| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 May 2022 11:45:10 +0800
From: menglong8.dong@...il.com
To: edumazet@...gle.com
Cc: rostedt@...dmis.org, mingo@...hat.com, davem@...emloft.net,
yoshfuji@...ux-ipv6.org, dsahern@...nel.org, kuba@...nel.org,
pabeni@...hat.com, imagedong@...cent.com, kafai@...com,
talalahmad@...gle.com, keescook@...omium.org,
dongli.zhang@...cle.com, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org
Subject: [PATCH net-next 0/9] net: tcp: add skb drop reasons to tcp state change
From: Menglong Dong <imagedong@...cent.com>
In this series patches, skb drop reasons are add to code path of TCP
state change, which we have not done before. It is hard to pass these
reasons from the function to its caller, where skb is dropped. In order
to do this, we have to make some functions return skb drop reasons, or
pass the pointer of 'reason' to these function as an new function
argument.
=============================
We change the type of the return value of tcp_rcv_synsent_state_process()
and tcp_rcv_state_process() to 'enum skb_drop_reason' and make them
return skb drop reasons in 5th and 6th patch.
=============================
In order to get skb drop reasons during tcp connect requesting code path,
we have to pass the pointer of the 'reason' as a new function argument of
conn_request() in 'struct inet_connection_sock_af_ops'. As the return
value of conn_request() can be positive or negative or 0, it's not
flexible to make it return drop reasons. This work is done in the 7th
patch, and functions that used as conn_request() is also modified:
dccp_v4_conn_request()
dccp_v6_conn_request()
tcp_v4_conn_request()
tcp_v6_conn_request()
subflow_v4_conn_request()
subflow_v6_conn_request()
As our target is TCP, dccp and mptcp are not handled more.
=============================
In the 8th patch, skb drop reasons are add to
tcp_timewait_state_process() by adding a function argument to it. In the
origin code, all skb are dropped for tw socket. In order to make less
noise, use consume_skb() for the 'good' skb. This can be checked by the
caller of tcp_timewait_state_process() from the value of drop reason.
If the drop reason is SKB_NOT_DROPPED_YET, it means this skb should not
be dropped.
=============================
In the 9th patch, skb drop reasons are add to the route_req() in struct
tcp_request_sock_ops. Following functions are involved:
tcp_v4_route_req()
tcp_v6_route_req()
subflow_v4_route_req()
subflow_v6_route_req()
In this series patches, following new drop reasons are added:
SOCKET_DESTROYED
TCP_PAWSACTIVEREJECTED
TCP_ABORTONDATA
LISTENOVERFLOWS
TCP_REQQFULLDROP
TIMEWAIT
LSM
Menglong Dong (9):
net: skb: introduce __DEFINE_SKB_DROP_REASON() to simply the code
net: skb: introduce __skb_queue_purge_reason()
net: sock: introduce sk_stream_kill_queues_reason()
net: inet: add skb drop reason to inet_csk_destroy_sock()
net: tcp: make tcp_rcv_synsent_state_process() return drop reasons
net: tcp: make tcp_rcv_state_process() return drop reason
net: tcp: add skb drop reasons to tcp connect requesting
net: tcp: add skb drop reasons to tcp tw code path
net: tcp: add skb drop reasons to route_req()
include/linux/skbuff.h | 482 +++++++++++++++++++----------
include/net/inet_connection_sock.h | 3 +-
include/net/sock.h | 8 +-
include/net/tcp.h | 27 +-
include/trace/events/skb.h | 89 +-----
net/core/drop_monitor.c | 13 -
net/core/skbuff.c | 10 +
net/core/stream.c | 7 +-
net/dccp/input.c | 3 +-
net/dccp/ipv4.c | 3 +-
net/dccp/ipv6.c | 3 +-
net/ipv4/inet_connection_sock.c | 2 +-
net/ipv4/tcp_input.c | 56 ++--
net/ipv4/tcp_ipv4.c | 54 +++-
net/ipv4/tcp_minisocks.c | 35 ++-
net/ipv6/tcp_ipv6.c | 55 +++-
net/mptcp/subflow.c | 16 +-
17 files changed, 517 insertions(+), 349 deletions(-)
--
2.36.1
Powered by blists - more mailing lists