From: Eric Dumazet <eric.dumazet@gmail.com>
To: David Miller <davem@davemloft.net>
Cc: lists@nerdbynature.de, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, John Dykstra <john.dykstra1@gmail.com>
Subject: Re: Badness at net/ipv4/inet_connection_sock.c:293
Date: Mon, 14 Dec 2009 18:34:00 +0100 [thread overview]
Message-ID: <4B267708.3010202@gmail.com> (raw)
In-Reply-To: <20091213.234530.82029083.davem@davemloft.net>
Le 14/12/2009 08:45, David Miller a écrit :
> From: Eric Dumazet <eric.dumazet@gmail.com>
> Date: Mon, 14 Dec 2009 06:56:31 +0100
>
>> It seems to me tcp_create_openreq_child() doesnt properly initialize
>> newtp->cookie_values to NULL, but this should not produce warnings like that ?
>
> If oldtp->cookie_values is NULL, the child's should be as well
> because of sk_clone().
Right, maybe then its a tcp_ack() or a syncookie validation change ?
tcp_v4_rcv()
bh_lock_sock_nested(sk);
if (!sock_owned_by_user(sk)) {
-> tcp_v4_do_rcv()
-> tcp_v4_hnd_req()
-> cookie_v4_check()
-> get_cookie_sock()
-> child = syn_recv_sock()
-> inet_csk_reqsk_queue_add(child) (TCP_SYN_RECV socket queued into parent)
-> tcp_child_process() (backlog... not)
-> tcp_rcv_state_process()
-> acceptable = tcp_ack() > 0;
-> if (acceptable) -> sk_state = TCP_ESTABLISHED
(but if tcp_ack() returned <= 0, state unchanged : TCP_SYN_RECV)
And commit 96e0bf4b5193d0d97d139f99e2dd128763d55521
(tcp: Discard segments that ack data not yet sent)
Did change this area a bit :
@@ -5632,7 +5639,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
/* step 5: check the ACK field */
if (th->ack) {
- int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH);
+ int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0;
switch (sk->sk_state) {
case TCP_SYN_RECV:
next prev parent reply other threads:[~2009-12-14 17:34 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-12 7:43 Badness at net/ipv4/inet_connection_sock.c:293 Christian Kujau
2009-12-12 9:03 ` David Miller
2009-12-12 9:22 ` Eric Dumazet
2009-12-12 10:06 ` lists
2009-12-14 5:56 ` Eric Dumazet
2009-12-14 7:45 ` David Miller
2009-12-14 17:34 ` Eric Dumazet [this message]
2009-12-14 18:19 ` David Miller
2009-12-14 18:57 ` John Dykstra
2009-12-14 19:11 ` David Miller
2009-12-14 19:16 ` David Miller
2009-12-14 19:23 ` Eric Dumazet
2009-12-14 19:26 ` David Miller
2009-12-14 22:35 ` David Miller
2009-12-15 7:18 ` David Miller
2009-12-15 8:45 ` Eric Dumazet
2009-12-16 4:50 ` David Miller
2009-12-16 4:57 ` David Miller
2009-12-14 19:22 ` Eric Dumazet
2009-12-14 19:24 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B267708.3010202@gmail.com \
--to=eric.dumazet@gmail.com \
--cc=davem@davemloft.net \
--cc=john.dykstra1@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lists@nerdbynature.de \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).