From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
Yuchung Cheng <ycheng@google.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.1 19/29] tcp: add proper TS val into RST packets
Date: Thu, 1 Oct 2015 11:31:55 +0200 [thread overview]
Message-ID: <20151001093146.550640850@linuxfoundation.org> (raw)
In-Reply-To: <20151001093145.730759857@linuxfoundation.org>
4.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 675ee231d960af2af3606b4480324e26797eb010 ]
RST packets sent on behalf of TCP connections with TS option (RFC 7323
TCP timestamps) have incorrect TS val (set to 0), but correct TS ecr.
A > B: Flags [S], seq 0, win 65535, options [mss 1000,nop,nop,TS val 100
ecr 0], length 0
B > A: Flags [S.], seq 2444755794, ack 1, win 28960, options [mss
1460,nop,nop,TS val 7264344 ecr 100], length 0
A > B: Flags [.], ack 1, win 65535, options [nop,nop,TS val 110 ecr
7264344], length 0
B > A: Flags [R.], seq 1, ack 1, win 28960, options [nop,nop,TS val 0
ecr 110], length 0
We need to call skb_mstamp_get() to get proper TS val,
derived from skb->skb_mstamp
Note that RFC 1323 was advocating to not send TS option in RST segment,
but RFC 7323 recommends the opposite :
Once TSopt has been successfully negotiated, that is both <SYN> and
<SYN,ACK> contain TSopt, the TSopt MUST be sent in every non-<RST>
segment for the duration of the connection, and SHOULD be sent in an
<RST> segment (see Section 5.2 for details)
Note this RFC recommends to send TS val = 0, but we believe it is
premature : We do not know if all TCP stacks are properly
handling the receive side :
When an <RST> segment is
received, it MUST NOT be subjected to the PAWS check by verifying an
acceptable value in SEG.TSval, and information from the Timestamps
option MUST NOT be used to update connection state information.
SEG.TSecr MAY be used to provide stricter <RST> acceptance checks.
In 5 years, if/when all TCP stack are RFC 7323 ready, we might consider
to decide to send TS val = 0, if it buys something.
Fixes: 7faee5c0d514 ("tcp: remove TCP_SKB_CB(skb)->when")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_output.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2893,6 +2893,7 @@ void tcp_send_active_reset(struct sock *
skb_reserve(skb, MAX_TCP_HEADER);
tcp_init_nondata_skb(skb, tcp_acceptable_seq(sk),
TCPHDR_ACK | TCPHDR_RST);
+ skb_mstamp_get(&skb->skb_mstamp);
/* Send it off. */
if (tcp_transmit_skb(sk, skb, 0, priority))
NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED);
next prev parent reply other threads:[~2015-10-01 9:32 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-01 9:31 [PATCH 4.1 00/29] 4.1.10-stable review Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 01/29] ip6_gre: release cached dst on tunnel removal Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 02/29] vxlan: re-ignore EADDRINUSE from igmp_join Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 03/29] cls_u32: complete the check for non-forced case in u32_destroy() Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 04/29] usbnet: Get EVENT_NO_RUNTIME_PM bit before it is cleared Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 05/29] sock, diag: fix panic in sock_diag_put_filterinfo Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 06/29] ipv6: fix exthdrs offload registration in out_rt path Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 07/29] net: fec: clear receive interrupts before processing a packet Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 08/29] net: eth: altera: fix napi poll_list corruption Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 09/29] net/ipv6: Correct PIM6 mrt_lock handling Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 10/29] net: dsa: bcm_sf2: Fix ageing conditions and operation Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 11/29] ipv6: fix multipath route replace error recovery Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 12/29] net: dsa: bcm_sf2: Fix 64-bits register writes Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 13/29] netlink, mmap: transform mmap skb into full skb on taps Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 14/29] sctp: fix race on protocol/netns initialization Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 16/29] net/mlx4_en: really allow to change RSS key Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 17/29] macvtap: fix TUNSETSNDBUF values > 64k Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 18/29] openvswitch: Zero flows on allocation Greg Kroah-Hartman
2015-10-01 9:31 ` Greg Kroah-Hartman [this message]
2015-10-01 9:31 ` [PATCH 4.1 20/29] net: revert "net_sched: move tp->root allocation into fw_init()" Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 21/29] fib_rules: fix fib rule dumps across multiple skbs Greg Kroah-Hartman
2015-10-01 9:31 ` [PATCH 4.1 22/29] net: dsa: bcm_sf2: Do not override speed settings Greg Kroah-Hartman
2015-10-02 0:47 ` Ben Hutchings
2015-10-02 1:22 ` David Miller
2015-10-03 11:38 ` Greg KH
2015-10-01 9:31 ` [PATCH 4.1 23/29] net: phy: fixed_phy: handle link-down case Greg Kroah-Hartman
2015-10-01 9:32 ` [PATCH 4.1 24/29] of_mdio: add new DT property managed to specify the PHY management type Greg Kroah-Hartman
2015-10-01 9:32 ` [PATCH 4.1 25/29] mvneta: use inband status only when explicitly enabled Greg Kroah-Hartman
2015-10-01 9:32 ` [PATCH 4.1 26/29] netlink: Fix autobind race condition that leads to zero port ID Greg Kroah-Hartman
2015-10-01 9:32 ` [PATCH 4.1 27/29] netlink: Replace rhash_portid with bound Greg Kroah-Hartman
2015-10-01 9:32 ` [PATCH 4.1 28/29] zram: fix possible use after free in zcomp_create() Greg Kroah-Hartman
2015-10-01 9:32 ` [PATCH 4.1 29/29] hp-wmi: limit hotkey enable Greg Kroah-Hartman
[not found] ` <20151001093146.372268230@linuxfoundation.org>
2015-10-01 23:13 ` [PATCH 4.1 15/29] bridge: fix igmpv3 / mldv2 report parsing Linus Lüssing
2015-10-02 1:29 ` [PATCH 4.1 00/29] 4.1.10-stable review Guenter Roeck
2015-10-02 6:23 ` Sudip Mukherjee
[not found] ` <560e9a58.e127b40a.bc060.fffffb97@mx.google.com>
2015-10-02 15:04 ` Kevin Hilman
2015-10-02 15:41 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151001093146.550640850@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=ycheng@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).