lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Oct 2022 21:09:52 +0800 From: menglong8.dong@...il.com To: edumazet@...gle.com, kuba@...nel.org Cc: davem@...emloft.net, pabeni@...hat.com, yoshfuji@...ux-ipv6.org, dsahern@...nel.org, imagedong@...cent.com, kafai@...com, asml.silence@...il.com, keescook@...omium.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: [PATCH net-next 4/9] net: tcp: store drop reasons in tcp_rcv_synsent_state_process() From: Menglong Dong <imagedong@...cent.com> The skb drop reasons for the 'reset' code path in tcp_rcv_synsent_state_process() is not handled yet. Now, we can store the drop reason to tcp_skb_cb for such case. The new reason 'TCP_PAWSACTIVEREJECTED' is added, which is corresponding to LINUX_MIB_PAWSACTIVEREJECTED. Signed-off-by: Menglong Dong <imagedong@...cent.com> --- include/net/dropreason.h | 7 +++++++ net/ipv4/tcp_input.c | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/include/net/dropreason.h b/include/net/dropreason.h index c1cbcdbaf149..0f0edcd5f95f 100644 --- a/include/net/dropreason.h +++ b/include/net/dropreason.h @@ -68,6 +68,7 @@ FN(IP_INADDRERRORS) \ FN(IP_INNOROUTES) \ FN(PKT_TOO_BIG) \ + FN(TCP_PAWSACTIVEREJECTED) \ FNe(MAX) /** @@ -298,6 +299,12 @@ enum skb_drop_reason { * MTU) */ SKB_DROP_REASON_PKT_TOO_BIG, + /** + * @SKB_DROP_REASON_TCP_PAWSACTIVEREJECTED: PAWS check failed for + * active TCP connection, corresponding to + * LINUX_MIB_PAWSACTIVEREJECTED + */ + SKB_DROP_REASON_TCP_PAWSACTIVEREJECTED, /** * @SKB_DROP_REASON_MAX: the maximum of drop reason, which shouldn't be * used as a real 'reason' diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 0640453fce54..c0e5c4a29a4e 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6195,6 +6195,10 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, TCP_TIMEOUT_MIN, TCP_RTO_MAX); + if (after(TCP_SKB_CB(skb)->ack_seq, tp->snd_nxt)) + TCP_SKB_DR(skb, TCP_ACK_UNSENT_DATA); + else + TCP_SKB_DR(skb, TCP_TOO_OLD_ACK); goto reset_and_undo; } @@ -6203,6 +6207,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, tcp_time_stamp(tp))) { NET_INC_STATS(sock_net(sk), LINUX_MIB_PAWSACTIVEREJECTED); + TCP_SKB_DR(skb, TCP_PAWSACTIVEREJECTED); goto reset_and_undo; } -- 2.37.2
Powered by blists - more mailing lists