| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Nov 2023 17:04:52 -0800
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: <horms@...nel.org>
CC: <davem@...emloft.net>, <edumazet@...gle.com>, <kuba@...nel.org>,
<kuni1840@...il.com>, <kuniyu@...zon.com>, <netdev@...r.kernel.org>,
<pabeni@...hat.com>
Subject: Re: [PATCH v1 net-next 7/8] tcp: Factorise cookie-independent fields initialisation in cookie_v[46]_check().
From: Simon Horman <horms@...nel.org>
Date: Fri, 24 Nov 2023 21:44:18 +0000
> On Wed, Nov 22, 2023 at 05:25:20PM -0800, Kuniyuki Iwashima wrote:
> > We will support arbitrary SYN Cookie with BPF, and then some reqsk fields
> > are initialised in kfunc, and others are done in cookie_v[46]_check().
> >
> > This patch factorises the common part as cookie_tcp_reqsk_init() and
> > calls it in cookie_tcp_reqsk_alloc() to minimise the discrepancy between
> > cookie_v[46]_check().
> >
> > Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
> > ---
> > net/ipv4/syncookies.c | 69 ++++++++++++++++++++++++-------------------
> > net/ipv6/syncookies.c | 14 ---------
> > 2 files changed, 38 insertions(+), 45 deletions(-)
> >
> > diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
> > index 1e3783c97e28..9bca1c026525 100644
> > --- a/net/ipv4/syncookies.c
> > +++ b/net/ipv4/syncookies.c
> > @@ -285,10 +285,44 @@ bool cookie_ecn_ok(const struct tcp_options_received *tcp_opt,
> > }
> > EXPORT_SYMBOL(cookie_ecn_ok);
> >
> > +static int cookie_tcp_reqsk_init(struct sock *sk, struct sk_buff *skb,
> > + struct request_sock *req)
> > +{
> > + struct inet_request_sock *ireq = inet_rsk(req);
> > + struct tcp_request_sock *treq = tcp_rsk(req);
> > + const struct tcphdr *th = tcp_hdr(skb);
> > +
> > + req->num_retrans = 0;
> > +
> > + ireq->ir_num = ntohs(th->dest);
> > + ireq->ir_rmt_port = th->source;
> > + ireq->ir_iif = inet_request_bound_dev_if(sk, skb);
> > + ireq->ir_mark = inet_request_mark(sk, skb);
> > +
> > + if (IS_ENABLED(CONFIG_SMC))
> > + ireq->smc_ok = 0;
> > +
> > + treq->snt_synack = 0;
> > + treq->tfo_listener = false;
> > + treq->txhash = net_tx_rndhash();
> > + treq->rcv_isn = ntohl(th->seq) - 1;
> > + treq->snt_isn = ntohl(th->ack_seq) - 1;
> > + treq->syn_tos = TCP_SKB_CB(skb)->ip_dsfield;
> > + treq->syn_tos = TCP_SKB_CB(skb)->ip_dsfield;
>
> Hi Iwashima-san,
>
> The line above seems to be duplicated.
Ah good catch.
I'll fix it in v2.
Thanks for your review!
pw-bot: cr
>
> Other than that, this patch looks good to me.
>
> Reviewed-by: Simon Horman <horms@...nel.org>
>
>
> > + treq->req_usec_ts = false;
> > +
> > +#if IS_ENABLED(CONFIG_MPTCP)
> > + treq->is_mptcp = sk_is_mptcp(sk);
> > + if (treq->is_mptcp)
> > + return mptcp_subflow_init_cookie_req(req, sk, skb);
> > +#endif
> > +
> > + return 0;
> > +}
>
Powered by blists - more mailing lists