWLg7UAOwZL4tM5vI/AGH+Oz6z2VwcTFPHeQ 9cHLC35XkNzrDf8eb7w0E1VERkMp5vjxad5+vjjTuNG2ERu/uEZ5PPBxhGdTfBzAWg n9+0kfi9NvHHhl7n3t9Kn8MAHEN9FIJYL7whCYDGVqlpY6BJnWzx1uLEdo8dF3h44b oyYPVAAnpou+0vToL77HTBzg9ZcFZJWUo+5OUUM+DkIbZs+XNbFu1bTwlUkQzDt78Q t6qaxkuIq1Ggg== From: "Matthieu Baerts (NGI0)" Date: Sat, 29 Mar 2025 17:26:14 +0100 Subject: [PATCH mptcp-next 1/5] mptcp: only inc MPJoinAckHMacFailure for HMAC failures Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250329-mptcp-mpj-reject-v1-1-2396d5666e8f@kernel.org> References: <20250329-mptcp-mpj-reject-v1-0-2396d5666e8f@kernel.org> In-Reply-To: <20250329-mptcp-mpj-reject-v1-0-2396d5666e8f@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1577; i=matttbe@kernel.org; h=from:subject:message-id; bh=Hgx3dp8lBqd439Pi5SzxBD/40UAHe+cPmNaCfU9dsMA=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBn6B8zjWhJ8IJmfanDfgcasiUOtS3GqzY+biAbL MA9EKdyfcaJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ+gfMwAKCRD2t4JPQmmg cxFOD/4vAwDvpmqKxcVSwgvNYwrt0OopjB3nlcMeU5u3IxIXbkfxnhpM0907hNhYIGXjZkLm3wi 25KL4jyQgNU191uFVvJr1Ds3hxZAHD508ClCOPK6DbrCIpiQVt1qfr3dAWfiwZogDxejUGOqqG8 pvyBo1kkcOXUkXjgKfr/I5U/BtBSYd0zpqrizw7eHbu1epW4S22zAlpzCEWxQXbP/OnYd9oRLfC wRRqnD/iYTeIG6K41b9aLEvVB8dWpmrGqVW2iGEJL/gLLwXyK6YQ3pvZZNouGzuGQGsczoTGI8/ iQ3ss4T7kLF3JNzoKkcx+XzXi7I2txt7oiDHimxKXDs9qN0YmNytVk7brZlegqyfgA6sOr52nU3 ruv0zO21N+nQgRFqIrfXrpUpIMq/rIp3Pn/9owZrO0xdwVQ37biWYHQxtzpyfZGQIgWJ28X4Dad HK6+2qF3d3dffzrYSrx5IRL+rqeN3sTBPDqnWVNNZ4WKIaPeAjj6ZpwuqAIjZR8aQg2Id91zmsi mUkEGhXgMNbp5EuR93tXsrzpctAxw2bJDtY3IFPis8Vgimusmddi5nY8QMX5Q8tntf86908FD5q 1hcPfiuQQG+Q3meuimKYKEbSgozkvkTLZ9ANIDRwWVQDspjMRPfuo6CKKqSjpmw6JUvReyHXSIm wHievl4M3xE7AzQ== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 Recently, during a debugging session using local MPTCP connections, I noticed MPJoinAckHMacFailure was not zero on the server side. The counter was in fact incremented when the PM rejected new subflows, because the 'subflow' limit was reached. The fix is easy, simply dissociating the two cases: only the HMAC validation check should increase MPTCP_MIB_JOINACKMAC counter. Fixes: 4cf8b7e48a09 ("subflow: introduce and use mptcp_can_accept_new_subflow()") Signed-off-by: Matthieu Baerts (NGI0) --- Note: this is a fix for mptcp-net --- net/mptcp/subflow.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 409bd415ef1d190d5599658d01323ad8c8a9be93..24c2de1891bdf31dfe04ef2077113563aad0e666 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -899,13 +899,17 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, goto dispose_child; } - if (!subflow_hmac_valid(req, &mp_opt) || - !mptcp_can_accept_new_subflow(subflow_req->msk)) { + if (!subflow_hmac_valid(req, &mp_opt)) { SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINACKMAC); subflow_add_reset_reason(skb, MPTCP_RST_EPROHIBIT); goto dispose_child; } + if (!mptcp_can_accept_new_subflow(owner)) { + subflow_add_reset_reason(skb, MPTCP_RST_EPROHIBIT); + goto dispose_child; + } + /* move the msk reference ownership to the subflow */ subflow_req->msk = NULL; ctx->conn = (struct sock *)owner; From patchwork Sat Mar 29 16:26:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 14032737 X-Patchwork-Delegate: matthieu.baerts@tessares.net Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2A35B3987D for ; Sat, 29 Mar 2025 16:26:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743265591; cv=none; b=OkPXiqgaCZT5QHw//OVgw36HUxxDELh6oQIf+VvD6sTjV/VN16CxH/XQitqIfygbji4PJKcURhkjouvOLgL5TlgtJTL9jRPEGt9NSJ1FaN5/cFHUa0L6Ke0El8hC9SJF+dZRc/eGxcooTnRJSqslA6oHwr+pJ+slblCBQJn2298= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743265591; c=relaxed/simple; bh=BP4qsoRF3UobaCULZhwLBej801ppnrA6ETy3pL7x/LI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=iGT0mjPoZyO3En8OsrQFAdfMJj71M2mx/EytQ0fB2Whw9bO9mYRwFU8TobQdi5Tau1ZB9K0rMs+1vFsF6k8CRWninEMUX1MgSMakuphgiBMnYg3GMADUV3TYs3WS+L5M4h9Zq+gjOJasYv7QMdZJdurNd0PIzijDOXhPg0V1Pb4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ATRGlPmY; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ATRGlPmY" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 28DC2C4CEEA; Sat, 29 Mar 2025 16:26:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1743265590; bh=BP4qsoRF3UobaCULZhwLBej801ppnrA6ETy3pL7x/LI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ATRGlPmYXayEI/lCTbmx+33jjARgtG92kzgvUOkpOgRzqXX3/hEg6BP5QW+DjMdH6 nLfV8jq+3M6mjkkPEpyM8oxxQBBws1Lx3JhVWEOqKueBm1NrbapOA3zgtrkWJN9g3A HDoyjLsFHkALvNfI4ldy8ZhAvNT5I84MjhwXTrK2LtnkYYynhrG97NDLGYHNt9WTG1 wHS7pGmdV55iHtKZFeiwp7304UWtepjnWGd4wUjkI5ApBFXREHZSO3usr/qIOcvvqa iezND1VPybGUVQ9dYPTtnY4QAbzdWqWb9AiuNqUHEahV9srbIzBk/z65q20Ln/7tu8 R5CnQYCW6wrcQ== From: "Matthieu Baerts (NGI0)" Date: Sat, 29 Mar 2025 17:26:15 +0100 Subject: [PATCH mptcp-next 2/5] selftests: mptcp: validate MPJoin HMacFailure counters Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250329-mptcp-mpj-reject-v1-2-2396d5666e8f@kernel.org> References: <20250329-mptcp-mpj-reject-v1-0-2396d5666e8f@kernel.org> In-Reply-To: <20250329-mptcp-mpj-reject-v1-0-2396d5666e8f@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1804; i=matttbe@kernel.org; h=from:subject:message-id; bh=BP4qsoRF3UobaCULZhwLBej801ppnrA6ETy3pL7x/LI=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBn6B8zeN9C64I9AcWRN4Cx2TVmwauUJASNd5WXE ifdaz61kymJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ+gfMwAKCRD2t4JPQmmg c3tgD/sGFV0A29EBqB8wPbv9V++cbzfgDh2rhvwP1HfkXYheu2pCDXEX6fXqe4b7BhTyFfgIQVR 4fjc5+znPWa3LlOiOtXIDOmgq1GKdyPwV9PssRJpvnYwjuJfyDFxiQNtnfDkP1LN9kw8LyZL+J/ Df3NPLstoZJjTPcfQGZ1B1ebr64rURa0IAANXd3TtiSYbyTkw1a5OrKJkuQBi7dUOxPWfpO8NIb DlgAJkoW8W/JEkoPU1aTho4Dap8Bq+TIpxqVKrGiwo09pqSUtxQtzwWuA6HgVslzPrIJtS3KVaO 0Xki89WaZ5oQe5OiAxD7wTLDUasycarBC3iHaZqJT023aX01ws/ByQYuagKyR48r2ndCU64G0Uf AAvtVtSqyi0OUE6VctCp0aOTFiCeGymaTM9WVXbjvaF++nBjzECALLk1c7Hw5BDn6WdaMVX/m9/ I7q/MtBQFt9/3Sl6FSb/DS8M37v/h+mD8UpyO6EgaMSj96XRha827l3ayM01d8Zw0JiVyc3npwl KR/+ZLwvGjVregF8kmrEYD8NncCyNNSp6XppOBi1hlmOS6QgJwd+s2+fr5RPE275CWZHoOTnqWK an+aps9GZKZzcbCo30mJJE3CWWN8iiqaNHhpcTH16yBEkUEPsfXKhnXUVGXYfZst1xr2IaBOjG9 MR1XKNBG1pXXxiA== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 The parent commit fixes an issue around these counters where one of them -- MPJoinAckHMacFailure -- was wrongly incremented in some cases. This makes sure the counter is always 0. It should be incremented only in case of corruption, or a wrong implementation, which should not be the case in these selftests. Signed-off-by: Matthieu Baerts (NGI0) --- Note: this can go to mptcp-net as well, with the parent patch. --- tools/testing/selftests/net/mptcp/mptcp_join.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 13a3b68181ee14eb628a858e5738094c3c936b74..5060b7e24f94550246c2b1f0465dcaf42b869313 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -1441,6 +1441,15 @@ chk_join_nr() fi fi + count=$(mptcp_lib_get_counter ${ns2} "MPTcpExtMPJoinSynAckHMacFailure") + if [ -z "$count" ]; then + rc=${KSFT_SKIP} + elif [ "$count" != "0" ]; then + rc=${KSFT_FAIL} + print_check "ack HMAC" + fail_test "got $count JOIN[s] synack HMAC failure expected 0" + fi + count=$(mptcp_lib_get_counter ${ns1} "MPTcpExtMPJoinAckRx") if [ -z "$count" ]; then rc=${KSFT_SKIP} @@ -1450,6 +1459,15 @@ chk_join_nr() fail_test "got $count JOIN[s] ack rx expected $ack_nr" fi + count=$(mptcp_lib_get_counter ${ns1} "MPTcpExtMPJoinAckHMacFailure") + if [ -z "$count" ]; then + rc=${KSFT_SKIP} + elif [ "$count" != "0" ]; then + rc=${KSFT_FAIL} + print_check "synack HMAC" + fail_test "got $count JOIN[s] ack HMAC failure expected 0" + fi + print_results "join Rx" ${rc} join_syn_tx="${join_syn_tx:-${syn_nr}}" \ From patchwork Sat Mar 29 16:26:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 14032738 X-Patchwork-Delegate: matthieu.baerts@tessares.net Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2056C3987D for ; Sat, 29 Mar 2025 16:26:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743265592; cv=none; b=YU0dbiGIxDgnMXsUGpCnEPunXNfUwWiexKS2BVSSwqqx2w+VyoSxeIDMaIydvszoPdDFLzlYrfS0ZsOOAyUp02sc8ir9iUCTeX24sA9I6hwowQa8M4MErGkLSKEjFrJL317jcikJoqDP1Q3jsy76MXAm1UesvBleBsW2+Hw2kT0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743265592; c=relaxed/simple; bh=do7LBD/99VdQmTCPp+WjqU2P8s4k6TTlS3y0ykxOkfE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=R+TtIzHvBfBMLdpb9EwpaYdeEE3Vjyree02L52uOTT5Cx/ANIOvC3R+qQay8A/elD2RoN4y4NokS/EHNxLllBfbt94CXJaO8D9ZrcKGJfTOPcbRrTxdeA9n8VMZ23Q43qGp8Btg+bkuOncaDDmBWHmyhm+6C13Fqv09VWtUaNmk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=SBWl9uJE; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="SBWl9uJE" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 20249C4CEE9; Sat, 29 Mar 2025 16:26:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1743265591; bh=do7LBD/99VdQmTCPp+WjqU2P8s4k6TTlS3y0ykxOkfE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=SBWl9uJEZ9iOuoE0siKw2Yjf4cU+t+jrweQNZC4JL+NgwbgFp9X8rFe7O/yQW7yee 9TlSiqt1fEMMV4HsnyB4zD1fJv1fQhNg3NcUdwVA03Dle+iZj7V1U+5LYOCx+FRDny yT4QeIVhSan3ASgadk2cW7opaikR7nwOOX7F9RFby5QwH8NlDFzxj6RJgO0Bt+zDL1 X7O9GWM9H0IbM09rOl+7QRxUtH1RloRK3V6oJGxXtO3mMQQqhqHoHPgTQkpBC0jPsW SUnTC5SPfcbRMcmsQ4OG5zFpkiKBQRMfbJvvKC6TiYo5Vq6fZkOGEuc0q/rrDk3Rb1 7nmxGwFpDgivg== From: "Matthieu Baerts (NGI0)" Date: Sat, 29 Mar 2025 17:26:16 +0100 Subject: [PATCH mptcp-next 3/5] mptcp: pass right struct to subflow_hmac_valid Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250329-mptcp-mpj-reject-v1-3-2396d5666e8f@kernel.org> References: <20250329-mptcp-mpj-reject-v1-0-2396d5666e8f@kernel.org> In-Reply-To: <20250329-mptcp-mpj-reject-v1-0-2396d5666e8f@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1710; i=matttbe@kernel.org; h=from:subject:message-id; bh=do7LBD/99VdQmTCPp+WjqU2P8s4k6TTlS3y0ykxOkfE=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBn6B8zaDbS1E8D+IIVQXFNq4qtCf8uqJzQ7yg5P YzsiC5ORiKJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ+gfMwAKCRD2t4JPQmmg c09HEACiBirzexAFVvMJMsJxj4dvXAVKd23bk9SCzaKvEw1zSAH1UF18b1t5R6vMmXGCPmoPSYv zIJ8yZXsdXIGj5fPN3I6SDOOEvad8qLn9Zch4xjgJ/Lp9ACmMiKaSoZMMGFwHFb7lyoMfxu321j xuRwbnd4TEMCT+QVyGVlx3syxHo/NoshEmSRryw0il8GLsgOxv3PrKL93/3ertkP5et/LS3NN6e xsmmrLnizJduB3FS0qnauDKT1qCe6I8Xl27J6IbmHgwT0XMOcaLbroHEf6m5yYM+4YzIukH2pGg 6DvN7Qbn8YAVCn6DEv6hZ8I9siHoUarvy9e/QnLfNXi2/KrLyU5s36L2foiAAnq8eNJOhGY/7hb X4e9QjMvl8yH5y3wlWYSocLHbk196Y1grRakovLEBtOkLSyeJvHyTYQScG7UykAmd2YzgXLS9n/ lWrSSBiTRz8GSj254Cl/fZaY2SGfssJOiC0MBTZjHkGSezDHEy8MJK6UfTyj8BxSrN+t02rZzi1 VP5i0lTlQcpmgeFFmCmwIdsdRzols18m7qw21ITK3HhdqbT3Mv5Q0O6rNustumYMddntSicqtCo iAhw9ZB8IMZJuGabev8T/b4n8/cXrYCORWj299jYu5qUfp38hDqaDKry4sJdfIcQJMxLEHQ9Z91 R0upYMtRb+VlOWg== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 subflow_hmac_valid() needs to access the MPTCP socket and the subflow request, but not the request sock that is passed in argument. Instead, the subflow request can be directly passed to avoid getting it via an additional cast. Signed-off-by: Matthieu Baerts (NGI0) --- net/mptcp/subflow.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 24c2de1891bdf31dfe04ef2077113563aad0e666..e7951786a97c91190c7341d2c586a1f4acc05ed5 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -745,15 +745,11 @@ struct request_sock *mptcp_subflow_reqsk_alloc(const struct request_sock_ops *op EXPORT_SYMBOL(mptcp_subflow_reqsk_alloc); /* validate hmac received in third ACK */ -static bool subflow_hmac_valid(const struct request_sock *req, +static bool subflow_hmac_valid(const struct mptcp_subflow_request_sock *subflow_req, const struct mptcp_options_received *mp_opt) { - const struct mptcp_subflow_request_sock *subflow_req; + struct mptcp_sock *msk = subflow_req->msk; u8 hmac[SHA256_DIGEST_SIZE]; - struct mptcp_sock *msk; - - subflow_req = mptcp_subflow_rsk(req); - msk = subflow_req->msk; subflow_generate_hmac(READ_ONCE(msk->remote_key), READ_ONCE(msk->local_key), @@ -899,7 +895,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, goto dispose_child; } - if (!subflow_hmac_valid(req, &mp_opt)) { + if (!subflow_hmac_valid(subflow_req, &mp_opt)) { SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINACKMAC); subflow_add_reset_reason(skb, MPTCP_RST_EPROHIBIT); goto dispose_child; From patchwork Sat Mar 29 16:26:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 14032739 X-Patchwork-Delegate: matthieu.baerts@tessares.net Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 196763987D for ; Sat, 29 Mar 2025 16:26:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743265593; cv=none; b=b3hqalW9SK06nWeDVxASVAf2xWL952bhb2bACrORR5TA4D5HnoiJq1hXHPC9OzlnaLAArXrY+BUYj9KAGkqt3N3FuD7HEViOW9iHe+V1Fd+wuFlXtWhblE5yzlI20Ovb9cHFMucnJ4RDANm+9nzEMO+wBUC+BnVJZ4szQs+x9c0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743265593; c=relaxed/simple; bh=tEsxrMw9vWVwnA/jXpM4EOEjKZ9Nyga2j1J7QMj/caY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=gHHq4J+uZPB0LHCkIbSjlaUyAHTv68/tuSyP8t1L8Q0aTAi0h8nswWvrx2KfCZevXbmYk4qWLRJzLV1WnWcgi51BvAXYocqttBt//PYQE3SB8UJpK433uVu5bQxBcmndbjMKsyxgFx4aTnj2L6/ufCJ+Z7oCvpiohXNdx5yr0tQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=GE8iN0Bb; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="GE8iN0Bb" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 18A9BC4CEE2; Sat, 29 Mar 2025 16:26:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1743265592; bh=tEsxrMw9vWVwnA/jXpM4EOEjKZ9Nyga2j1J7QMj/caY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=GE8iN0BbD7D8s/mQxOP08hfV7Pao9+CtlBQnWolbLggLxG6Qwp/YZ7KwBQUmfPPZk r9aCJ/lAXWa8iHzg92FUfA47ITWaqD6hV9//zg5pQB0K+gTj7ifLOUjG2yOTx5ZlhQ QyZq+ode/njUJWBDLYJCmYUjd5zhdp+cg9VSHcBX4CS6MDMps9SixL3lk/wGY/P/9U nAaecCyaZQG4vRLXShxcFm28RneMsPritQZAlL1UZxgiV+8e5jUwC1dtNhxLNfvUo6 XvT/PvqhQYcsAFjWK/kBcI2P+PJ2kuO+nps66+9RGWQ9PaM27A4++z+8qByleV5W1V BiitNp+w0n5Lw== From: "Matthieu Baerts (NGI0)" Date: Sat, 29 Mar 2025 17:26:17 +0100 Subject: [PATCH mptcp-next 4/5] mptcp: add MPJoinRejected MIB counter Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250329-mptcp-mpj-reject-v1-4-2396d5666e8f@kernel.org> References: <20250329-mptcp-mpj-reject-v1-0-2396d5666e8f@kernel.org> In-Reply-To: <20250329-mptcp-mpj-reject-v1-0-2396d5666e8f@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3301; i=matttbe@kernel.org; h=from:subject:message-id; bh=tEsxrMw9vWVwnA/jXpM4EOEjKZ9Nyga2j1J7QMj/caY=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBn6B8zA7vddrpsqr40KQ98ODkA2wziim/r1Fr2F ikuG2/BMqiJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ+gfMwAKCRD2t4JPQmmg c4EpD/4tX5d1nmvrVTiRFBjysRvABDyxZGEJ3B7EoLpjrT1v0CQt9PH4Lru48n+V3/yv+HzYEem +IkvNSmekDdaJ2XmbN2lGbAUZbmq+CRPxum9LWatfkbeuBrnDyxR26oVE0jE4ZBG4H2XZ6nnhxS qyGFD1c7pwuyqreHlUdq8M/YmwWjNxgHtYTVJ3/8NT6kwShdGwaxhQkE/6akmmg7YA1wmHc/BpG JygAU+ItnHy9OVn4jbs0hIHb1fq6XQl8+ux5oSxIim+wc9/EENX4NaUCCWsms2FGicejN4p1jTl K+zSq+4Evgf66A0nDAJCGnCoa9QfFE3rHXjJeSpcct1XFnvEQL//iiV9Ccn5XQr6UNiQoJFgh/k awVC5peVay2BQQaJfcyAHUr/40VpEJOk3Nkj26rbPvjjNT5FYpFKM+wtvwZ+JELEhf9guX15LdZ K/AuZVGCDPrtmabRvbDcx0x0Ch7GL+Wr/pznjluH56Ro/wYrTnSmENKmjAL00svwz/7ccHOXrc7 yuPH4aSQi6FzhuA3sQU/dGnPdFC4ZdggVbOZSFaalXuuYD0lrJSvuCJOPn5RllbvpA8jdncDwbj N7PwGxuIZeq/ob/AXjG0hn4/phr8b82fiBK7uOfRCFS7SdEQ60L1RBJhGJt/l8aG68ompsPhnMa VEZXfxfTgj4Fq4w== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 This counter is useful to understand why some paths are rejected, and not created as expected. It is incremented when receiving a connection request, if the PM didn't allow the creation of new subflows. Signed-off-by: Matthieu Baerts (NGI0) --- net/mptcp/mib.c | 1 + net/mptcp/mib.h | 1 + net/mptcp/protocol.c | 4 +++- net/mptcp/subflow.c | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/net/mptcp/mib.c b/net/mptcp/mib.c index 19eb9292bd6093a760b41f98c1774fd2490c48e3..0c24545f0e8df95b3475bfccc7a2f2ce440f7ad2 100644 --- a/net/mptcp/mib.c +++ b/net/mptcp/mib.c @@ -28,6 +28,7 @@ static const struct snmp_mib mptcp_snmp_list[] = { SNMP_MIB_ITEM("MPJoinSynAckHMacFailure", MPTCP_MIB_JOINSYNACKMAC), SNMP_MIB_ITEM("MPJoinAckRx", MPTCP_MIB_JOINACKRX), SNMP_MIB_ITEM("MPJoinAckHMacFailure", MPTCP_MIB_JOINACKMAC), + SNMP_MIB_ITEM("MPJoinRejected", MPTCP_MIB_JOINREJECTED), SNMP_MIB_ITEM("MPJoinSynTx", MPTCP_MIB_JOINSYNTX), SNMP_MIB_ITEM("MPJoinSynTxCreatSkErr", MPTCP_MIB_JOINSYNTXCREATSKERR), SNMP_MIB_ITEM("MPJoinSynTxBindErr", MPTCP_MIB_JOINSYNTXBINDERR), diff --git a/net/mptcp/mib.h b/net/mptcp/mib.h index 128282982843a07614a46f9b2c2f7c708306c769..250c6b77977e8f846b5741304f7841a922f51967 100644 --- a/net/mptcp/mib.h +++ b/net/mptcp/mib.h @@ -23,6 +23,7 @@ enum linux_mptcp_mib_field { MPTCP_MIB_JOINSYNACKMAC, /* HMAC was wrong on SYN/ACK + MP_JOIN */ MPTCP_MIB_JOINACKRX, /* Received an ACK + MP_JOIN */ MPTCP_MIB_JOINACKMAC, /* HMAC was wrong on ACK + MP_JOIN */ + MPTCP_MIB_JOINREJECTED, /* The PM rejected the JOIN request */ MPTCP_MIB_JOINSYNTX, /* Sending a SYN + MP_JOIN */ MPTCP_MIB_JOINSYNTXCREATSKERR, /* Not able to create a socket when sending a SYN + MP_JOIN */ MPTCP_MIB_JOINSYNTXBINDERR, /* Not able to bind() the address when sending a SYN + MP_JOIN */ diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 9042a86e003036f8eb9680bc6c520fb57d92dbd0..8ba1a4f225bd2014ebdc973e752702028ee5f31a 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3527,8 +3527,10 @@ bool mptcp_finish_join(struct sock *ssk) return true; } - if (!mptcp_pm_allow_new_subflow(msk)) + if (!mptcp_pm_allow_new_subflow(msk)) { + MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_JOINREJECTED); goto err_prohibited; + } /* If we can't acquire msk socket lock here, let the release callback * handle it diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index e7951786a97c91190c7341d2c586a1f4acc05ed5..15613d691bfef6800268ae75b62508736865f44a 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -247,6 +247,7 @@ static int subflow_check_req(struct request_sock *req, if (unlikely(req->syncookie)) { if (!mptcp_can_accept_new_subflow(subflow_req->msk)) { + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINREJECTED); subflow_add_reset_reason(skb, MPTCP_RST_EPROHIBIT); return -EPERM; } @@ -902,6 +903,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, } if (!mptcp_can_accept_new_subflow(owner)) { + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINREJECTED); subflow_add_reset_reason(skb, MPTCP_RST_EPROHIBIT); goto dispose_child; } From patchwork Sat Mar 29 16:26:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 14032740 X-Patchwork-Delegate: matthieu.baerts@tessares.net Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 11AF23987D for ; Sat, 29 Mar 2025 16:26:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743265594; cv=none; b=TcZ6RY5FhURIGH8cEsbnKufUF5S+MeR91zhQFxewcY2I/aTIXs/SbKwvvPB0FMBoTOh7D7MenunvWEXZozu60MNCg1kzE0sWiwLQAb/W+ZZ1ZZgucjck4a09ygF8uc3WyZo50WgFgdrqA1/dlRfeZ+2LrVjh6xWuN4UZ+lWbPzE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743265594; c=relaxed/simple; bh=yeMaqJQBmjDpT0bgiEiAjJ9kHyXMiTOgWbynbyGyXjk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=goPdnqF/unNdt/gG3SGGVw1U5DVkEzsz+8sanHaDM8sGNFDoS4BkzIWlART74pf8z+NVRSm4ZHVpk2nXMxLt8x1z9dacGNIhA7VKYfoqihqcdvGfDpveoX2MJuqeoSc/fMvQjpOGiNtjquhfdiKlYyzji1VUVUoH3W8MfoiQ738= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qmfjmQcB; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qmfjmQcB" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 107C7C4CEE9; Sat, 29 Mar 2025 16:26:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1743265593; bh=yeMaqJQBmjDpT0bgiEiAjJ9kHyXMiTOgWbynbyGyXjk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qmfjmQcBEl9u7JVYofnQziwJLxfZtpZhhQPxH25ogBNA7f4WyAoPMzF8b6rkdlKC/ jPGK2pONIkxJcHXnO6v74f8NxJ1AZ+oipvcQuXZqbSuzjml4DYKsusW01IOJKZe5RV s+5hSf3Dsa2ieq++pFKbWVLuGsN5e+CqBomzlzcReieZQJULiED9ZL9/VwCo6vDSc2 kNZWLBzAIdOslWp5xpt7pzKyqgr6ygqUYqoDey19AonLUSuN0Xv2HJXAUGRcmCKJ79 KD0JgZceUUM2f/vJ/nEJE/ngQgE75LuFWkSiEvltu7xs/GbGaOUWqZ3iyHSyNqrkoD qZGRih8XQWNwQ== From: "Matthieu Baerts (NGI0)" Date: Sat, 29 Mar 2025 17:26:18 +0100 Subject: [PATCH mptcp-next 5/5] selftests: mptcp: validate MPJoinRejected counter Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250329-mptcp-mpj-reject-v1-5-2396d5666e8f@kernel.org> References: <20250329-mptcp-mpj-reject-v1-0-2396d5666e8f@kernel.org> In-Reply-To: <20250329-mptcp-mpj-reject-v1-0-2396d5666e8f@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3347; i=matttbe@kernel.org; h=from:subject:message-id; bh=yeMaqJQBmjDpT0bgiEiAjJ9kHyXMiTOgWbynbyGyXjk=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBn6B8z7iGKhgw7WS/OQ+29Erf2Sg1/ZogHSHu+O yyGchsWEzaJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ+gfMwAKCRD2t4JPQmmg c/qAD/wJPum7gP6qbk7dAvoEgFGAS4Ba9y/AtLgX5/Q6wO5ta5Sl89pWvjn/sOfvF0dhdDMelc1 5TGEMotCoZlvVkckt1VST2h1/tnhTieW87mFejyGzvHQrBYLMchtJDYKY2NJKHttyYG1s2s1s1n fvVMXIDfxK3JFt4I+f1LvxZqv3Nlv1T9XlhoD+cgq4ULLC9F9DRFNgknz/7N4FbxIUC/vhpR3Ty ChkKnc4FtQ1UOFCP/hi4cm3LzyIt0hwuACTYRxN+sRQfkDZXoXdXbVSaVR2+4AFM7q6EqhZgtG3 JR5KMqDR4kaonR2XNEcBo+GtdWS5lP6UPVc43c3tGtK6ZDqCQNM/mgPdvfHUHbhbZgbCRLYZ9Vp xxvMpykxYl4TTz2fsZesQqdwlU/XcvWrpZjKHMbfUjOicWBWWU3T67r3WoKRpz3a5SVY3Yd77P1 wAsrahBokROEooiV7tw8DlVr221lKIy2DzNmu2iatjaH3ZHvXuy7KesyfNfCRQvdjD0kJzRCUnc HNGqgXA9VC4MqaXJGuD2iCJckCThEXasMJIB195YDeSK3OS5DNuKqC84PGS88N1pMnrieGsgRJX TC7pekz0gCcx6q/DKp6pnPGlvcftqxKautCClZNZDZXHIYOFiOkf2tG/a5gGSnbsD5JIuovDYy3 UZDmQOXzKU8RBlA== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 The parent commit adds this new counter, incremented when receiving a connection request, if the PM didn't allow the creation of new subflows. Most of the time, it is then kept at 0, except when the PM limits cause the receiver side to reject new MPJoin connections. This is the case in the following tests: - single subflow, limited by server - multiple subflows, limited by server - subflows limited by server w cookies - userspace pm type rejects join - userspace pm type prevents mp_prio Simply set join_syn_rej=1 when checking the MPJoin counters for these tests. Signed-off-by: Matthieu Baerts (NGI0) --- tools/testing/selftests/net/mptcp/mptcp_join.sh | 26 ++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 5060b7e24f94550246c2b1f0465dcaf42b869313..7f868d68ab2867241aaad1c8739a662f232e625f 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -62,6 +62,7 @@ unset sflags unset fastclose unset fullmesh unset speed +unset join_syn_rej unset join_csum_ns1 unset join_csum_ns2 unset join_fail_nr @@ -1403,6 +1404,7 @@ chk_join_nr() local syn_nr=$1 local syn_ack_nr=$2 local ack_nr=$3 + local syn_rej=${join_syn_rej:-0} local csum_ns1=${join_csum_ns1:-0} local csum_ns2=${join_csum_ns2:-0} local fail_nr=${join_fail_nr:-0} @@ -1468,6 +1470,15 @@ chk_join_nr() fail_test "got $count JOIN[s] ack HMAC failure expected 0" fi + count=$(mptcp_lib_get_counter ${ns1} "MPTcpExtMPJoinRejected") + if [ -z "$count" ]; then + rc=${KSFT_SKIP} + elif [ "$count" != "$syn_rej" ]; then + rc=${KSFT_FAIL} + print_check "syn rejected" + fail_test "got $count JOIN[s] syn rejected expected $syn_rej" + fi + print_results "join Rx" ${rc} join_syn_tx="${join_syn_tx:-${syn_nr}}" \ @@ -1963,7 +1974,8 @@ subflows_tests() pm_nl_set_limits $ns2 0 1 pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow run_tests $ns1 $ns2 10.0.1.1 - chk_join_nr 1 1 0 + join_syn_rej=1 \ + chk_join_nr 1 1 0 fi # subflow @@ -1992,7 +2004,8 @@ subflows_tests() pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow pm_nl_add_endpoint $ns2 10.0.2.2 flags subflow run_tests $ns1 $ns2 10.0.1.1 - chk_join_nr 2 2 1 + join_syn_rej=1 \ + chk_join_nr 2 2 1 fi # single subflow, dev @@ -3061,7 +3074,8 @@ syncookies_tests() pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow pm_nl_add_endpoint $ns2 10.0.2.2 flags subflow run_tests $ns1 $ns2 10.0.1.1 - chk_join_nr 2 1 1 + join_syn_rej=1 \ + chk_join_nr 2 1 1 fi # test signal address with cookies @@ -3545,7 +3559,8 @@ userspace_tests() pm_nl_set_limits $ns2 1 1 pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow run_tests $ns1 $ns2 10.0.1.1 - chk_join_nr 1 1 0 + join_syn_rej=1 \ + chk_join_nr 1 1 0 fi # userspace pm type does not send join @@ -3568,7 +3583,8 @@ userspace_tests() pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow sflags=backup speed=slow \ run_tests $ns1 $ns2 10.0.1.1 - chk_join_nr 1 1 0 + join_syn_rej=1 \ + chk_join_nr 1 1 0 chk_prio_nr 0 0 0 0 fi