Re: [PATCH net-next 1/1] net/ipv4: disable SMC TCP option with SYN Cookies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 03/20/2018 09:21 AM, Eric Dumazet wrote:
> 
> 
> On 03/20/2018 08:53 AM, Ursula Braun wrote:
>> From: Hans Wippel <hwippel@xxxxxxxxxxxxxxxxxx>
>>
>> Currently, the SMC experimental TCP option in a SYN packet is lost on
>> the server side when SYN Cookies are active. However, the corresponding
>> SYNACK sent back to the client contains the SMC option. This causes an
>> inconsistent view of the SMC capabilities on the client and server.
>>
>> This patch disables the SMC option in the SYNACK when SYN Cookies are
>> active to avoid this issue.
>>
>> Signed-off-by: Hans Wippel <hwippel@xxxxxxxxxxxxxxxxxx>
>> Signed-off-by: Ursula Braun <ubraun@xxxxxxxxxxxxxxxxxx>
>> ---
>>  net/ipv4/tcp_output.c | 2 ++
>>  1 file changed, 2 insertions(+)
>>
>> diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
>> index 383cac0ff0ec..22894514feae 100644
>> --- a/net/ipv4/tcp_output.c
>> +++ b/net/ipv4/tcp_output.c
>> @@ -3199,6 +3199,8 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst,
>>  		/* Under synflood, we do not attach skb to a socket,
>>  		 * to avoid false sharing.
>>  		 */
>> +		if (IS_ENABLED(CONFIG_SMC))
>> +			ireq->smc_ok = 0;
>>  		break;
>>  	case TCP_SYNACK_FASTOPEN:
>>  		/* sk is a const pointer, because we want to express multiple
>>
> 
> I disagree with net-next qualification.
>
> This fixes a bug, so please send it for net tree, and including an appropriate Fixes: tag.
>

Also, please do not add the fix in tcp_make_synack()

tcp_make_synack() builds an skb, and really should not modify ireq, ideally.
The only reason ireq is not const is because of the skb_set_owner_w().

I would clear it in cookie_v4_check()/cookie_v6_check()

(We could have a common helper to allocate a TCP ireq btw, but this will wait a future patch for net-next)




--
To unsubscribe from this list: send the line "unsubscribe linux-s390" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux