lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <44651dfe-3176-e295-adbd-351c149aad88@kernel.org>
Date: Thu, 19 Oct 2023 13:45:42 -0600
From: David Ahern <dsahern@...nel.org>
To: Heng Guo <heng.guo@...driver.com>, davem@...emloft.net,
 edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com
Cc: netdev@...r.kernel.org, filip.pudak@...driver.com, kun.song@...driver.com
Subject: Re: [PATCH net-next V3] net: fix IPSTATS_MIB_OUTPKGS increment in
 OutForwDatagrams.

On 10/18/23 7:20 PM, Heng Guo wrote:
> Reproduce environment:
> network with 3 VM linuxs is connected as below:
> VM1<---->VM2(latest kernel 6.5.0-rc7)<---->VM3
> VM1: eth0 ip: 192.168.122.207 MTU 1500
> VM2: eth0 ip: 192.168.122.208, eth1 ip: 192.168.123.224 MTU 1500
> VM3: eth0 ip: 192.168.123.240 MTU 1500
> 
> Reproduce:
> VM1 send 1400 bytes UDP data to VM3 using tools scapy with flags=0.
> scapy command:
> send(IP(dst="192.168.123.240",flags=0)/UDP()/str('0'*1400),count=1,
> inter=1.000000)
> 
> Result:
> Before IP data is sent.
> ----------------------------------------------------------------------
> root@...ux86-64:~# cat /proc/net/snmp
> Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors
>   ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests
>   OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails
>   FragOKs FragFails FragCreates
> Ip: 1 64 11 0 3 4 0 0 4 7 0 0 0 0 0 0 0 0 0
> ......
> ----------------------------------------------------------------------
> After IP data is sent.
> ----------------------------------------------------------------------
> root@...ux86-64:~# cat /proc/net/snmp
> Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors
>   ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests
>   OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails
>   FragOKs FragFails FragCreates
> Ip: 1 64 12 0 3 5 0 0 4 8 0 0 0 0 0 0 0 0 0
> ......
> ----------------------------------------------------------------------
> "ForwDatagrams" increase from 4 to 5 and "OutRequests" also increase
> from 7 to 8.
> 
> Issue description and patch:
> IPSTATS_MIB_OUTPKTS("OutRequests") is counted with IPSTATS_MIB_OUTOCTETS
> ("OutOctets") in ip_finish_output2().
> According to RFC 4293, it is "OutOctets" counted with "OutTransmits" but
> not "OutRequests". "OutRequests" does not include any datagrams counted
> in "ForwDatagrams".
> ipSystemStatsOutOctets OBJECT-TYPE
>     DESCRIPTION
>            "The total number of octets in IP datagrams delivered to the
>             lower layers for transmission.  Octets from datagrams
>             counted in ipIfStatsOutTransmits MUST be counted here.
> ipSystemStatsOutRequests OBJECT-TYPE
>     DESCRIPTION
>            "The total number of IP datagrams that local IP user-
>             protocols (including ICMP) supplied to IP in requests for
>             transmission.  Note that this counter does not include any
>             datagrams counted in ipSystemStatsOutForwDatagrams.
> So do patch to define IPSTATS_MIB_OUTPKTS to "OutTransmits" and add
> IPSTATS_MIB_OUTREQUESTS for "OutRequests".
> Add IPSTATS_MIB_OUTREQUESTS counter in __ip_local_out() for ipv4 and add
> IPSTATS_MIB_OUT counter in ip6_finish_output2() for ipv6.
> 
> Test result with patch:
> Before IP data is sent.
> ----------------------------------------------------------------------
> root@...ux86-64:~# cat /proc/net/snmp
> Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors
>   ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests
>   OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails
>   FragOKs FragFails FragCreates OutTransmits
> Ip: 1 64 9 0 5 1 0 0 3 3 0 0 0 0 0 0 0 0 0 4
> ......
> root@...ux86-64:~# cat /proc/net/netstat
> ......
> IpExt: InNoRoutes InTruncatedPkts InMcastPkts OutMcastPkts InBcastPkts
>   OutBcastPkts InOctets OutOctets InMcastOctets OutMcastOctets
>   InBcastOctets OutBcastOctets InCsumErrors InNoECTPkts InECT1Pkts
>   InECT0Pkts InCEPkts ReasmOverlaps
> IpExt: 0 0 0 0 0 0 2976 1896 0 0 0 0 0 9 0 0 0 0
> ----------------------------------------------------------------------
> After IP data is sent.
> ----------------------------------------------------------------------
> root@...ux86-64:~# cat /proc/net/snmp
> Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors
>   ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests
>   OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails
>   FragOKs FragFails FragCreates OutTransmits
> Ip: 1 64 10 0 5 2 0 0 3 3 0 0 0 0 0 0 0 0 0 5
> ......
> root@...ux86-64:~# cat /proc/net/netstat
> ......
> IpExt: InNoRoutes InTruncatedPkts InMcastPkts OutMcastPkts InBcastPkts
>   OutBcastPkts InOctets OutOctets InMcastOctets OutMcastOctets
>   InBcastOctets OutBcastOctets InCsumErrors InNoECTPkts InECT1Pkts
>   InECT0Pkts InCEPkts ReasmOverlaps
> IpExt: 0 0 0 0 0 0 4404 3324 0 0 0 0 0 10 0 0 0 0
> ----------------------------------------------------------------------
> "ForwDatagrams" increase from 1 to 2 and "OutRequests" is keeping 3.
> "OutTransmits" increase from 4 to 5 and "OutOctets" increase 1428.
> 
> Signed-off-by: Heng Guo <heng.guo@...driver.com>
> Reviewed-by: Kun Song <Kun.Song@...driver.com>
> Reviewed-by: Filip Pudak <filip.pudak@...driver.com>
> ---
> V2: fix the missing space after a comma.
> V3: keep original counter in mpls_stats_inc_outucastpkts(), because
> both forward and local outputs are in it.
> 
>  include/uapi/linux/snmp.h | 3 ++-
>  net/ipv4/ip_output.c      | 2 ++
>  net/ipv4/proc.c           | 3 ++-
>  net/ipv6/ip6_output.c     | 6 ++++--
>  net/ipv6/mcast.c          | 5 ++---
>  net/ipv6/ndisc.c          | 2 +-
>  net/ipv6/proc.c           | 3 ++-
>  net/ipv6/raw.c            | 2 +-
>  8 files changed, 16 insertions(+), 10 deletions(-)
> 

Reviewed-by: David Ahern <dsahern@...nel.org>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ