[PATCH net] tcp: fix TCP_SKB_CB(skb)->tcp_tw_isn not being used

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pengcheng Yang <yangpc@wangsu.com>
To: edumazet@google.com, davem@davemloft.net
Cc: netdev@vger.kernel.org, Pengcheng Yang <yangpc@wangsu.com>
Subject: [PATCH net] tcp: fix TCP_SKB_CB(skb)->tcp_tw_isn not being used
Date: Tue, 29 Dec 2020 05:59:20 +0800	[thread overview]
Message-ID: <1609192760-4505-1-git-send-email-yangpc@wangsu.com> (raw)

TCP_SKB_CB(skb)->tcp_tw_isn contains an ISN, chosen by
tcp_timewait_state_process() , when SYN is received in TIMEWAIT state.
But tcp_tw_isn is not used because it is overwritten by
tcp_v4_restore_cb() after commit eeea10b83a13 ("tcp: add
tcp_v4_fill_cb()/tcp_v4_restore_cb()").

To fix this case, we record tcp_tw_isn before tcp_v4_restore_cb() and
then set it in tcp_v4_fill_cb(). V6 does the same.

Fixes: eeea10b83a13 ("tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb()")
Reported-by: chenc <chenc9@wangsu.com>
Signed-off-by: Pengcheng Yang <yangpc@wangsu.com>
---
 net/ipv4/tcp_ipv4.c | 14 ++++++++------
 net/ipv6/tcp_ipv6.c | 14 ++++++++------
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 58207c7..c8cceaa 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1892,7 +1892,7 @@ static void tcp_v4_restore_cb(struct sk_buff *skb)
 }
 
 static void tcp_v4_fill_cb(struct sk_buff *skb, const struct iphdr *iph,
-			   const struct tcphdr *th)
+			   const struct tcphdr *th, __u32 isn)
 {
 	/* This is tricky : We move IPCB at its correct location into TCP_SKB_CB()
 	 * barrier() makes sure compiler wont play fool^Waliasing games.
@@ -1906,7 +1906,7 @@ static void tcp_v4_fill_cb(struct sk_buff *skb, const struct iphdr *iph,
 				    skb->len - th->doff * 4);
 	TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
 	TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
-	TCP_SKB_CB(skb)->tcp_tw_isn = 0;
+	TCP_SKB_CB(skb)->tcp_tw_isn = isn;
 	TCP_SKB_CB(skb)->ip_dsfield = ipv4_get_dsfield(iph);
 	TCP_SKB_CB(skb)->sacked	 = 0;
 	TCP_SKB_CB(skb)->has_rxtstamp =
@@ -1927,6 +1927,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
 	const struct tcphdr *th;
 	bool refcounted;
 	struct sock *sk;
+	__u32 isn = 0;
 	int ret;
 
 	if (skb->pkt_type != PACKET_HOST)
@@ -1993,7 +1994,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
 		if (!tcp_filter(sk, skb)) {
 			th = (const struct tcphdr *)skb->data;
 			iph = ip_hdr(skb);
-			tcp_v4_fill_cb(skb, iph, th);
+			tcp_v4_fill_cb(skb, iph, th, isn);
 			nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
 		}
 		if (!nsk) {
@@ -2038,7 +2039,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
 		goto discard_and_relse;
 	th = (const struct tcphdr *)skb->data;
 	iph = ip_hdr(skb);
-	tcp_v4_fill_cb(skb, iph, th);
+	tcp_v4_fill_cb(skb, iph, th, isn);
 
 	skb->dev = NULL;
 
@@ -2075,7 +2076,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
 	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
 		goto discard_it;
 
-	tcp_v4_fill_cb(skb, iph, th);
+	tcp_v4_fill_cb(skb, iph, th, isn);
 
 	if (tcp_checksum_complete(skb)) {
 csum_error:
@@ -2103,7 +2104,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
 		goto discard_it;
 	}
 
-	tcp_v4_fill_cb(skb, iph, th);
+	tcp_v4_fill_cb(skb, iph, th, isn);
 
 	if (tcp_checksum_complete(skb)) {
 		inet_twsk_put(inet_twsk(sk));
@@ -2121,6 +2122,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
 		if (sk2) {
 			inet_twsk_deschedule_put(inet_twsk(sk));
 			sk = sk2;
+			isn = TCP_SKB_CB(skb)->tcp_tw_isn;
 			tcp_v4_restore_cb(skb);
 			refcounted = false;
 			goto process;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 0e1509b..a2ff19d 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1557,7 +1557,7 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
 }
 
 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
-			   const struct tcphdr *th)
+			   const struct tcphdr *th, __u32 isn)
 {
 	/* This is tricky: we move IP6CB at its correct location into
 	 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
@@ -1573,7 +1573,7 @@ static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
 				    skb->len - th->doff*4);
 	TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
 	TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
-	TCP_SKB_CB(skb)->tcp_tw_isn = 0;
+	TCP_SKB_CB(skb)->tcp_tw_isn = isn;
 	TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
 	TCP_SKB_CB(skb)->sacked = 0;
 	TCP_SKB_CB(skb)->has_rxtstamp =
@@ -1589,6 +1589,7 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
 	const struct ipv6hdr *hdr;
 	bool refcounted;
 	struct sock *sk;
+	__u32 isn = 0;
 	int ret;
 	struct net *net = dev_net(skb->dev);
 
@@ -1652,7 +1653,7 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
 		if (!tcp_filter(sk, skb)) {
 			th = (const struct tcphdr *)skb->data;
 			hdr = ipv6_hdr(skb);
-			tcp_v6_fill_cb(skb, hdr, th);
+			tcp_v6_fill_cb(skb, hdr, th, isn);
 			nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
 		}
 		if (!nsk) {
@@ -1695,7 +1696,7 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
 		goto discard_and_relse;
 	th = (const struct tcphdr *)skb->data;
 	hdr = ipv6_hdr(skb);
-	tcp_v6_fill_cb(skb, hdr, th);
+	tcp_v6_fill_cb(skb, hdr, th, isn);
 
 	skb->dev = NULL;
 
@@ -1730,7 +1731,7 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
 	if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
 		goto discard_it;
 
-	tcp_v6_fill_cb(skb, hdr, th);
+	tcp_v6_fill_cb(skb, hdr, th, isn);
 
 	if (tcp_checksum_complete(skb)) {
 csum_error:
@@ -1757,7 +1758,7 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
 		goto discard_it;
 	}
 
-	tcp_v6_fill_cb(skb, hdr, th);
+	tcp_v6_fill_cb(skb, hdr, th, isn);
 
 	if (tcp_checksum_complete(skb)) {
 		inet_twsk_put(inet_twsk(sk));
@@ -1780,6 +1781,7 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
 			struct inet_timewait_sock *tw = inet_twsk(sk);
 			inet_twsk_deschedule_put(tw);
 			sk = sk2;
+			isn = TCP_SKB_CB(skb)->tcp_tw_isn;
 			tcp_v6_restore_cb(skb);
 			refcounted = false;
 			goto process;
-- 
1.8.3.1

next             reply	other threads:[~2021-01-14 11:17 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-28 21:59 Pengcheng Yang [this message]
2021-01-14 16:53 ` [PATCH net] tcp: fix TCP_SKB_CB(skb)->tcp_tw_isn not being used Jakub Kicinski
2021-01-14 17:11   ` Eric Dumazet
2021-01-15  3:03     ` Pengcheng Yang

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:58207c7 dfblob:c8cceaa dfblob:0e1509b dfblob:a2ff19d )
 OR (
bs:"[PATCH net] tcp: fix TCP_SKB_CB(skb)->tcp_tw_isn not being used" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1609192760-4505-1-git-send-email-yangpc@wangsu.com \
    --to=yangpc@wangsu.com \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.