lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 29 Oct 2022 21:09:48 +0800
From:   menglong8.dong@...il.com
To:     edumazet@...gle.com, kuba@...nel.org
Cc:     davem@...emloft.net, pabeni@...hat.com, yoshfuji@...ux-ipv6.org,
        dsahern@...nel.org, imagedong@...cent.com, kafai@...com,
        asml.silence@...il.com, keescook@...omium.org,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: [PATCH net-next 0/9] net: tcp: add skb drop reasons to tcp state process

From: Menglong Dong <imagedong@...cent.com>

For now, the skb drop reasons have not fully be supported by TCP
protocol on the code path of TCP connection state change. The function
call chain is a little complex, which makes it hard to get the reason
that why skb is dropped.

However, I have a idea now: store the drop reason in the tcp_skb_cb,
which means that we need to add a 'drop_reason' field to the struct
tcp_skb_cb. Luckily, this struct still has 4 bytes spare space for this
purpose.

In this way, we need only to initialize to 'TCP_SKB_CB(skb)->drop_reason'
to SKB_DROP_REASON_NOT_SPECIFIED in tcp_v4_rcv()/tcp_v6_rcv(). When the
skb needs to be dropped, the value of this field should be the drop
reason or SKB_DROP_REASON_NOT_SPECIFIED. Meanwhile, the value also can be
SKB_NOT_DROPPED_YET. On such case, try_kfree_skb(), which we add in the
1th patch, should be called.

Hi, Eric, do you like it? In this way, we almost don't need to change the
exist code, and won't mess the code up.

In this series, the skb drop reasons are added following functions:

  tcp_rcv_synsent_state_process
  tcp_timewait_state_process
  tcp_conn_request
  tcp_rcv_state_process

And following new drop reasons are added:

  SKB_DROP_REASON_TCP_PAWSACTIVEREJECTED
  SKB_DROP_REASON_TIMEWAIT
  SKB_DROP_REASON_LISTENOVERFLOWS
  SKB_DROP_REASON_TCP_REQQFULLDROP
  SKB_DROP_REASON_TCP_ABORTONDATA
  SKB_DROP_REASON_TCP_ABORTONLINGER
  SKB_DROP_REASON_LSM

Menglong Dong (9):
  net: skb: introduce try_kfree_skb()
  net: tcp: add 'drop_reason' field to struct tcp_skb_cb
  net: tcp: use the drop reasons stored in tcp_skb_cb
  net: tcp: store drop reasons in tcp_rcv_synsent_state_process()
  net: tcp: store drop reasons in tcp_timewait_state_process()
  net: tcp: store drop reasons in tcp_conn_request()
  net: tcp: store drop reasons in tcp_rcv_state_process()
  net: tcp: store drop reasons in route_req
  net: tcp: use LINUX_MIB_TCPABORTONLINGER in tcp_rcv_state_process()

 include/linux/skbuff.h   |  9 +++++++++
 include/net/dropreason.h | 43 ++++++++++++++++++++++++++++++++++++++++
 include/net/tcp.h        |  3 +++
 net/ipv4/tcp_input.c     | 29 ++++++++++++++++++++++-----
 net/ipv4/tcp_ipv4.c      | 26 ++++++++++++++++++++----
 net/ipv4/tcp_minisocks.c | 15 ++++++++++++--
 net/ipv6/tcp_ipv6.c      | 31 +++++++++++++++++++++++------
 7 files changed, 139 insertions(+), 17 deletions(-)

-- 
2.37.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ