lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200730171529.22582-1-fw@strlen.de>
Date:   Thu, 30 Jul 2020 19:15:19 +0200
From:   Florian Westphal <fw@...len.de>
To:     <netdev@...r.kernel.org>
Cc:     edumazet@...gle.com, mathew.j.martineau@...ux.intel.com,
        matthieu.baerts@...sares.net, pabeni@...hat.com
Subject: [PATCH net-next 00/10] mptcp: add syncookie support

When syn-cookies are used the SYN?ACK never contains a MPTCP option,
because the code path that creates a request socket based on a valid
cookie ACK lacks the needed changes to construct MPTCP request sockets.

After this series, if SYN carries MP_CAPABLE option, the option is not
cleared anymore and request socket will be reconstructed using the
MP_CAPABLE option data that is re-sent with the ACK.

This means that no additional state gets encoded into the syn cookie or
the TCP timestamp.

There are two caveats for SYN-Cookies with MPTCP:

1. When syn-cookies are used, the server-generated key is not stored.
The drawback is that the next connection request that comes in before
the cookie-ACK has a small chance that it will generate the same local_key.

If this happens, the cookie ACK that comes in second will (re)compute the
token hash and then detects that this is already in use.
Unlike normal case, where the server will pick a new key value and then
re-tries, we can't do that because we already committed to the key value
(it was sent to peer already).

Im this case, MPTCP cannot be used and late TCP fallback happens.

2). SYN packets with a MP_JOIN requests cannot be handled without storing
    state. This is because the SYN contains a nonce value that is needed to
    verify the HMAC of the MP_JOIN ACK that completes the three-way
    handshake.  Also, a local nonce is generated and used in the cookie
    SYN/ACK.

There are only 2 ways to solve this:
 a) Do not support JOINs when cookies are in effect.
 b) Store the nonces somewhere.

The approach chosen here is b).
Patch 8 adds a fixed-size (1024 entries) state table to store the
information required to validate the MP_JOIN ACK and re-build the
request socket.

State gets stored when syn-cookies are active and the token in the JOIN
request referred to an established MPTCP connection that can also accept
a new subflow.

State is restored if the ACK cookie is valid, an MP_JOIN option is present
and the state slot contains valid data from a previous SYN.

After the request socket has been re-build, normal HMAC check is done just
as without syn cookies.

Largely identical to last RFC, except patch #8 which follows Paolos
suggestion to use a private table storage area rather than keeping
request sockets around.  This also means I dropped the patch to remove
const qualifier from sk_listener pointers.

Florian Westphal (10):
      tcp: remove cookie_ts bit from request_sock
      mptcp: token: move retry to caller
      mptcp: subflow: split subflow_init_req
      mptcp: rename and export mptcp_subflow_request_sock_ops
      tcp: pass want_cookie down to req_init function
      mptcp: subflow: add mptcp_subflow_init_cookie_req helper
      tcp: syncookies: create mptcp request socket for ACK cookies with MPTCP option
      mptcp: enable JOIN requests even if cookies are in use
      selftests: mptcp: make 2nd net namespace use tcp syn cookies unconditionally
      selftests: mptcp: add test cases for mptcp join tests with syn cookies

 drivers/crypto/chelsio/chtls/chtls_cm.c            |   1 -
 include/net/mptcp.h                                |  11 ++
 include/net/request_sock.h                         |   3 +-
 include/net/tcp.h                                  |   5 +-
 net/ipv4/syncookies.c                              |  44 ++++++-
 net/ipv4/tcp_input.c                               |   7 +-
 net/ipv4/tcp_ipv4.c                                |   3 +-
 net/ipv4/tcp_output.c                              |   2 +-
 net/ipv6/syncookies.c                              |   5 +-
 net/ipv6/tcp_ipv6.c                                |   3 +-
 net/mptcp/Makefile                                 |   1 +
 net/mptcp/ctrl.c                                   |   1 +
 net/mptcp/protocol.h                               |  21 ++++
 net/mptcp/subflow.c                                | 131 ++++++++++++++++----
 net/mptcp/syncookies.c                             | 132 +++++++++++++++++++++
 net/mptcp/token.c                                  |  38 ++++--
 tools/testing/selftests/net/mptcp/mptcp_connect.sh |  47 ++++++++
 tools/testing/selftests/net/mptcp/mptcp_join.sh    |  66 ++++++++++-
 18 files changed, 467 insertions(+), 54 deletions(-)
 create mode 100644 net/mptcp/syncookies.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ