From: Eric Dumazet <edumazet@google.com>
To: "David S . Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>
Cc: netdev@vger.kernel.org, "Neal Cardwell" <ncardwell@google.com>,
"Dragos Tatulea" <dtatulea@nvidia.com>,
eric.dumazet@gmail.com, "Eric Dumazet" <edumazet@google.com>,
"Maciej Żenczykowski" <maze@google.com>,
"Willem de Bruijn" <willemb@google.com>,
"Shachar Kagan" <skagan@nvidia.com>
Subject: [PATCH net-next 1/2] tcp: conditionally call ip_icmp_error() from tcp_v4_err()
Date: Wed, 17 Apr 2024 16:57:55 +0000 [thread overview]
Message-ID: <20240417165756.2531620-2-edumazet@google.com> (raw)
In-Reply-To: <20240417165756.2531620-1-edumazet@google.com>
Blamed commit claimed in its changelog that the new functionality
was guarded by IP_RECVERR/IPV6_RECVERR :
Note that applications need to set IP_RECVERR/IPV6_RECVERR option to
enable this feature, and that the error message is only queued
while in SYN_SNT state.
This was true only for IPv6, because ipv6_icmp_error() has
the following check:
if (!inet6_test_bit(RECVERR6, sk))
return;
Other callers check IP_RECVERR by themselves, it is unclear
if we could factorize these checks in ip_icmp_error()
For stable backports, I chose to add the missing check in tcp_v4_err()
We think this missing check was the root cause for commit
0a8de364ff7a ("tcp: no longer abort SYN_SENT when receiving
some ICMP") breakage, leading to a revert.
Many thanks to Dragos Tatulea for conducting the investigations.
As Jakub said :
The suspicion is that SSH sees the ICMP report on the socket error queue
and tries to connect() again, but due to the patch the socket isn't
disconnected, so it gets EALREADY, and throws its hands up...
The error bubbles up to Vagrant which also becomes unhappy.
Can we skip the call to ip_icmp_error() for non-fatal ICMP errors?
Fixes: 45af29ca761c ("tcp: allow traceroute -Mtcp for unpriv users")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Dragos Tatulea <dtatulea@nvidia.com>
Cc: Dragos Tatulea <dtatulea@nvidia.com>
Cc: Maciej Żenczykowski <maze@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Shachar Kagan <skagan@nvidia.com>
---
net/ipv4/tcp_ipv4.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 88c83ac4212957f19efad0f967952d2502bdbc7f..a717db99972d977a64178d7ed1109325d64a6d51 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -602,7 +602,8 @@ int tcp_v4_err(struct sk_buff *skb, u32 info)
if (fastopen && !fastopen->sk)
break;
- ip_icmp_error(sk, skb, err, th->dest, info, (u8 *)th);
+ if (inet_test_bit(RECVERR, sk))
+ ip_icmp_error(sk, skb, err, th->dest, info, (u8 *)th);
if (!sock_owned_by_user(sk)) {
WRITE_ONCE(sk->sk_err, err);
--
2.44.0.683.g7961c838ac-goog
next prev parent reply other threads:[~2024-04-17 16:58 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-17 16:57 [PATCH net-next 0/2] tcp: tcp_v4_err() changes Eric Dumazet
2024-04-17 16:57 ` Eric Dumazet [this message]
2024-04-17 17:08 ` [PATCH net-next 1/2] tcp: conditionally call ip_icmp_error() from tcp_v4_err() Maciej Żenczykowski
2024-04-18 3:22 ` Jason Xing
2024-04-18 6:45 ` Eric Dumazet
2024-04-18 6:53 ` Jason Xing
2024-04-18 8:02 ` Paolo Abeni
2024-04-18 8:03 ` Eric Dumazet
2024-04-18 9:26 ` Eric Dumazet
2024-04-18 9:58 ` Paolo Abeni
2024-04-18 10:15 ` Eric Dumazet
2024-04-18 10:22 ` Eric Dumazet
2024-04-18 10:36 ` Eric Dumazet
2024-04-18 17:46 ` David Ahern
2024-04-18 17:47 ` Eric Dumazet
2024-04-18 18:02 ` David Ahern
2024-04-18 18:09 ` Eric Dumazet
2024-04-18 18:09 ` Jakub Kicinski
2024-04-18 18:14 ` Eric Dumazet
2024-04-18 20:20 ` David Ahern
2024-04-18 17:56 ` David Ahern
2024-04-17 16:57 ` [PATCH net-next 2/2] tcp: no longer abort SYN_SENT when receiving some ICMP (II) Eric Dumazet
2024-04-18 3:24 ` Jason Xing
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240417165756.2531620-2-edumazet@google.com \
--to=edumazet@google.com \
--cc=davem@davemloft.net \
--cc=dtatulea@nvidia.com \
--cc=eric.dumazet@gmail.com \
--cc=kuba@kernel.org \
--cc=maze@google.com \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=skagan@nvidia.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.