From: Eric Dumazet <edumazet@google.com>
To: Florian Westphal <fw@strlen.de>
Cc: netdev <netdev@vger.kernel.org>,
mathew.j.martineau@linux.intel.com,
Matthieu Baerts <matthieu.baerts@tessares.net>,
Paolo Abeni <pabeni@redhat.com>
Subject: Re: [PATCH v2 net-next 7/9] mptcp: enable JOIN requests even if cookies are in use
Date: Fri, 31 Jul 2020 18:50:55 -0700 [thread overview]
Message-ID: <CANn89iLwjROZXEx2KQi7JGKFtZxzTWXEN+PfuVb43Gasr-fT3w@mail.gmail.com> (raw)
In-Reply-To: <20200730192558.25697-8-fw@strlen.de>
On Thu, Jul 30, 2020 at 12:26 PM Florian Westphal <fw@strlen.de> wrote:
>
> JOIN requests do not work in syncookie mode -- for HMAC validation, the
> peers nonce and the mptcp token (to obtain the desired connection socket
> the join is for) are required, but this information is only present in the
> initial syn.
>
> So either we need to drop all JOIN requests once a listening socket enters
> syncookie mode, or we need to store enough state to reconstruct the request
> socket later.
>
> This adds a state table (1024 entries) to store the data present in the
> MP_JOIN syn request and the random nonce used for the cookie syn/ack.
>
> When a MP_JOIN ACK passed cookie validation, the table is consulted
> to rebuild the request socket from it.
>
> An alternate approach would be to "cancel" syn-cookie mode and force
> MP_JOIN to always use a syn queue entry.
>
> However, doing so brings the backlog over the configured queue limit.
>
> v2: use req->syncookie, not (removed) want_cookie arg
>
> Suggested-by: Paolo Abeni <pabeni@redhat.com>
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
> net/ipv4/syncookies.c | 6 ++
> net/mptcp/Makefile | 1 +
> net/mptcp/ctrl.c | 1 +
> net/mptcp/protocol.h | 20 +++++++
> net/mptcp/subflow.c | 14 +++++
> net/mptcp/syncookies.c | 132 +++++++++++++++++++++++++++++++++++++++++
> 6 files changed, 174 insertions(+)
> create mode 100644 net/mptcp/syncookies.c
>
> diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
> index 54838ee2e8d4..11b20474be83 100644
> --- a/net/ipv4/syncookies.c
> +++ b/net/ipv4/syncookies.c
> @@ -212,6 +212,12 @@ struct sock *tcp_get_cookie_sock(struct sock *sk, struct sk_buff *skb,
> refcount_set(&req->rsk_refcnt, 1);
> tcp_sk(child)->tsoffset = tsoff;
> sock_rps_save_rxhash(child, skb);
> +
> + if (tcp_rsk(req)->drop_req) {
> + refcount_set(&req->rsk_refcnt, 2);
> + return child;
> + }
> +
Hey, what happened to CONFIG_MPTCP=n ?
net/ipv4/syncookies.c: In function 'tcp_get_cookie_sock':
net/ipv4/syncookies.c:216:19: error: 'struct tcp_request_sock' has no
member named 'drop_req'
216 | if (tcp_rsk(req)->drop_req) {
| ^~
net/ipv4/syncookies.c: In function 'cookie_tcp_reqsk_alloc':
net/ipv4/syncookies.c:289:27: warning: unused variable 'treq'
[-Wunused-variable]
289 | struct tcp_request_sock *treq;
| ^~~~
make[3]: *** [scripts/Makefile.build:280: net/ipv4/syncookies.o] Error 1
make[3]: *** Waiting for unfinished jobs....
next prev parent reply other threads:[~2020-08-01 1:51 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-30 19:25 [PATCH v2 net-next 0/9] mptcp: add syncookie support Florian Westphal
2020-07-30 19:25 ` [PATCH v2 net-next 1/9] tcp: rename request_sock cookie_ts bit to syncookie Florian Westphal
2020-07-30 19:25 ` [PATCH v2 net-next 2/9] mptcp: token: move retry to caller Florian Westphal
2020-07-31 22:37 ` Mat Martineau
2020-07-30 19:25 ` [PATCH v2 net-next 3/9] mptcp: subflow: split subflow_init_req Florian Westphal
2020-07-31 22:37 ` Mat Martineau
2020-07-30 19:25 ` [PATCH v2 net-next 4/9] mptcp: rename and export mptcp_subflow_request_sock_ops Florian Westphal
2020-07-31 22:38 ` Mat Martineau
2020-07-30 19:25 ` [PATCH v2 net-next 5/9] mptcp: subflow: add mptcp_subflow_init_cookie_req helper Florian Westphal
2020-07-31 22:38 ` Mat Martineau
2020-07-30 19:25 ` [PATCH v2 net-next 6/9] tcp: syncookies: create mptcp request socket for ACK cookies with MPTCP option Florian Westphal
2020-07-30 19:25 ` [PATCH v2 net-next 7/9] mptcp: enable JOIN requests even if cookies are in use Florian Westphal
2020-07-31 22:39 ` Mat Martineau
2020-08-01 1:50 ` Eric Dumazet [this message]
2020-07-30 19:25 ` [PATCH v2 net-next 8/9] selftests: mptcp: make 2nd net namespace use tcp syn cookies unconditionally Florian Westphal
2020-07-31 22:39 ` Mat Martineau
2020-07-30 19:25 ` [PATCH v2 net-next 9/9] selftests: mptcp: add test cases for mptcp join tests with syn cookies Florian Westphal
2020-07-31 22:39 ` Mat Martineau
2020-07-31 23:56 ` [PATCH v2 net-next 0/9] mptcp: add syncookie support David Miller
2020-08-01 1:55 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANn89iLwjROZXEx2KQi7JGKFtZxzTWXEN+PfuVb43Gasr-fT3w@mail.gmail.com \
--to=edumazet@google.com \
--cc=fw@strlen.de \
--cc=mathew.j.martineau@linux.intel.com \
--cc=matthieu.baerts@tessares.net \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).