[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZnAef_DSlzfNP0wh@nanopsycho.orion>
Date: Mon, 17 Jun 2024 13:31:11 +0200
From: Jiri Pirko <jiri@...nulli.us>
To: luoxuanqiang <luoxuanqiang@...inos.cn>
Cc: edumazet@...gle.com, kuniyu@...zon.com, davem@...emloft.net,
dccp@...r.kernel.org, dsahern@...nel.org, fw@...len.de,
kuba@...nel.org, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org, pabeni@...hat.com,
alexandre.ferrieux@...nge.com
Subject: Re: [PATCH net v3] Fix race for duplicate reqsk on identical SYN
Mon, Jun 17, 2024 at 09:56:40AM CEST, luoxuanqiang@...inos.cn wrote:
>When bonding is configured in BOND_MODE_BROADCAST mode, if two identical
>SYN packets are received at the same time and processed on different CPUs,
>it can potentially create the same sk (sock) but two different reqsk
>(request_sock) in tcp_conn_request().
>
>These two different reqsk will respond with two SYNACK packets, and since
>the generation of the seq (ISN) incorporates a timestamp, the final two
>SYNACK packets will have different seq values.
>
>The consequence is that when the Client receives and replies with an ACK
>to the earlier SYNACK packet, we will reset(RST) it.
>
>========================================================================
>
>This behavior is consistently reproducible in my local setup,
>which comprises:
>
> | NETA1 ------ NETB1 |
>PC_A --- bond --- | | --- bond --- PC_B
> | NETA2 ------ NETB2 |
>
>- PC_A is the Server and has two network cards, NETA1 and NETA2. I have
> bonded these two cards using BOND_MODE_BROADCAST mode and configured
> them to be handled by different CPU.
>
>- PC_B is the Client, also equipped with two network cards, NETB1 and
> NETB2, which are also bonded and configured in BOND_MODE_BROADCAST mode.
>
>If the client attempts a TCP connection to the server, it might encounter
>a failure. Capturing packets from the server side reveals:
>
>10.10.10.10.45182 > localhost: Flags [S], seq 320236027,
>10.10.10.10.45182 > localhost: Flags [S], seq 320236027,
>localhost > 10.10.10.10.45182: Flags [S.], seq 2967855116,
>localhost > 10.10.10.10.45182: Flags [S.], seq 2967855123, <==
>10.10.10.10.45182 > localhost: Flags [.], ack 4294967290,
>10.10.10.10.45182 > localhost: Flags [.], ack 4294967290,
>localhost > 10.10.10.10.45182: Flags [R], seq 2967855117, <==
>localhost > 10.10.10.10.45182: Flags [R], seq 2967855117,
>
>Two SYNACKs with different seq numbers are sent by localhost,
>resulting in an anomaly.
>
>========================================================================
>
>The attempted solution is as follows:
>In the tcp_conn_request(), while inserting reqsk into the ehash table,
>it also checks if an entry already exists. If found, it avoids
>reinsertion and releases it.
>
>Simultaneously, In the reqsk_queue_hash_req(), the start of the
>req->rsk_timer is adjusted to be after successful insertion.
>
>Signed-off-by: luoxuanqiang <luoxuanqiang@...inos.cn>
You are missing "Fixes" tag.
Powered by blists - more mailing lists