lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 24 Nov 2023 17:04:52 -0800
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: <horms@...nel.org>
CC: <davem@...emloft.net>, <edumazet@...gle.com>, <kuba@...nel.org>,
	<kuni1840@...il.com>, <kuniyu@...zon.com>, <netdev@...r.kernel.org>,
	<pabeni@...hat.com>
Subject: Re: [PATCH v1 net-next 7/8] tcp: Factorise cookie-independent fields initialisation in cookie_v[46]_check().

From: Simon Horman <horms@...nel.org>
Date: Fri, 24 Nov 2023 21:44:18 +0000
> On Wed, Nov 22, 2023 at 05:25:20PM -0800, Kuniyuki Iwashima wrote:
> > We will support arbitrary SYN Cookie with BPF, and then some reqsk fields
> > are initialised in kfunc, and others are done in cookie_v[46]_check().
> > 
> > This patch factorises the common part as cookie_tcp_reqsk_init() and
> > calls it in cookie_tcp_reqsk_alloc() to minimise the discrepancy between
> > cookie_v[46]_check().
> > 
> > Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
> > ---
> >  net/ipv4/syncookies.c | 69 ++++++++++++++++++++++++-------------------
> >  net/ipv6/syncookies.c | 14 ---------
> >  2 files changed, 38 insertions(+), 45 deletions(-)
> > 
> > diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
> > index 1e3783c97e28..9bca1c026525 100644
> > --- a/net/ipv4/syncookies.c
> > +++ b/net/ipv4/syncookies.c
> > @@ -285,10 +285,44 @@ bool cookie_ecn_ok(const struct tcp_options_received *tcp_opt,
> >  }
> >  EXPORT_SYMBOL(cookie_ecn_ok);
> >  
> > +static int cookie_tcp_reqsk_init(struct sock *sk, struct sk_buff *skb,
> > +				 struct request_sock *req)
> > +{
> > +	struct inet_request_sock *ireq = inet_rsk(req);
> > +	struct tcp_request_sock *treq = tcp_rsk(req);
> > +	const struct tcphdr *th = tcp_hdr(skb);
> > +
> > +	req->num_retrans = 0;
> > +
> > +	ireq->ir_num = ntohs(th->dest);
> > +	ireq->ir_rmt_port = th->source;
> > +	ireq->ir_iif = inet_request_bound_dev_if(sk, skb);
> > +	ireq->ir_mark = inet_request_mark(sk, skb);
> > +
> > +	if (IS_ENABLED(CONFIG_SMC))
> > +		ireq->smc_ok = 0;
> > +
> > +	treq->snt_synack = 0;
> > +	treq->tfo_listener = false;
> > +	treq->txhash = net_tx_rndhash();
> > +	treq->rcv_isn = ntohl(th->seq) - 1;
> > +	treq->snt_isn = ntohl(th->ack_seq) - 1;
> > +	treq->syn_tos = TCP_SKB_CB(skb)->ip_dsfield;
> > +	treq->syn_tos = TCP_SKB_CB(skb)->ip_dsfield;
> 
> Hi Iwashima-san,
> 
> The line above seems to be duplicated.

Ah good catch.
I'll fix it in v2.

Thanks for your review!

pw-bot: cr


> 
> Other than that, this patch looks good to me.
> 
> Reviewed-by: Simon Horman <horms@...nel.org>
> 
> 
> > +	treq->req_usec_ts = false;
> > +
> > +#if IS_ENABLED(CONFIG_MPTCP)
> > +	treq->is_mptcp = sk_is_mptcp(sk);
> > +	if (treq->is_mptcp)
> > +		return mptcp_subflow_init_cookie_req(req, sk, skb);
> > +#endif
> > +
> > +	return 0;
> > +}
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ