lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Nov 2020 10:56:33 +0100 From: Eric Dumazet <edumazet@...gle.com> To: Mao Wenan <wenan.mao@...ux.alibaba.com> Cc: David Miller <davem@...emloft.net>, Alexey Kuznetsov <kuznet@....inr.ac.ru>, Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, Jakub Kicinski <kuba@...nel.org>, netdev <netdev@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, kernel-janitors@...r.kernel.org Subject: Re: [PATCH net v2] net: Update window_clamp if SOCK_RCVBUF is set On Mon, Nov 9, 2020 at 10:33 AM Mao Wenan <wenan.mao@...ux.alibaba.com> wrote: > > When net.ipv4.tcp_syncookies=1 and syn flood is happened, > cookie_v4_check or cookie_v6_check tries to redo what > tcp_v4_send_synack or tcp_v6_send_synack did, > rsk_window_clamp will be changed if SOCK_RCVBUF is set, > which will make rcv_wscale is different, the client > still operates with initial window scale and can overshot > granted window, the client use the initial scale but local > server use new scale to advertise window value, and session > work abnormally. What is not working exactly ? Sending a 'big wscale' should not really matter, unless perhaps there is a buggy stack at the remote end ? > > Signed-off-by: Mao Wenan <wenan.mao@...ux.alibaba.com> > --- > v2: fix for ipv6. > net/ipv4/syncookies.c | 4 ++++ > net/ipv6/syncookies.c | 5 +++++ > 2 files changed, 9 insertions(+) > > diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c > index 6ac473b..57ce317 100644 > --- a/net/ipv4/syncookies.c > +++ b/net/ipv4/syncookies.c > @@ -427,6 +427,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) > > /* Try to redo what tcp_v4_send_synack did. */ > req->rsk_window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW); > + /* limit the window selection if the user enforce a smaller rx buffer */ > + if (sk->sk_userlocks & SOCK_RCVBUF_LOCK && > + (req->rsk_window_clamp > tcp_full_space(sk) || req->rsk_window_clamp == 0)) > + req->rsk_window_clamp = tcp_full_space(sk); This seems not needed to me. We call tcp_select_initial_window() with tcp_full_space(sk) passed as the 2nd parameter. tcp_full_space(sk) will then apply : space = min(*window_clamp, space); Please cook a packetdrill test to demonstrate what you are seeing ?
Powered by blists - more mailing lists