From: Florian Westphal <fw@strlen.de>
To: <mptcp@lists.linux.dev>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH 1/4] mptcp: prefer ip address in syn skb instead of listen sk bound address
Date: Wed, 23 Feb 2022 12:08:29 +0100 [thread overview]
Message-ID: <20220223110832.29357-2-fw@strlen.de> (raw)
In-Reply-To: <20220223110832.29357-1-fw@strlen.de>
Once we change mptcp to use tproxy-like scheme to steer mptcp join
requests to a special pernet socket, the 'sk bound address' becomes
meaningless because it will never be identical to the tcp dport/ip daddr
of the on-wire packet.
Prepare for this: pass the skbuff and use the packet data instead of
the address the listener socket is bound to.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
net/mptcp/pm_netlink.c | 17 +++++++++++++++--
net/mptcp/protocol.h | 2 +-
net/mptcp/subflow.c | 5 +++--
3 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c
index a0e7d5b7e22f..ed923b573c1c 100644
--- a/net/mptcp/pm_netlink.c
+++ b/net/mptcp/pm_netlink.c
@@ -269,13 +269,26 @@ mptcp_lookup_anno_list_by_saddr(const struct mptcp_sock *msk,
return NULL;
}
-bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock *sk)
+static void skb_fetch_src_address(const struct sk_buff *skb,
+ struct mptcp_addr_info *addr)
+{
+ addr->port = tcp_hdr(skb)->dest;
+ if (addr->family == AF_INET)
+ addr->addr.s_addr = ip_hdr(skb)->daddr;
+#if IS_ENABLED(CONFIG_MPTCP_IPV6)
+ else if (addr->family == AF_INET6)
+ addr->addr6 = ipv6_hdr(skb)->daddr;
+#endif
+}
+
+bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, int af, const struct sk_buff *skb)
{
struct mptcp_pm_add_entry *entry;
struct mptcp_addr_info saddr;
bool ret = false;
- local_address((struct sock_common *)sk, &saddr);
+ saddr.family = af;
+ skb_fetch_src_address(skb, &saddr);
spin_lock_bh(&msk->pm.lock);
list_for_each_entry(entry, &msk->pm.anno_list, list) {
diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index c8bada4537e2..6b2d7f60c8ad 100644
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -761,7 +761,7 @@ void mptcp_pm_rm_addr_received(struct mptcp_sock *msk,
void mptcp_pm_mp_prio_received(struct sock *sk, u8 bkup);
void mptcp_pm_mp_fail_received(struct sock *sk, u64 fail_seq);
void mptcp_pm_free_anno_list(struct mptcp_sock *msk);
-bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock *sk);
+bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, int af, const struct sk_buff *skb);
struct mptcp_pm_add_entry *
mptcp_pm_del_add_timer(struct mptcp_sock *msk,
const struct mptcp_addr_info *addr, bool check_id);
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index c05c19f92532..1fa096086f82 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -216,7 +216,8 @@ static int subflow_check_req(struct request_sock *req,
pr_debug("syn inet_sport=%d %d",
ntohs(inet_sk(sk_listener)->inet_sport),
ntohs(inet_sk((struct sock *)subflow_req->msk)->inet_sport));
- if (!mptcp_pm_sport_in_anno_list(subflow_req->msk, sk_listener)) {
+ if (!mptcp_pm_sport_in_anno_list(subflow_req->msk,
+ sk_listener->sk_family, skb)) {
SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MISMATCHPORTSYNRX);
return -EPERM;
}
@@ -793,7 +794,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk,
pr_debug("ack inet_sport=%d %d",
ntohs(inet_sk(sk)->inet_sport),
ntohs(inet_sk((struct sock *)owner)->inet_sport));
- if (!mptcp_pm_sport_in_anno_list(owner, sk)) {
+ if (!mptcp_pm_sport_in_anno_list(owner, sk->sk_family, skb)) {
SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MISMATCHPORTACKRX);
goto dispose_child;
}
--
2.34.1
next prev parent reply other threads:[~2022-02-23 11:08 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-23 11:08 [PATCH mptcp-next v3 0/4] mptcp: replace per-addr listener sockets Florian Westphal
2022-02-23 11:08 ` Florian Westphal [this message]
2022-02-23 11:08 ` [PATCH 2/4] tcp: add mptcp join demultiplex hooks Florian Westphal
2022-02-23 11:08 ` [PATCH 3/4] mptcp: handle join requests via pernet listen socket Florian Westphal
2022-02-24 1:26 ` Mat Martineau
2022-02-24 8:36 ` Paolo Abeni
2022-02-24 7:09 ` kernel test robot
2022-02-23 11:08 ` [PATCH 4/4] mptcp: remove per-address listening sockets Florian Westphal
2022-02-23 12:15 ` mptcp: remove per-address listening sockets: Tests Results MPTCP CI
2022-02-24 0:48 ` [PATCH mptcp-next v3 0/4] mptcp: replace per-addr listener sockets Mat Martineau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220223110832.29357-2-fw@strlen.de \
--to=fw@strlen.de \
--cc=mptcp@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.