From: Sebastian Poehn <sebastian.poehn@gmail.com>
To: "Pöhn, Sebastian" <sebastian.poehn@gmail.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>,
netdev@vger.kernel.org, David Miller <davem@davemloft.net>,
Florian Westphal <fw@strlen.de>
Subject: Re: [FYI] xfrm: Don't lookup sk_policy for timewait sockets
Date: Mon, 13 Apr 2015 10:04:15 +0200 [thread overview]
Message-ID: <1428912255.6534.5.camel@googlemail.com> (raw)
In-Reply-To: <1428664454.10242.19.camel@googlemail.com>
Am 10.04.2015 13:14 schrieb "Sebastian Poehn" <sebastian.poehn@gmail.com>:
>
> On Thu, 2015-04-09 at 23:21 +0200, Florian Westphal wrote:
> > David Miller <davem@davemloft.net> wrote:
> > > From: Florian Westphal <fw@strlen.de>
> > > Date: Thu, 9 Apr 2015 21:14:41 +0200
> > >
> > > > I re-introduced this in fd158d79d33d3c under the assumption
> > > > that the input path handles skb->sk timewait sockets correctly
> > > > after all the early demux changes, afaics tcp edemux can also
> > > > assign skb->sk timewait sockets.
> > > >
> > > > Also, reporter mentions 3.8 as affected which should not assign
> > > > tw sockets to skb->sk.
> > > >
> > > > Even more strange, the reporters backtrace seems to indicate
> > > > crash at end of forward path.
> > > >
> > > > Sebastian, can you disable tw assignment via TPROXY in 3.12 just
> > > > to see if it makes a difference?
> > > >
> > > > [ not doing the assignment is safe provided you still set tproxy mark
> > > > on the skb; policy routing will ensure local delivery ].
> > >
> > > My assumption in my analysis is that TPROXY writes the socket to
> > > skb->sk, and it is also being forwarded. And yes this is based
> > > upon his backtrace.
> >
> > Right. However, I think we might have to make more changes than just tproxy.
> >
> > If we have sockets bound to non-local addresses then why would tcp edemux
> > not cause same issue?
>
> Thanks for all the helpful inputs. I will try to provide some more information
> and try a bit around with TPROXY not assigning tw sockets.
>
> I will provide you with an update the next days.
>
> Unfortunately this is a very rare event and (yet) impossible to reproduce in-house.
>
>
Played around with sending crafted packets to a transparent tw socket.
For SYN tproxy does the re-lookup of the listening socket, which is fine. But for
packets without SYN is assigns the tw socket. However this is not an issue as the
fw mark is set, policy routing processes frame, so it becomes input and finally is
dropped in TCP receive path. But if I remove the policy routing rule the frame
enters the forwarding path.
Unfortunately this did not trigger the panic but this may be just by chance.
However I can't explain what is wrong with the ip rule maybe setup related.
next prev parent reply other threads:[~2015-04-13 8:04 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-09 8:09 [FYI] xfrm: Don't lookup sk_policy for timewait sockets Sebastian Poehn
2015-04-09 9:07 ` Eric Dumazet
2015-04-09 9:24 ` Sebastian Poehn
2015-04-09 18:37 ` David Miller
2015-04-09 19:14 ` Florian Westphal
2015-04-09 21:07 ` David Miller
2015-04-09 21:21 ` Florian Westphal
2015-04-10 11:14 ` Sebastian Poehn
2015-04-13 8:04 ` Sebastian Poehn [this message]
2015-04-13 15:09 ` Sebastian Poehn
2015-04-13 15:39 ` Eric Dumazet
2015-04-13 17:25 ` David Miller
2015-04-13 16:04 ` Florian Westphal
2015-04-09 19:21 ` Eric Dumazet
2015-04-09 19:25 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1428912255.6534.5.camel@googlemail.com \
--to=sebastian.poehn@gmail.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=fw@strlen.de \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.