lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20221029130957.1292060-5-imagedong@tencent.com>
Date:   Sat, 29 Oct 2022 21:09:52 +0800
From:   menglong8.dong@...il.com
To:     edumazet@...gle.com, kuba@...nel.org
Cc:     davem@...emloft.net, pabeni@...hat.com, yoshfuji@...ux-ipv6.org,
        dsahern@...nel.org, imagedong@...cent.com, kafai@...com,
        asml.silence@...il.com, keescook@...omium.org,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: [PATCH net-next 4/9] net: tcp: store drop reasons in tcp_rcv_synsent_state_process()

From: Menglong Dong <imagedong@...cent.com>

The skb drop reasons for the 'reset' code path in
tcp_rcv_synsent_state_process() is not handled yet. Now, we can store the
drop reason to tcp_skb_cb for such case.

The new reason 'TCP_PAWSACTIVEREJECTED' is added, which is corresponding
to LINUX_MIB_PAWSACTIVEREJECTED.

Signed-off-by: Menglong Dong <imagedong@...cent.com>
---
 include/net/dropreason.h | 7 +++++++
 net/ipv4/tcp_input.c     | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/include/net/dropreason.h b/include/net/dropreason.h
index c1cbcdbaf149..0f0edcd5f95f 100644
--- a/include/net/dropreason.h
+++ b/include/net/dropreason.h
@@ -68,6 +68,7 @@
 	FN(IP_INADDRERRORS)		\
 	FN(IP_INNOROUTES)		\
 	FN(PKT_TOO_BIG)			\
+	FN(TCP_PAWSACTIVEREJECTED)	\
 	FNe(MAX)
 
 /**
@@ -298,6 +299,12 @@ enum skb_drop_reason {
 	 * MTU)
 	 */
 	SKB_DROP_REASON_PKT_TOO_BIG,
+	/**
+	 * @SKB_DROP_REASON_TCP_PAWSACTIVEREJECTED: PAWS check failed for
+	 * active TCP connection, corresponding to
+	 * LINUX_MIB_PAWSACTIVEREJECTED
+	 */
+	SKB_DROP_REASON_TCP_PAWSACTIVEREJECTED,
 	/**
 	 * @SKB_DROP_REASON_MAX: the maximum of drop reason, which shouldn't be
 	 * used as a real 'reason'
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 0640453fce54..c0e5c4a29a4e 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -6195,6 +6195,10 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,
 				inet_csk_reset_xmit_timer(sk,
 						ICSK_TIME_RETRANS,
 						TCP_TIMEOUT_MIN, TCP_RTO_MAX);
+			if (after(TCP_SKB_CB(skb)->ack_seq, tp->snd_nxt))
+				TCP_SKB_DR(skb, TCP_ACK_UNSENT_DATA);
+			else
+				TCP_SKB_DR(skb, TCP_TOO_OLD_ACK);
 			goto reset_and_undo;
 		}
 
@@ -6203,6 +6207,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,
 			     tcp_time_stamp(tp))) {
 			NET_INC_STATS(sock_net(sk),
 					LINUX_MIB_PAWSACTIVEREJECTED);
+			TCP_SKB_DR(skb, TCP_PAWSACTIVEREJECTED);
 			goto reset_and_undo;
 		}
 
-- 
2.37.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ