| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89i+NEyZ+1R1pouUcroarCfNrQEN01azsEhOuZoeR0Y3mhA@mail.gmail.com>
Date: Tue, 20 Jan 2026 12:04:47 +0100
From: Eric Dumazet <edumazet@...gle.com>
To: chia-yu.chang@...ia-bell-labs.com
Cc: pabeni@...hat.com, parav@...dia.com, linux-doc@...r.kernel.org,
corbet@....net, horms@...nel.org, dsahern@...nel.org, kuniyu@...gle.com,
bpf@...r.kernel.org, netdev@...r.kernel.org, dave.taht@...il.com,
jhs@...atatu.com, kuba@...nel.org, stephen@...workplumber.org,
xiyou.wangcong@...il.com, jiri@...nulli.us, davem@...emloft.net,
andrew+netdev@...n.ch, donald.hunter@...il.com, ast@...erby.net,
liuhangbin@...il.com, shuah@...nel.org, linux-kselftest@...r.kernel.org,
ij@...nel.org, ncardwell@...gle.com, koen.de_schepper@...ia-bell-labs.com,
g.white@...lelabs.com, ingemar.s.johansson@...csson.com,
mirja.kuehlewind@...csson.com, cheshire@...le.com, rs.ietf@....at,
Jason_Livingood@...cast.com, vidhi_goel@...le.com
Subject: Re: [PATCH v9 net-next 10/15] tcp: accecn: unset ECT if receive or
send ACE=0 in AccECN negotiaion
On Mon, Jan 19, 2026 at 7:59 PM <chia-yu.chang@...ia-bell-labs.com> wrote:
>
> From: Chia-Yu Chang <chia-yu.chang@...ia-bell-labs.com>
>
> Based on specification:
> https://tools.ietf.org/id/draft-ietf-tcpm-accurate-ecn-28.txt
>
> Based on Section 3.1.5 of AccECN spec (RFC9768), a TCP Server in
> AccECN mode MUST NOT set ECT on any packet for the rest of the connection,
> if it has received or sent at least one valid SYN or Acceptable SYN/ACK
> with (AE,CWR,ECE) = (0,0,0) during the handshake.
>
> In addition, a host in AccECN mode that is feeding back the IP-ECN
> field on a SYN or SYN/ACK MUST feed back the IP-ECN field on the
> latest valid SYN or acceptable SYN/ACK to arrive.
>
> Signed-off-by: Chia-Yu Chang <chia-yu.chang@...ia-bell-labs.com>
>
> ---
> v8:
> - Add new helper function tcp_accecn_ace_fail_send_set_retrans()
>
> v6:
> - Do not cast const struct request_sock into struct request_sock
> - Set tcp_accecn_fail_mode after calling tcp_rtx_synack().
> ---
> include/net/tcp_ecn.h | 7 +++++++
> net/ipv4/inet_connection_sock.c | 3 +++
> net/ipv4/tcp_input.c | 2 ++
> net/ipv4/tcp_minisocks.c | 36 ++++++++++++++++++++++++---------
> net/ipv4/tcp_output.c | 3 ++-
> net/ipv4/tcp_timer.c | 2 ++
> 6 files changed, 42 insertions(+), 11 deletions(-)
>
> diff --git a/include/net/tcp_ecn.h b/include/net/tcp_ecn.h
> index 796c613b5ef3..f5e1f6b1bec3 100644
> --- a/include/net/tcp_ecn.h
> +++ b/include/net/tcp_ecn.h
> @@ -97,6 +97,13 @@ static inline void tcp_accecn_fail_mode_set(struct tcp_sock *tp, u8 mode)
> tp->accecn_fail_mode |= mode;
> }
>
> +static inline void tcp_accecn_ace_fail_send_set_retrans(struct request_sock *req,
> + struct tcp_sock *tp)
> +{
> + if (req->num_retrans > 1 && tcp_rsk(req)->accecn_ok)
> + tcp_accecn_fail_mode_set(tp, TCP_ACCECN_ACE_FAIL_SEND);
> +}
> +
> #define TCP_ACCECN_OPT_NOT_SEEN 0x0
> #define TCP_ACCECN_OPT_EMPTY_SEEN 0x1
> #define TCP_ACCECN_OPT_COUNTER_SEEN 0x2
> diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
> index 97d57c52b9ad..9d16cb9c3db4 100644
> --- a/net/ipv4/inet_connection_sock.c
> +++ b/net/ipv4/inet_connection_sock.c
> @@ -20,6 +20,7 @@
> #include <net/tcp_states.h>
> #include <net/xfrm.h>
> #include <net/tcp.h>
> +#include <net/tcp_ecn.h>
> #include <net/sock_reuseport.h>
> #include <net/addrconf.h>
>
> @@ -1103,6 +1104,8 @@ static void reqsk_timer_handler(struct timer_list *t)
> (!resend ||
> !tcp_rtx_synack(sk_listener, req) ||
> inet_rsk(req)->acked)) {
> + tcp_accecn_ace_fail_send_set_retrans(req,
> + tcp_sk(sk_listener));
Ouch.
I think you missed the fact that a listener is shared by many SYN_RECV requests.
Consider it as read-only here.
Powered by blists - more mailing lists