From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.4 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CBDB2C2D0A3 for ; Mon, 9 Nov 2020 17:29:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6C85C2083B for ; Mon, 9 Nov 2020 17:29:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qORLalHD" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731892AbgKIR3J (ORCPT ); Mon, 9 Nov 2020 12:29:09 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34606 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731172AbgKIR3G (ORCPT ); Mon, 9 Nov 2020 12:29:06 -0500 Received: from mail-io1-xd43.google.com (mail-io1-xd43.google.com [IPv6:2607:f8b0:4864:20::d43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 145ECC0613D4 for ; Mon, 9 Nov 2020 09:29:06 -0800 (PST) Received: by mail-io1-xd43.google.com with SMTP id o11so10607677ioo.11 for ; Mon, 09 Nov 2020 09:29:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iS7wGl9RDeoaCYAmtEhoMmhifB7Bkd936j4hSXda9EQ=; b=qORLalHDW7LGVeTLFECbEXBBMT8mS1jyJOQ7Axna9Vlw0y963SK1p2R0JlsGhmfOK9 8bgUaLFJYUNfcAvFyKnHovCj641LwmTqB6fCfJjil+/qDFOyBb6wlVRxGTwwew8ypGoR LMQFpHhxF5dwrr2ILH6vh1eQOjBomAkSxcUu/wjuB48B6SnZ/VAVB18n90Sl1IFZ8tEF YJK4Zxl435cMVsAjv/26doLLb6IH82kTuey6+N0STwu49m5fkh0CmibRmqKuc5lVOoBf tdhbaoNvTRJQlNWJMkRjjjr+pFroHaJTv7f4NamaIfBe247GhYhVMxqPiQjCiQ2TEOvF Qr8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iS7wGl9RDeoaCYAmtEhoMmhifB7Bkd936j4hSXda9EQ=; b=QlXGaSUK038S3e9zpCb7GaX09jDhw7uYQfTJJA4VQMqgzvUf2ohdZVUq+c/jbUVOkA mlrOYQXuQQQ1wg1WLgAtf8R0FfHdosA960OWAZ0A5spPZpAVBb62b1C60LVXWoAwPPTY 1h3i9ZyyKX9QQbONFmnjhV5v48u07cZHHu2sjQbwpexLdfWsznwvHn8V9pVNz8/RBUwX OZXRDO/l5wtBI5IdOMVZdjA0nFcysnWyd95vbi+0Zm5cIVJKSbvKdnpsMTzonxMN2LQp oV+6chgCFcv+Ly7FX3nJbcFyBesKwFZd+gfdY6+5Yo3/Pm0C3ykCKf5apWAUYtiKoTGU RXJQ== X-Gm-Message-State: AOAM533FPMqACd6l7bozx0+T9a5jXz8WE9Bcg0xBrFsVbQBO02q433nQ 60KRAcCsbbGYIh6TBiqSVOFGykq0hpPFRjsdL7oNuA== X-Google-Smtp-Source: ABdhPJzXzmeKVEDjebEji3sdG67yPKV/Yns17/N7tod+wD7i2Lnmtm0ujUnV4ku62ZygmGN4tp4NIgrhEXqlnypKKCM= X-Received: by 2002:a02:7112:: with SMTP id n18mr11937162jac.34.1604942945017; Mon, 09 Nov 2020 09:29:05 -0800 (PST) MIME-Version: 1.0 References: <1604942276-92635-1-git-send-email-wenan.mao@linux.alibaba.com> In-Reply-To: <1604942276-92635-1-git-send-email-wenan.mao@linux.alibaba.com> From: Eric Dumazet Date: Mon, 9 Nov 2020 18:28:53 +0100 Message-ID: Subject: Re: [PATCH net v4] net: Update window_clamp if SOCK_RCVBUF is set To: Mao Wenan Cc: David Miller , Alexey Kuznetsov , Hideaki YOSHIFUJI , Jakub Kicinski , netdev , LKML , kernel-janitors@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 9, 2020 at 6:18 PM Mao Wenan wrote: > > When net.ipv4.tcp_syncookies=1 and syn flood is happened, > cookie_v4_check or cookie_v6_check tries to redo what > tcp_v4_send_synack or tcp_v6_send_synack did, > rsk_window_clamp will be changed if SOCK_RCVBUF is set, > which will make rcv_wscale is different, the client > still operates with initial window scale and can overshot > granted window, the client use the initial scale but local > server use new scale to advertise window value, and session > work abnormally. > > Fixes: e88c64f0a425 ("tcp: allow effective reduction of TCP's rcv-buffer via setsockopt") > Signed-off-by: Mao Wenan > --- > v4: change fixes tag format, and delay the actual call to > tcp_full_space(). > v3: add local variable full_space, add fixes tag. > v2: fix for ipv6. > net/ipv4/syncookies.c | 8 +++++++- > net/ipv6/syncookies.c | 9 ++++++++- > 2 files changed, 15 insertions(+), 2 deletions(-) > > diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c > index 6ac473b..8784e1f 100644 > --- a/net/ipv4/syncookies.c > +++ b/net/ipv4/syncookies.c > @@ -327,6 +327,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) > struct inet_request_sock *ireq; > struct tcp_request_sock *treq; > struct tcp_sock *tp = tcp_sk(sk); > + int full_space; SGTM. although you could have avoided adding a variable breaking the almost correct reverse Christmas tree that some of us prefer. Something like this would look better : diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 6ac473b47f30d4d5e5e9455424b1a91d84e649ee..78af720f3e2c6dcdc7298178c5d2f02f0e425e04 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -331,7 +331,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) __u32 cookie = ntohl(th->ack_seq) - 1; struct sock *ret = sk; struct request_sock *req; - int mss; + int full_space, mss; struct rtable *rt; __u8 rcv_wscale; struct flowi4 fl4; From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Dumazet Date: Mon, 09 Nov 2020 17:28:53 +0000 Subject: Re: [PATCH net v4] net: Update window_clamp if SOCK_RCVBUF is set Message-Id: List-Id: References: <1604942276-92635-1-git-send-email-wenan.mao@linux.alibaba.com> In-Reply-To: <1604942276-92635-1-git-send-email-wenan.mao@linux.alibaba.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Mao Wenan Cc: David Miller , Alexey Kuznetsov , Hideaki YOSHIFUJI , Jakub Kicinski , netdev , LKML , kernel-janitors@vger.kernel.org On Mon, Nov 9, 2020 at 6:18 PM Mao Wenan wrote: > > When net.ipv4.tcp_syncookies=1 and syn flood is happened, > cookie_v4_check or cookie_v6_check tries to redo what > tcp_v4_send_synack or tcp_v6_send_synack did, > rsk_window_clamp will be changed if SOCK_RCVBUF is set, > which will make rcv_wscale is different, the client > still operates with initial window scale and can overshot > granted window, the client use the initial scale but local > server use new scale to advertise window value, and session > work abnormally. > > Fixes: e88c64f0a425 ("tcp: allow effective reduction of TCP's rcv-buffer via setsockopt") > Signed-off-by: Mao Wenan > --- > v4: change fixes tag format, and delay the actual call to > tcp_full_space(). > v3: add local variable full_space, add fixes tag. > v2: fix for ipv6. > net/ipv4/syncookies.c | 8 +++++++- > net/ipv6/syncookies.c | 9 ++++++++- > 2 files changed, 15 insertions(+), 2 deletions(-) > > diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c > index 6ac473b..8784e1f 100644 > --- a/net/ipv4/syncookies.c > +++ b/net/ipv4/syncookies.c > @@ -327,6 +327,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) > struct inet_request_sock *ireq; > struct tcp_request_sock *treq; > struct tcp_sock *tp = tcp_sk(sk); > + int full_space; SGTM. although you could have avoided adding a variable breaking the almost correct reverse Christmas tree that some of us prefer. Something like this would look better : diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 6ac473b47f30d4d5e5e9455424b1a91d84e649ee..78af720f3e2c6dcdc7298178c5d2f02f0e425e04 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -331,7 +331,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) __u32 cookie = ntohl(th->ack_seq) - 1; struct sock *ret = sk; struct request_sock *req; - int mss; + int full_space, mss; struct rtable *rt; __u8 rcv_wscale; struct flowi4 fl4;