Received: by 2002:a5d:925a:0:0:0:0:0 with SMTP id e26csp1191731iol; Fri, 10 Jun 2022 02:11:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxw8wqf9Z/N5i15P6gbGOf2DW7DU/hqZXrlv5i+eVgb6eelbREsspPOHZ5I5+xP2JNO1sA4 X-Received: by 2002:a17:906:dff9:b0:6ff:2f22:7d0 with SMTP id lc25-20020a170906dff900b006ff2f2207d0mr32057038ejc.198.1654852314629; Fri, 10 Jun 2022 02:11:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654852314; cv=none; d=google.com; s=arc-20160816; b=X7bi4eV2svgIQWqly7jhXPAitsU00Y8b/qM9XANMmKT3ECMk5WGIRzzEOWaDKLEEDF SKQydesG5e7INHl9F3R+uibPIHWx7VfNYwj32FVpnaCVUe5+yOABPWfxeqX9Q+T/jj7Y +RLBbFDxVhuPpCDkZxUh1m9xzmkOJlD8US9JztT3UPZK4Uly2IxoRDjW8ji8u3iqh865 c0Xk8tDQlJzijSAcJi3bCdZahitxukGj37BCyuTfJgrn/jgv8XvQitslc//ir2mm7cdj xKbW5rAiRvMISBtDMuGLUT/LSOoJN+SnzxWu37epQdZplErPcs4GJVN7rR4TCY6i4uH0 X5EQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=7uB1w+EHB+1oiiNaBoyt/7ePUBWKmmz4CDXK/RldunU=; b=KnuD9R3XnULGqWeJ49nyVS6wOKPL0KCDrIBfE0K+ZNu1gi39IKwV7jdzbm5GL46NJz wsEFEXs1tAxjyQvYQflb6WBN71B/yzc1UTXDaN1NTHsy+XK2o1ZfcE6FpkRD435Q4c/I R0pHSrS4fcI/kn2uw1aOZzE+w6vAHV60+Zcvpy5vmPDYrA2ufYwAe+MWQkXSPn1Xz7lq kSQyfJjrvy4leDeKt3uEzkHCZjZYn6VG+4upBuPh0jQJBUL0FBoEf/es3Abj3ve16DKS T9ErS946pnENfbKA+umZafjchy5zC1s/3XMoOF7heKcHoPX+j97eGmtMDg3rMbmPcBTK 7ikQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=ZkIKDUKm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qb10-20020a1709077e8a00b006fe4c66b711si1432416ejc.46.2022.06.10.02.11.27; Fri, 10 Jun 2022 02:11:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=ZkIKDUKm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347199AbiFJJFh (ORCPT + 99 others); Fri, 10 Jun 2022 05:05:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39446 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348378AbiFJJFG (ORCPT ); Fri, 10 Jun 2022 05:05:06 -0400 Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com [IPv6:2607:f8b0:4864:20::b33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC74A11AFCA for ; Fri, 10 Jun 2022 02:04:56 -0700 (PDT) Received: by mail-yb1-xb33.google.com with SMTP id t32so1468135ybt.12 for ; Fri, 10 Jun 2022 02:04:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7uB1w+EHB+1oiiNaBoyt/7ePUBWKmmz4CDXK/RldunU=; b=ZkIKDUKm1FfyCk0BzsMMxjctP8p0SCNWlPcsJlkrfto0C31zsmM/CSuFWCo+zIri0w I+3nzHy6jNMKs+ME8HxPo9UbOo27lr4F+0Z7D0NwmW4JaXkQdgOAMZHMUU0IoVneTicV M5s+qqwRE3mWK385reWOK1Z3wjyzG302oE0isNZZ2cDazd8wtBoT1NLl8OUG6B94L4LY rL3AurtNr35FE+IQLJ0woneglUJs/C3NXUDedvYaxnGrFrO9Vr+SDX8SH+1RAD+kc/XY N1Qb6ouQELIfmigNuX67AFW3AEnETRZjXvRuK07+kZ6NnRK4bvxCoT1y4niUDfTwEHou n/vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7uB1w+EHB+1oiiNaBoyt/7ePUBWKmmz4CDXK/RldunU=; b=Gl9xuSbx3FWtuk4QFxZEqYArr7TfOk6xF9DBWUPdqOpM+Fvx7kR1ILmT2fM+gEbSSF DCDgM5YvDBJfj9ilyiQmDMrz9Ajjj6AoFyRXua+BLbdasJOasMgoup4mI/gNufMX7Gy2 SV2CFpmgxpBKbDV6l11MhUf0UOzxhdFtXZtHtsyj/NCHdWdHVZc4cDO19qws74vo0OjE IS28FppCCfmmDA7SGpHd+oyCXBZ5VWsRjLzocRE7YRYbJQn20+DJOHUg2eamShf0Gha0 /nv3vOkCBDdOgVxCoMzOIb9RVXcMU85DezXd/KTy3WKiW7C68n2E+ROl0pqEYMe1kets B7Ew== X-Gm-Message-State: AOAM533z9oCA5zNJD49wQHvzqgrTGLvlF7EqqV61ChRzE3IcpseRhajS zn6PRgzyGS46jzVH5/MyvmdFFtShHEC+nIsZLbWVOw== X-Received: by 2002:a05:6902:c9:b0:641:1998:9764 with SMTP id i9-20020a05690200c900b0064119989764mr42933991ybs.427.1654851895121; Fri, 10 Jun 2022 02:04:55 -0700 (PDT) MIME-Version: 1.0 References: <20220610034204.67901-1-imagedong@tencent.com> <20220610034204.67901-8-imagedong@tencent.com> In-Reply-To: <20220610034204.67901-8-imagedong@tencent.com> From: Eric Dumazet Date: Fri, 10 Jun 2022 02:04:44 -0700 Message-ID: Subject: Re: [PATCH net-next v3 7/9] net: tcp: add skb drop reasons to tcp tw code path To: Menglong Dong Cc: Steven Rostedt , Ingo Molnar , David Miller , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , Paolo Abeni , Menglong Dong , Martin KaFai Lau , Talal Ahmad , Kees Cook , Dongli Zhang , LKML , netdev , Jiang Biao , Hao Peng Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 9, 2022 at 8:45 PM wrote: > > From: Menglong Dong > > In order to get the reasons of skb drops, add a function argument of > type 'enum skb_drop_reason *reason' to tcp_timewait_state_process(). > > In the origin code, all packets to time-wait socket are treated as > dropping with kfree_skb(), which can make users confused. Therefore, > we use consume_skb() for the skbs that are 'good'. We can check the > value of 'reason' to decide use kfree_skb() or consume_skb(). > > The new reason 'TIMEWAIT' is added for the case that the skb is dropped > as the socket in time-wait state. > > Reviewed-by: Jiang Biao > Reviewed-by: Hao Peng > Signed-off-by: Menglong Dong > Reported-by: Eric Dumazet I have suggested that consume_skb() could be an alias of kfree_skb_reason(skb, SKB_NOT_DROPPED), or something like that. In order to avoid silly constructs all over the places : if (reason) kfree_skb_reason(skb, reason); else consume_skb(skb); -> kfree_skb_reason(skb, reason); > --- > v2: > - skb is not freed on TCP_TW_ACK and 'ret' is not initizalized, fix > it (Eric Dumazet) > --- > include/net/dropreason.h | 6 ++++++ > include/net/tcp.h | 7 ++++--- > net/ipv4/tcp_ipv4.c | 9 ++++++++- > net/ipv4/tcp_minisocks.c | 24 ++++++++++++++++++++---- > net/ipv6/tcp_ipv6.c | 8 +++++++- > 5 files changed, 45 insertions(+), 9 deletions(-) > > diff --git a/include/net/dropreason.h b/include/net/dropreason.h > index 86e89d3022b5..3c6f8e0f7f16 100644 > --- a/include/net/dropreason.h > +++ b/include/net/dropreason.h > @@ -258,6 +258,12 @@ enum skb_drop_reason { > * socket is full, corresponding to LINUX_MIB_TCPREQQFULLDROP > */ > SKB_DROP_REASON_TCP_REQQFULLDROP, > + /** > + * @SKB_DROP_REASON_TIMEWAIT: socket is in time-wait state and all > + * packet that received will be treated as 'drop', except a good > + * 'SYN' packet > + */ > + SKB_DROP_REASON_TIMEWAIT, > /** > * @SKB_DROP_REASON_MAX: the maximum of drop reason, which shouldn't be > * used as a real 'reason' > diff --git a/include/net/tcp.h b/include/net/tcp.h > index 082dd0627e2e..88217b8d95ac 100644 > --- a/include/net/tcp.h > +++ b/include/net/tcp.h > @@ -380,9 +380,10 @@ enum tcp_tw_status { > }; > > > -enum tcp_tw_status tcp_timewait_state_process(struct inet_timewait_sock *tw, > - struct sk_buff *skb, > - const struct tcphdr *th); > +enum tcp_tw_status > +tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb, > + const struct tcphdr *th, > + enum skb_drop_reason *reason); > struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb, > struct request_sock *req, bool fastopen, > bool *lost_race); > diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c > index 804fc5e0203e..e7bd2f410a4a 100644 > --- a/net/ipv4/tcp_ipv4.c > +++ b/net/ipv4/tcp_ipv4.c > @@ -2134,7 +2134,8 @@ int tcp_v4_rcv(struct sk_buff *skb) > inet_twsk_put(inet_twsk(sk)); > goto csum_error; > } > - switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { > + switch (tcp_timewait_state_process(inet_twsk(sk), skb, th, > + &drop_reason)) { > case TCP_TW_SYN: { > struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev), > &tcp_hashinfo, skb, > @@ -2150,11 +2151,17 @@ int tcp_v4_rcv(struct sk_buff *skb) > refcounted = false; > goto process; > } > + /* TCP_FLAGS or NO_SOCKET? */ > + SKB_DR_SET(drop_reason, TCP_FLAGS); > } > /* to ACK */ > fallthrough; > case TCP_TW_ACK: > tcp_v4_timewait_ack(sk, skb); > + if (!drop_reason) { > + consume_skb(skb); > + return 0; > + } Sorry, this is the kind of change which makes the whole exercise source of numerous problems later when backports are needed. You are sending patches today, but we are not sure you will be willing to spend days of work and tests to validate future backports with conflicts. > break; > case TCP_TW_RST: > tcp_v4_send_reset(sk, skb); > diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c > index 1a21018f6f64..329724118b7f 100644 > --- a/net/ipv4/tcp_minisocks.c > +++ b/net/ipv4/tcp_minisocks.c > @@ -83,13 +83,15 @@ tcp_timewait_check_oow_rate_limit(struct inet_timewait_sock *tw, > */ > enum tcp_tw_status > tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb, > - const struct tcphdr *th) > + const struct tcphdr *th, > + enum skb_drop_reason *reason) > { > struct tcp_options_received tmp_opt; > struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw); > bool paws_reject = false; > > tmp_opt.saw_tstamp = 0; > + *reason = SKB_DROP_REASON_NOT_SPECIFIED; > if (th->doff > (sizeof(*th) >> 2) && tcptw->tw_ts_recent_stamp) { > tcp_parse_options(twsk_net(tw), skb, &tmp_opt, 0, NULL); > > @@ -113,11 +115,16 @@ tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb, > return tcp_timewait_check_oow_rate_limit( > tw, skb, LINUX_MIB_TCPACKSKIPPEDFINWAIT2); > > - if (th->rst) > + if (th->rst) { > + SKB_DR_SET(*reason, TCP_RESET); > goto kill; > + } > > - if (th->syn && !before(TCP_SKB_CB(skb)->seq, tcptw->tw_rcv_nxt)) > + if (th->syn && !before(TCP_SKB_CB(skb)->seq, > + tcptw->tw_rcv_nxt)) { > + SKB_DR_SET(*reason, TCP_FLAGS); > return TCP_TW_RST; > + } > > /* Dup ACK? */ > if (!th->ack || > @@ -143,6 +150,9 @@ tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb, > } > > inet_twsk_reschedule(tw, TCP_TIMEWAIT_LEN); > + > + /* skb should be free normally on this case. */ > + *reason = SKB_NOT_DROPPED_YET; > return TCP_TW_ACK; > } > > @@ -174,6 +184,7 @@ tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb, > * protocol bug yet. > */ > if (twsk_net(tw)->ipv4.sysctl_tcp_rfc1337 == 0) { > + SKB_DR_SET(*reason, TCP_RESET); > kill: > inet_twsk_deschedule_put(tw); > return TCP_TW_SUCCESS; > @@ -216,11 +227,14 @@ tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb, > if (isn == 0) > isn++; > TCP_SKB_CB(skb)->tcp_tw_isn = isn; > + *reason = SKB_NOT_DROPPED_YET; > return TCP_TW_SYN; > } > > - if (paws_reject) > + if (paws_reject) { > + SKB_DR_SET(*reason, TCP_RFC7323_PAWS); > __NET_INC_STATS(twsk_net(tw), LINUX_MIB_PAWSESTABREJECTED); > + } > > if (!th->rst) { > /* In this case we must reset the TIMEWAIT timer. > @@ -232,9 +246,11 @@ tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb, > if (paws_reject || th->ack) > inet_twsk_reschedule(tw, TCP_TIMEWAIT_LEN); > > + SKB_DR_OR(*reason, TIMEWAIT); > return tcp_timewait_check_oow_rate_limit( > tw, skb, LINUX_MIB_TCPACKSKIPPEDTIMEWAIT); > } > + SKB_DR_SET(*reason, TCP_RESET); > inet_twsk_put(tw); > return TCP_TW_SUCCESS; > } > diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c > index 0d2ba9d90529..41551a3b679b 100644 > --- a/net/ipv6/tcp_ipv6.c > +++ b/net/ipv6/tcp_ipv6.c > @@ -1795,7 +1795,8 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb) > goto csum_error; > } > > - switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { > + switch (tcp_timewait_state_process(inet_twsk(sk), skb, th, > + &drop_reason)) { > case TCP_TW_SYN: > { > struct sock *sk2; > @@ -1815,11 +1816,16 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb) > refcounted = false; > goto process; > } > + SKB_DR_SET(drop_reason, TCP_FLAGS); > } > /* to ACK */ > fallthrough; > case TCP_TW_ACK: > tcp_v6_timewait_ack(sk, skb); > + if (!drop_reason) { > + consume_skb(skb); > + return 0; > + } > break; > case TCP_TW_RST: > tcp_v6_send_reset(sk, skb); > -- > 2.36.1 >