lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 2 Aug 2023 18:16:58 -0700
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
	<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
	<pabeni@...hat.com>, David Ahern <dsahern@...nel.org>
CC: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>, Kuniyuki Iwashima
	<kuniyu@...zon.com>, Kuniyuki Iwashima <kuni1840@...il.com>,
	<netdev@...r.kernel.org>
Subject: [PATCH v1 net] tcp: Enable header prediction for active open connections with MD5.

TCP socket saves the minimum required header length in tcp_header_len
of struct tcp_sock, and later the value is used in __tcp_fast_path_on()
to generate a part of TCP header in tcp_sock(sk)->pred_flags.

In tcp_rcv_established(), if the incoming packet has the same pattern
with pred_flags, we enter the fast path and skip full option parsing.

The MD5 option is parsed in tcp_v[46]_rcv(), so we need not parse it
again later in tcp_rcv_established() unless other options exist.  Thus,
MD5 should add TCPOLEN_MD5SIG_ALIGNED to tcp_header_len and avoid the
slow path.

For passive open connections with MD5, we add TCPOLEN_MD5SIG_ALIGNED
to tcp_header_len in tcp_create_openreq_child() after 3WHS.

On the other hand, we do it in tcp_connect_init() for active open
connections.  However, the value is overwritten while processing
SYN+ACK or crossed SYN in tcp_rcv_synsent_state_process().

  SYN+ACK:
  tcp_rcv_synsent_state_process
    tp->tcp_header_len = sizeof(struct tcphdr) or
                         sizeof(struct tcphdr) + TCPOLEN_TSTAMP_ALIGNED
    tcp_finish_connect
      __tcp_fast_path_on

  Crossed SYN:
  tcp_rcv_synsent_state_process
    tp->tcp_header_len = sizeof(struct tcphdr) or
                         sizeof(struct tcphdr) + TCPOLEN_TSTAMP_ALIGNED
    tcp_finish_connect

  tcp_v4_rcv
    tcp_v4_do_rcv
      tcp_rcv_state_process
        tcp_fast_path_on

So these two cases will have the wrong value in pred_flags and never
go into the fast path.

Let's add TCPOLEN_MD5SIG_ALIGNED in tcp_rcv_synsent_state_process()
to enable header prediction for active open connections.

Fixes: cfb6eeb4c860 ("[TCP]: MD5 Signature Option (RFC2385) support.")
Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
---
 net/ipv4/tcp_input.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 57c8af1859c1..4d274b511d97 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -6291,6 +6291,11 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,
 			tp->tcp_header_len = sizeof(struct tcphdr);
 		}
 
+#ifdef CONFIG_TCP_MD5SIG
+		if (tp->af_specific->md5_lookup(sk, sk))
+			tp->tcp_header_len += TCPOLEN_MD5SIG_ALIGNED;
+#endif
+
 		tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
 		tcp_initialize_rcv_mss(sk);
 
@@ -6368,6 +6373,11 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,
 			tp->tcp_header_len = sizeof(struct tcphdr);
 		}
 
+#ifdef CONFIG_TCP_MD5SIG
+		if (tp->af_specific->md5_lookup(sk, sk))
+			tp->tcp_header_len += TCPOLEN_MD5SIG_ALIGNED;
+#endif
+
 		WRITE_ONCE(tp->rcv_nxt, TCP_SKB_CB(skb)->seq + 1);
 		WRITE_ONCE(tp->copied_seq, tp->rcv_nxt);
 		tp->rcv_wup = TCP_SKB_CB(skb)->seq + 1;
-- 
2.30.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ