From: Jianguo Wu <wujianguo106@163.com>
To: Paolo Abeni <pabeni@redhat.com>,
Mat Martineau <mathew.j.martineau@linux.intel.com>
Cc: mptcp@lists.linux.dev, fw@strlen.de
Subject: Re: [PATCH v5 4/4] mptcp: avoid processing packet if a subflow reset
Date: Thu, 24 Jun 2021 09:57:35 +0800 [thread overview]
Message-ID: <f7e8a4f2-1725-72c3-b54e-5f6dc1af0a24@163.com> (raw)
In-Reply-To: <1ac0561c290bf87aa54277bc6b458a859b8ff080.camel@redhat.com>
On 2021/6/23 17:48, Paolo Abeni wrote:
> On Tue, 2021-06-22 at 17:00 -0700, Mat Martineau wrote:
>> On Mon, 21 Jun 2021, Jianguo Wu wrote:
>>
>>> Hi Mat,
>>>
>>> On 2021/6/19 8:19, Mat Martineau wrote:
>>>> On Wed, 16 Jun 2021, wujianguo106@163.com wrote:
>>>>
>>>>> From: Jianguo Wu <wujianguo@chinatelecom.cn>
>>>>>
>>>>> If check_fully_established() causes a subflow reset, it should not
>>>>> continue to process the packet in tcp_data_queue().
>>>>>
>>>>> setting:
>>>>> TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(skb)->seq;
>>>>>
>>>>> so that the following check will drop the pkt in
>>>>> tcp_data_queue():
>>>>> if (TCP_SKB_CB(skb)->seq == TCP_SKB_CB(skb)->end_seq) {
>>>>> __kfree_skb(skb);
>>>>> return;
>>>>> }
>>>>>
>>>>> Fixes: d582484726c4 ("mptcp: fix fallback for MP_JOIN subflows")
>>>>> Signed-off-by: Jianguo Wu <wujianguo@chinatelecom.cn>
>>>>> ---
>>>>> net/mptcp/options.c | 6 ++++++
>>>>> 1 file changed, 6 insertions(+)
>>>>>
>>>>> diff --git a/net/mptcp/options.c b/net/mptcp/options.c
>>>>> index 1aec01686c1a..be435c5421cd 100644
>>>>> --- a/net/mptcp/options.c
>>>>> +++ b/net/mptcp/options.c
>>>>> @@ -926,6 +926,12 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk,
>>>>> return true;
>>>>>
>>>>> reset:
>>>>> + /* If a subflow is reset, the packet should not continue to be
>>>>> + * processed in tcp_data_queue(), so setting: end_seq = seq,
>>>>> + * then tcp_data_queue() will drop the packet.
>>>>> + */
>>>>> + TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(skb)->seq;
>>>>> +
>>>>
>>>> This does have the desired effect when mptcp_incoming_options() is
>>>> called from tcp_data_queue(), but mptcp_incoming_options() is also
>>>> called from tcp_reset() and tcp_rcv_state_process(). The other callers
>>>> appear to tolerate the sequence number modification.
>>>>
>>>> I think it would be clearer to either add a return value or output
>>>> parameter to mptcp_incoming_options() to explicitly tell the caller
>>>> that a reset has been sent and tcp_done() called. Then it would be
>>>> clearer in tcp_data_queue() that the packet is being discarded due to
>>>> mptcp header content.
>>>>
>>>
>>> If a reset has been sent and tcp_done() called in
>>> check_fully_established(), the sk_state will be TCP_CLOSE, how about
>>> just do (sk_state == TCP_CLOSE) check in tcp_data_queue() as it did in
>>> the V1 of this patch?
>>
>> Oh, I see now that Paolo suggested the the end_seq assignment in order to
>> only modify MPTCP code.
>>
>> I still think it's better to make it clear that we're discarding a packet
>> due to the mptcp headers - using the existing sequence check (intended to
>> detect acks) in tcp_data_queue() seems sneaky to me.
>>
>> Something like
>>
>> if (sk_is_mptcp(sk) && !mptcp_incoming_options(sk, skb)) {
>> __kfree_skb(skb);
>> return;
>> }
>>
>> seems both compact and clear. Does that seem ok Paolo?
>
> Uhmmm... we need to touch every mptcp_incoming_options() call site, and
> in tcp_reset() the above chunk looks a bit strange to me. Probably we
> could just ignore the mptcp_incoming_options() return value there.
>
> Otherwise no big objections - not sure about upstream ;)
>
Hi Mat and Paolo,
If you both agree, I will send a new version that mptcp_incoming_options() add a return value, and only check return value in tcp_data_queue(),
ignore the return value in other call site.
> Cheers,
>
> Paolo
>
next prev parent reply other threads:[~2021-06-24 2:14 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-16 10:49 [PATCH v5 0/4] Fix some mptcp syncookie process bugs wujianguo106
2021-06-16 10:49 ` [PATCH v5 1/4] mptcp: fix warning in __skb_flow_dissect() when do syn cookie for subflow join wujianguo106
2021-06-18 22:40 ` Mat Martineau
2021-06-21 6:14 ` Jianguo Wu
2021-06-21 10:09 ` Jianguo Wu
2021-06-22 23:38 ` Mat Martineau
2021-06-16 10:49 ` [PATCH v5 2/4] mptcp: remove redundant req destruct in subflow_check_req() wujianguo106
2021-06-16 10:49 ` [PATCH v5 3/4] mptcp: fix syncookie process if mptcp can not_accept new subflow wujianguo106
2021-06-18 23:19 ` Mat Martineau
2021-06-21 6:24 ` Jianguo Wu
2021-06-24 2:08 ` Jianguo Wu
2021-06-24 22:36 ` Mat Martineau
2021-06-16 10:49 ` [PATCH v5 4/4] mptcp: avoid processing packet if a subflow reset wujianguo106
2021-06-19 0:19 ` Mat Martineau
2021-06-21 6:35 ` Jianguo Wu
2021-06-23 0:00 ` Mat Martineau
2021-06-23 9:48 ` Paolo Abeni
2021-06-24 1:57 ` Jianguo Wu [this message]
2021-06-24 10:02 ` Paolo Abeni
2021-06-24 22:38 ` Mat Martineau
2021-06-25 0:51 ` Jianguo Wu
2021-06-19 0:26 ` [PATCH v5 0/4] Fix some mptcp syncookie process bugs Mat Martineau
2021-06-21 6:39 ` Jianguo Wu
2021-06-23 0:07 ` Mat Martineau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f7e8a4f2-1725-72c3-b54e-5f6dc1af0a24@163.com \
--to=wujianguo106@163.com \
--cc=fw@strlen.de \
--cc=mathew.j.martineau@linux.intel.com \
--cc=mptcp@lists.linux.dev \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).