lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMzD94SDZueOVkm+X7Lowfy700rJQtBKUcpzxUArRLLbVNNknA@mail.gmail.com>
Date: Mon, 14 Oct 2024 10:05:36 -0400
From: Brian Vazquez <brianvv@...gle.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: "David S . Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, 
	Paolo Abeni <pabeni@...hat.com>, Martin KaFai Lau <martin.lau@...nel.org>, 
	Kuniyuki Iwashima <kuniyu@...zon.com>, Neal Cardwell <ncardwell@...gle.com>, netdev@...r.kernel.org, 
	eric.dumazet@...il.com
Subject: Re: [PATCH v3 net-next 2/5] net_sched: sch_fq: prepare for TIME_WAIT sockets

On Thu, Oct 10, 2024 at 1:48 PM Eric Dumazet <edumazet@...gle.com> wrote:
>
> TCP stack is not attaching skb to TIME_WAIT sockets yet,
> but we would like to allow this in the future.
>
> Add sk_listener_or_tw() helper to detect the three states
> that FQ needs to take care.
>
> Like NEW_SYN_RECV, TIME_WAIT are not full sockets and
> do not contain sk->sk_pacing_status, sk->sk_pacing_rate.
>
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>

Reviewed-by: Brian Vazquez <brianvv@...gle.com>

> ---
>  include/net/sock.h | 10 ++++++++++
>  net/sched/sch_fq.c |  3 ++-
>  2 files changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/include/net/sock.h b/include/net/sock.h
> index b32f1424ecc52e4a299a207c029192475c1b6a65..703ec6aef927337f7ca6798ff3c3970529af53f9 100644
> --- a/include/net/sock.h
> +++ b/include/net/sock.h
> @@ -2800,6 +2800,16 @@ static inline bool sk_listener(const struct sock *sk)
>         return (1 << sk->sk_state) & (TCPF_LISTEN | TCPF_NEW_SYN_RECV);
>  }
>
> +/* This helper checks if a socket is a LISTEN or NEW_SYN_RECV or TIME_WAIT
> + * TCP SYNACK messages can be attached to LISTEN or NEW_SYN_RECV (depending on SYNCOOKIE)
> + * TCP RST and ACK can be attached to TIME_WAIT.
> + */
> +static inline bool sk_listener_or_tw(const struct sock *sk)
> +{
> +       return (1 << READ_ONCE(sk->sk_state)) &
> +              (TCPF_LISTEN | TCPF_NEW_SYN_RECV | TCPF_TIME_WAIT);
> +}
> +
>  void sock_enable_timestamp(struct sock *sk, enum sock_flags flag);
>  int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, int level,
>                        int type);
> diff --git a/net/sched/sch_fq.c b/net/sched/sch_fq.c
> index aeabf45c9200c4aea75fb6c63986e37eddfea5f9..a97638bef6da5be8a84cc572bf2372551f4b7f96 100644
> --- a/net/sched/sch_fq.c
> +++ b/net/sched/sch_fq.c
> @@ -362,8 +362,9 @@ static struct fq_flow *fq_classify(struct Qdisc *sch, struct sk_buff *skb,
>          * 3) We do not want to rate limit them (eg SYNFLOOD attack),
>          *    especially if the listener set SO_MAX_PACING_RATE
>          * 4) We pretend they are orphaned
> +        * TCP can also associate TIME_WAIT sockets with RST or ACK packets.
>          */
> -       if (!sk || sk_listener(sk)) {
> +       if (!sk || sk_listener_or_tw(sk)) {
>                 unsigned long hash = skb_get_hash(skb) & q->orphan_mask;
>
>                 /* By forcing low order bit to 1, we make sure to not
> --
> 2.47.0.rc1.288.g06298d1525-goog
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ