| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230803035517.35188-1-kuniyu@amazon.com>
Date: Wed, 2 Aug 2023 20:55:17 -0700
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: <kuniyu@...zon.com>
CC: <davem@...emloft.net>, <dsahern@...nel.org>, <edumazet@...gle.com>,
<kuba@...nel.org>, <kuni1840@...il.com>, <netdev@...r.kernel.org>,
<pabeni@...hat.com>, <yoshfuji@...ux-ipv6.org>
Subject: Re: [PATCH v1 net] tcp: Enable header prediction for active open connections with MD5.
From: Kuniyuki Iwashima <kuniyu@...zon.com>
Date: Wed, 2 Aug 2023 18:16:58 -0700
> TCP socket saves the minimum required header length in tcp_header_len
> of struct tcp_sock, and later the value is used in __tcp_fast_path_on()
> to generate a part of TCP header in tcp_sock(sk)->pred_flags.
>
> In tcp_rcv_established(), if the incoming packet has the same pattern
> with pred_flags, we enter the fast path and skip full option parsing.
>
> The MD5 option is parsed in tcp_v[46]_rcv(), so we need not parse it
> again later in tcp_rcv_established() unless other options exist. Thus,
> MD5 should add TCPOLEN_MD5SIG_ALIGNED to tcp_header_len and avoid the
> slow path.
>
> For passive open connections with MD5, we add TCPOLEN_MD5SIG_ALIGNED
> to tcp_header_len in tcp_create_openreq_child() after 3WHS.
>
> On the other hand, we do it in tcp_connect_init() for active open
> connections. However, the value is overwritten while processing
> SYN+ACK or crossed SYN in tcp_rcv_synsent_state_process().
>
> SYN+ACK:
> tcp_rcv_synsent_state_process
> tp->tcp_header_len = sizeof(struct tcphdr) or
> sizeof(struct tcphdr) + TCPOLEN_TSTAMP_ALIGNED
> tcp_finish_connect
> __tcp_fast_path_on
>
> Crossed SYN:
> tcp_rcv_synsent_state_process
> tp->tcp_header_len = sizeof(struct tcphdr) or
> sizeof(struct tcphdr) + TCPOLEN_TSTAMP_ALIGNED
> tcp_finish_connect
Wrong copy-and-paste here. Will fix in v2.
pw-bot: cr
>
> tcp_v4_rcv
> tcp_v4_do_rcv
> tcp_rcv_state_process
> tcp_fast_path_on
>
> So these two cases will have the wrong value in pred_flags and never
> go into the fast path.
>
> Let's add TCPOLEN_MD5SIG_ALIGNED in tcp_rcv_synsent_state_process()
> to enable header prediction for active open connections.
>
> Fixes: cfb6eeb4c860 ("[TCP]: MD5 Signature Option (RFC2385) support.")
> Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
> ---
> net/ipv4/tcp_input.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
> index 57c8af1859c1..4d274b511d97 100644
> --- a/net/ipv4/tcp_input.c
> +++ b/net/ipv4/tcp_input.c
> @@ -6291,6 +6291,11 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,
> tp->tcp_header_len = sizeof(struct tcphdr);
> }
>
> +#ifdef CONFIG_TCP_MD5SIG
> + if (tp->af_specific->md5_lookup(sk, sk))
> + tp->tcp_header_len += TCPOLEN_MD5SIG_ALIGNED;
> +#endif
> +
> tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
> tcp_initialize_rcv_mss(sk);
>
> @@ -6368,6 +6373,11 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,
> tp->tcp_header_len = sizeof(struct tcphdr);
> }
>
> +#ifdef CONFIG_TCP_MD5SIG
> + if (tp->af_specific->md5_lookup(sk, sk))
> + tp->tcp_header_len += TCPOLEN_MD5SIG_ALIGNED;
> +#endif
> +
> WRITE_ONCE(tp->rcv_nxt, TCP_SKB_CB(skb)->seq + 1);
> WRITE_ONCE(tp->copied_seq, tp->rcv_nxt);
> tp->rcv_wup = TCP_SKB_CB(skb)->seq + 1;
> --
> 2.30.2
Powered by blists - more mailing lists