Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3067783pxb; Mon, 9 Nov 2020 01:22:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJwMRyBE8oPGC0iBu7g1gELoZCATwa066+BF9Quio1x3PmFDBrdFzIwQLL1lm8dOEc/qyHh8 X-Received: by 2002:a50:e08e:: with SMTP id f14mr14080809edl.374.1604913730901; Mon, 09 Nov 2020 01:22:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604913730; cv=none; d=google.com; s=arc-20160816; b=lK3BFkbpf3KPOcy53BbNigBjklu8NYyTVealBpy0Os7mHTI9HWKUzJhtq6Kb5tI86C 5jLTU+R5ttO7SQVa+NMbaAyBHD7pPR8pmbHeitVbjeBk2kwFVkzSujGsIklVNlYCYrdC EKClsfWYoZ2VHhjxI69PzwVWwUKeSL/8bny4iqFYIOHlrfHjwaLsC7cX/7XwlaE/IpP1 dX6iWgUB4hRpDZ1EU8GEikorWStfJu0glLyJytVQXSWS0M0NisqewCBPRlmtXZ/0zAN9 0Zb7/7FIPpYjUDi/o4sSIE/qrqqhfTYLsrUCLxE11NtbkxFq1jRbWVG78dcS6mnxBRdP IptQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=/+0xHWa0+JsKgWFno+z00Mmb/1zblUydh/SCGp3jed8=; b=mWgs0A3NSpDMMNBDrWtG4TyC3qTN6WlQvx8R6i1gnP4dv8nwDNeArfwhAYCQy/Lafp t9h5frpujPxNwTK+hdDlSKproONw4J2KOqrev9BlWkmByYYjTp2JNHVaIQpQRthXjvrW VUc23FCJN7Vvym0xxOqIlRhAM5LEulZDhSu3HI6OibN6WmiqHoZ4B3NSCDUOPy3QnMHo gZnuNi2hOdzNyZ0erODv0bzG7LmZNaI4cA8wKvCCkzYPLauTi+HPHn+MSZztgPNpAfQD 5A69xKAbizIWhhRHasmN6OCLTXhtrWhdnOu1eO6RRAx0GIz9h2anAu8DO0q+Q1ifuwmk Bdow== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w2si6906859edv.240.2020.11.09.01.21.48; Mon, 09 Nov 2020 01:22:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727959AbgKIJU0 (ORCPT + 99 others); Mon, 9 Nov 2020 04:20:26 -0500 Received: from out30-130.freemail.mail.aliyun.com ([115.124.30.130]:43316 "EHLO out30-130.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725854AbgKIJU0 (ORCPT ); Mon, 9 Nov 2020 04:20:26 -0500 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R201e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04400;MF=wenan.mao@linux.alibaba.com;NM=1;PH=DS;RN=9;SR=0;TI=SMTPD_---0UEhtbfS_1604913616; Received: from VM20200710-3.tbsite.net(mailfrom:wenan.mao@linux.alibaba.com fp:SMTPD_---0UEhtbfS_1604913616) by smtp.aliyun-inc.com(127.0.0.1); Mon, 09 Nov 2020 17:20:22 +0800 From: Mao Wenan To: edumazet@google.com, davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, Mao Wenan Subject: [PATCH] net: Update window_clamp if SOCK_RCVBUF is set Date: Mon, 9 Nov 2020 17:20:14 +0800 Message-Id: <1604913614-19432-1-git-send-email-wenan.mao@linux.alibaba.com> X-Mailer: git-send-email 1.8.3.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When net.ipv4.tcp_syncookies=1 and syn flood is happened, cookie_v4_check tries to redo what tcp_v4_send_synack did, rsk_window_clamp will be changed if SOCK_RCVBUF is set by user, which will make rcv_wscale is different, the client still operates with initial window scale and can overshot granted window, the client use the initial scale but local server use new scale to advertise window value, and session work abnormally. Signed-off-by: Mao Wenan --- net/ipv4/syncookies.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 6ac473b..57ce317 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -427,6 +427,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) /* Try to redo what tcp_v4_send_synack did. */ req->rsk_window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW); + /* limit the window selection if the user enforce a smaller rx buffer */ + if (sk->sk_userlocks & SOCK_RCVBUF_LOCK && + (req->rsk_window_clamp > tcp_full_space(sk) || req->rsk_window_clamp == 0)) + req->rsk_window_clamp = tcp_full_space(sk); tcp_select_initial_window(sk, tcp_full_space(sk), req->mss, &req->rsk_rcv_wnd, &req->rsk_window_clamp, -- 1.8.3.1