lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250509211820.36880-13-chia-yu.chang@nokia-bell-labs.com> Date: Fri, 9 May 2025 23:18:17 +0200 From: chia-yu.chang@...ia-bell-labs.com To: horms@...nel.org, dsahern@...nel.org, kuniyu@...zon.com, bpf@...r.kernel.org, netdev@...r.kernel.org, dave.taht@...il.com, pabeni@...hat.com, jhs@...atatu.com, kuba@...nel.org, stephen@...workplumber.org, xiyou.wangcong@...il.com, jiri@...nulli.us, davem@...emloft.net, edumazet@...gle.com, andrew+netdev@...n.ch, donald.hunter@...il.com, ast@...erby.net, liuhangbin@...il.com, shuah@...nel.org, linux-kselftest@...r.kernel.org, ij@...nel.org, ncardwell@...gle.com, koen.de_schepper@...ia-bell-labs.com, g.white@...lelabs.com, ingemar.s.johansson@...csson.com, mirja.kuehlewind@...csson.com, cheshire@...le.com, rs.ietf@....at, Jason_Livingood@...cast.com, vidhi_goel@...le.com Cc: Chia-Yu Chang <chia-yu.chang@...ia-bell-labs.com> Subject: [PATCH v6 net-next 12/15] tcp: accecn: AccECN option ceb/cep heuristic From: Ilpo Järvinen <ij@...nel.org> The heuristic algorithm from draft-11 Appendix A.2.2 to mitigate against false ACE field overflows. Signed-off-by: Ilpo Järvinen <ij@...nel.org> Signed-off-by: Chia-Yu Chang <chia-yu.chang@...ia-bell-labs.com> --- include/net/tcp.h | 1 + net/ipv4/tcp_input.c | 18 ++++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index 5e4593e39de4..201326b10396 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -247,6 +247,7 @@ static_assert((1 << ATO_BITS) > TCP_DELACK_MAX); #define TCP_ACCECN_MAXSIZE (TCPOLEN_ACCECN_BASE + \ TCPOLEN_ACCECN_PERFIELD * \ TCP_ACCECN_NUMFIELDS) +#define TCP_ACCECN_SAFETY_SHIFT 1 /* SAFETY_FACTOR in accecn draft */ /* tp->accecn_fail_mode */ #define TCP_ACCECN_ACE_FAIL_SEND BIT(0) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index c93e4bffb23e..f206c1a93a56 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -709,16 +709,19 @@ static u32 __tcp_accecn_process(struct sock *sk, const struct sk_buff *skb, u32 delivered_pkts, u32 delivered_bytes, int flag) { + u32 old_ceb = tcp_sk(sk)->delivered_ecn_bytes[INET_ECN_CE - 1]; const struct tcphdr *th = tcp_hdr(skb); struct tcp_sock *tp = tcp_sk(sk); - u32 delta, safe_delta; + u32 delta, safe_delta, d_ceb; + bool opt_deltas_valid; u32 corrected_ace; /* Reordered ACK or uncertain due to lack of data to send and ts */ if (!(flag & (FLAG_FORWARD_PROGRESS | FLAG_TS_PROGRESS))) return 0; - tcp_accecn_process_option(tp, skb, delivered_bytes, flag); + opt_deltas_valid = tcp_accecn_process_option(tp, skb, + delivered_bytes, flag); if (!(flag & FLAG_SLOWPATH)) { /* AccECN counter might overflow on large ACKs */ @@ -741,6 +744,17 @@ static u32 __tcp_accecn_process(struct sock *sk, const struct sk_buff *skb, safe_delta = delivered_pkts - ((delivered_pkts - delta) & TCP_ACCECN_CEP_ACE_MASK); + if (opt_deltas_valid) { + d_ceb = tp->delivered_ecn_bytes[INET_ECN_CE - 1] - old_ceb; + if (!d_ceb) + return delta; + if (d_ceb > delta * tp->mss_cache) + return safe_delta; + if (d_ceb < + safe_delta * tp->mss_cache >> TCP_ACCECN_SAFETY_SHIFT) + return delta; + } + return safe_delta; } -- 2.34.1
Powered by blists - more mailing lists