| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Oct 2022 21:09:54 +0800
From: menglong8.dong@...il.com
To: edumazet@...gle.com, kuba@...nel.org
Cc: davem@...emloft.net, pabeni@...hat.com, yoshfuji@...ux-ipv6.org,
dsahern@...nel.org, imagedong@...cent.com, kafai@...com,
asml.silence@...il.com, keescook@...omium.org,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: [PATCH net-next 6/9] net: tcp: store drop reasons in tcp_conn_request()
From: Menglong Dong <imagedong@...cent.com>
Store the skb drop reasons to tcp_skb_cb for tcp_conn_request(). When
the skb should be freed normally, 'TCP_SKB_CB(skb)->drop_reason' will be
set to SKB_NOT_DROPPED_YET, which means consume_skb() will be called for
the skb.
Now, we can replace the consume_skb() with try_kfree_skb() in
tcp_rcv_state_process() if the skb needs to be dropped.
The new drop reasons 'LISTENOVERFLOWS' and 'TCP_REQQFULLDROP' are added,
which are used for 'accept queue' and 'request queue' full.
Signed-off-by: Menglong Dong <imagedong@...cent.com>
--
---
include/net/dropreason.h | 12 ++++++++++++
net/ipv4/tcp_input.c | 11 +++++++++--
2 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/include/net/dropreason.h b/include/net/dropreason.h
index cbfd88493ef2..633a05c95026 100644
--- a/include/net/dropreason.h
+++ b/include/net/dropreason.h
@@ -70,6 +70,8 @@
FN(PKT_TOO_BIG) \
FN(TCP_PAWSACTIVEREJECTED) \
FN(TIMEWAIT) \
+ FN(LISTENOVERFLOWS) \
+ FN(TCP_REQQFULLDROP) \
FNe(MAX)
/**
@@ -312,6 +314,16 @@ enum skb_drop_reason {
* 'SYN' packet
*/
SKB_DROP_REASON_TIMEWAIT,
+ /**
+ * @SKB_DROP_REASON_LISTENOVERFLOWS: accept queue of the listen
+ * socket is full, corresponding to LINUX_MIB_LISTENOVERFLOWS
+ */
+ SKB_DROP_REASON_LISTENOVERFLOWS,
+ /**
+ * @SKB_DROP_REASON_TCP_REQQFULLDROP: request queue of the listen
+ * socket is full, corresponding to LINUX_MIB_TCPREQQFULLDROP
+ */
+ SKB_DROP_REASON_TCP_REQQFULLDROP,
/**
* @SKB_DROP_REASON_MAX: the maximum of drop reason, which shouldn't be
* used as a real 'reason'
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index c0e5c4a29a4e..ad088e228b1e 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -6482,7 +6482,9 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb)
if (!acceptable)
return 1;
- consume_skb(skb);
+
+ reason = TCP_SKB_CB(skb)->drop_reason;
+ try_kfree_skb(skb, reason);
return 0;
}
SKB_DR_SET(reason, TCP_FLAGS);
@@ -6928,12 +6930,15 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
*/
if ((syncookies == 2 || inet_csk_reqsk_queue_is_full(sk)) && !isn) {
want_cookie = tcp_syn_flood_action(sk, rsk_ops->slab_name);
- if (!want_cookie)
+ if (!want_cookie) {
+ TCP_SKB_DR(skb, TCP_REQQFULLDROP);
goto drop;
+ }
}
if (sk_acceptq_is_full(sk)) {
NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
+ TCP_SKB_DR(skb, LISTENOVERFLOWS);
goto drop;
}
@@ -6991,6 +6996,7 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
*/
pr_drop_req(req, ntohs(tcp_hdr(skb)->source),
rsk_ops->family);
+ TCP_SKB_DR(skb, TCP_REQQFULLDROP);
goto drop_and_release;
}
@@ -7005,6 +7011,7 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
inet_rsk(req)->ecn_ok = 0;
}
+ TCP_SKB_CB(skb)->drop_reason = SKB_NOT_DROPPED_YET;
tcp_rsk(req)->snt_isn = isn;
tcp_rsk(req)->txhash = net_tx_rndhash();
tcp_rsk(req)->syn_tos = TCP_SKB_CB(skb)->ip_dsfield;
--
2.37.2
Powered by blists - more mailing lists