lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Oct 2022 21:09:55 +0800 From: menglong8.dong@...il.com To: edumazet@...gle.com, kuba@...nel.org Cc: davem@...emloft.net, pabeni@...hat.com, yoshfuji@...ux-ipv6.org, dsahern@...nel.org, imagedong@...cent.com, kafai@...com, asml.silence@...il.com, keescook@...omium.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: [PATCH net-next 7/9] net: tcp: store drop reasons in tcp_rcv_state_process() From: Menglong Dong <imagedong@...cent.com> Store the drop reasons for skb to the tcp_skb_cb in tcp_rcv_state_process() when it returns non-zero, which means that the skb need to be dropped. The new drop reasons 'TCP_ABORTONDATA' and 'TCP_ABORTONLINGER' are added. Signed-off-by: Menglong Dong <imagedong@...cent.com> --- include/net/dropreason.h | 12 ++++++++++++ net/ipv4/tcp_input.c | 11 +++++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/include/net/dropreason.h b/include/net/dropreason.h index 633a05c95026..364811bce63f 100644 --- a/include/net/dropreason.h +++ b/include/net/dropreason.h @@ -72,6 +72,8 @@ FN(TIMEWAIT) \ FN(LISTENOVERFLOWS) \ FN(TCP_REQQFULLDROP) \ + FN(TCP_ABORTONDATA) \ + FN(TCP_ABORTONLINGER) \ FNe(MAX) /** @@ -324,6 +326,16 @@ enum skb_drop_reason { * socket is full, corresponding to LINUX_MIB_TCPREQQFULLDROP */ SKB_DROP_REASON_TCP_REQQFULLDROP, + /** + * @SKB_DROP_REASON_TCP_ABORTONDATA: corresponding to + * LINUX_MIB_TCPABORTONDATA + */ + SKB_DROP_REASON_TCP_ABORTONDATA, + /** + * @SKB_DROP_REASON_TCP_ABORTONLINGER: corresponding to + * LINUX_MIB_TCPABORTONLINGER + */ + SKB_DROP_REASON_TCP_ABORTONLINGER, /** * @SKB_DROP_REASON_MAX: the maximum of drop reason, which shouldn't be * used as a real 'reason' diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index ad088e228b1e..e08842f999f8 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6459,8 +6459,10 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) goto discard; case TCP_LISTEN: - if (th->ack) + if (th->ack) { + TCP_SKB_DR(skb, TCP_FLAGS); return 1; + } if (th->rst) { SKB_DR_SET(reason, TCP_RESET); @@ -6533,8 +6535,10 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) FLAG_NO_CHALLENGE_ACK) > 0; if (!acceptable) { - if (sk->sk_state == TCP_SYN_RECV) + if (sk->sk_state == TCP_SYN_RECV) { + TCP_SKB_DR(skb, TCP_FLAGS); return 1; /* send one RST */ + } tcp_send_challenge_ack(sk); SKB_DR_SET(reason, TCP_OLD_ACK); goto discard; @@ -6605,6 +6609,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) if (tp->linger2 < 0) { tcp_done(sk); NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); + TCP_SKB_DR(skb, TCP_ABORTONLINGER); return 1; } if (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq && @@ -6614,6 +6619,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) tcp_fastopen_active_disable(sk); tcp_done(sk); NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); + TCP_SKB_DR(skb, TCP_ABORTONDATA); return 1; } @@ -6678,6 +6684,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) if (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq && after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTONDATA); + TCP_SKB_DR(skb, TCP_ABORTONDATA); tcp_reset(sk, skb); return 1; } -- 2.37.2
Powered by blists - more mailing lists