From patchwork Thu Jan 14 05:25:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Geliang Tang X-Patchwork-Id: 1426185 X-Patchwork-Delegate: matthieu.baerts@tessares.net Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.01.org (client-ip=198.145.21.10; helo=ml01.01.org; envelope-from=mptcp-bounces@lists.01.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=qhwESeo2; dkim-atps=neutral Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DGXp22j8Bz9sVw for ; Thu, 14 Jan 2021 16:25:30 +1100 (AEDT) Received: from ml01.vlan13.01.org (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 750B8100F2275; Wed, 13 Jan 2021 21:25:28 -0800 (PST) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::102b; helo=mail-pj1-x102b.google.com; envelope-from=geliangtang@gmail.com; receiver= Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 68AB3100F2265 for ; Wed, 13 Jan 2021 21:25:26 -0800 (PST) Received: by mail-pj1-x102b.google.com with SMTP id p15so2378158pjv.3 for ; Wed, 13 Jan 2021 21:25:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=I+FpRe/OdHMk6D+al2I2JplHFzpANCS31BSGvMRqRlU=; b=qhwESeo248macx0ZpD5yKH5h/QdLgcbgoCJvSsYuqWIUD87wOwn1bc6L75lre5wiDP Len0jTQ2WdtQRymlViweg4GvrNEHjcd4g82aH2cTHBhcu0CezmvqgXLjz+DYobgQ00M/ QAmTXeGYcZdwwHa0Vc/ECHaT1XJWUHqfV+tWDMmtOWtd/XF0R3ZZJ3a08kGM4pjXLRvV 3mAELanHyI+gJnE0O6IHW5jfIuqVp2Fox+Cd8aYXS87JXiePKixtb4rMlmtJVnDYvFhv CFuP2ko6UEnM0yneyQrdIFL1+yL0r4T8l3BNVtVMDRWHLfuPQp4nyzyESDZ0PQrA44Sg 6ZtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=I+FpRe/OdHMk6D+al2I2JplHFzpANCS31BSGvMRqRlU=; b=mQjFgdqufOQ23QidplHSvVWPnl0pPweppAsnHmuqcyg+klXUTal6FsM62ywMlR+sjy eP/LvkEp6bF+bNPCauEnljna9rG8IISzdF3vjqepYUQZZ/WhUKqPV/e+7vtalEo62IJQ mvWcayzF+lA2ZycNwJkbHebwOjUX4jDEaNWVyChdsV/YMsg7avObgd2zy1VMPUnSowwS +C+noGpR9OK38j7UxcZJAoEBweOtSanUolmYnOUTfEqq7H7FYab+XpuSku9CkMd7tJKt xmQCYUnz9B+SRr/lsJyydsCPzwaLKe2eNAi2MmjcgdXT3ZrX3KN/rvjfKZZ6XJ5mzU3e cteg== X-Gm-Message-State: AOAM533fwrukgBgCaWf9BfiFANZ1MPYFqT7E5KGKuPNa0twYnVlkuUCG HcJMhiEaSztAkQslI/HHbcYcvjYawTdUbfLr X-Google-Smtp-Source: ABdhPJyCFLen7HjGvYerjo4BKGNTxAX5sCi/LlNsNYOV3KrrV046EhO9Y0DN5SKjk+hGXx7clXJn8Q== X-Received: by 2002:a17:90a:4208:: with SMTP id o8mr3135130pjg.224.1610601925702; Wed, 13 Jan 2021 21:25:25 -0800 (PST) Received: from localhost ([43.224.245.180]) by smtp.gmail.com with ESMTPSA id d2sm4284320pjd.29.2021.01.13.21.25.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Jan 2021 21:25:25 -0800 (PST) From: Geliang Tang To: mptcp@lists.01.org Date: Thu, 14 Jan 2021 13:25:01 +0800 Message-Id: <59e26e34527116be45a5231a96b9d2f8b6c8b99c.1610598621.git.geliangtang@gmail.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <5dc1c547c8e1049b5ea5479bdceb459ee579770e.1610598621.git.geliangtang@gmail.com> References: <7a41acee25033aa36629701ff6b0f51cac507a9e.1610598621.git.geliangtang@gmail.com> <5dc1c547c8e1049b5ea5479bdceb459ee579770e.1610598621.git.geliangtang@gmail.com> MIME-Version: 1.0 Message-ID-Hash: 5HBFG5Z246VYV3HNMWYJY2T7PGSUINKT X-Message-ID-Hash: 5HBFG5Z246VYV3HNMWYJY2T7PGSUINKT X-MailFrom: geliangtang@gmail.com X-Mailman-Rule-Hits: member-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address CC: Geliang Tang X-Mailman-Version: 3.1.1 Precedence: list Subject: [MPTCP] [MPTCP][PATCH v10 mptcp-next 4/9] mptcp: add port number check for MP_JOIN List-Id: Discussions regarding MPTCP upstreaming Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: This patch adds two new helpers, subflow_use_different_sport and subflow_use_different_dport, to check whether the subflow's source or destination port number is different from the msk's port number. When receiving the MP_JOIN's SYN/SYNACK/ACK, we do these port number checks and print out the different port numbers. And furthermore, when receiving the MP_JOIN's SYN/ACK, we also use a new helper mptcp_pm_sport_in_anno_list to check whether this port number is announced. If it isn't, we need to abort this connection. This patch alse populates the local address's port field in local_address. Signed-off-by: Geliang Tang --- net/mptcp/pm_netlink.c | 23 ++++++++++++++++++++++- net/mptcp/protocol.h | 1 + net/mptcp/subflow.c | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 1 deletion(-) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 2164b016585a..e6a8ca4694c0 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -97,8 +97,8 @@ static bool address_zero(const struct mptcp_addr_info *addr) static void local_address(const struct sock_common *skc, struct mptcp_addr_info *addr) { - addr->port = 0; addr->family = skc->skc_family; + addr->port = htons(skc->skc_num); if (addr->family == AF_INET) addr->addr.s_addr = skc->skc_rcv_saddr; #if IS_ENABLED(CONFIG_MPTCP_IPV6) @@ -251,6 +251,27 @@ lookup_anno_list_by_saddr(struct mptcp_sock *msk, return NULL; } +bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock *sk) +{ + struct mptcp_pm_add_entry *entry; + struct mptcp_addr_info saddr; + bool ret = false; + + local_address((struct sock_common *)sk, &saddr); + + spin_lock_bh(&msk->pm.lock); + list_for_each_entry(entry, &msk->pm.anno_list, list) { + if (addresses_equal(&entry->addr, &saddr, true)) { + ret = true; + goto out; + } + } + +out: + spin_unlock_bh(&msk->pm.lock); + return ret; +} + static void mptcp_pm_add_timer(struct timer_list *timer) { struct mptcp_pm_add_entry *entry = from_timer(entry, timer, add_timer); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 486eebf8c7c9..93afa4c1dd76 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -582,6 +582,7 @@ int mptcp_pm_nl_mp_prio_send_ack(struct mptcp_sock *msk, struct mptcp_addr_info *addr, u8 bkup); void mptcp_pm_free_anno_list(struct mptcp_sock *msk); +bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock *sk); struct mptcp_pm_add_entry * mptcp_pm_del_add_timer(struct mptcp_sock *msk, struct mptcp_addr_info *addr); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index fee38bb9d80a..e3cb06938b91 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -117,6 +117,11 @@ static int __subflow_init_req(struct request_sock *req, const struct sock *sk_li return 0; } +static bool subflow_use_different_sport(struct mptcp_sock *msk, const struct sock *sk) +{ + return inet_sk(sk)->inet_sport != inet_sk((struct sock *)msk)->inet_sport; +} + /* Init mptcp request socket. * * Returns an error code if a JOIN has failed and a TCP reset @@ -189,6 +194,20 @@ static int subflow_init_req(struct request_sock *req, if (!subflow_req->msk) return -EPERM; + if (subflow_use_different_sport(subflow_req->msk, sk_listener)) { + pr_debug("syn inet_sport=%d %d", + ntohs(inet_sk(sk_listener)->inet_sport), + ntohs(inet_sk((struct sock *)subflow_req->msk)->inet_sport)); + if (!mptcp_pm_sport_in_anno_list(subflow_req->msk, sk_listener)) { + sock_put((struct sock *)subflow_req->msk); + mptcp_token_destroy_request(req); + tcp_request_sock_ops.destructor(req); + subflow_req->msk = NULL; + subflow_req->mp_join = 0; + return -EPERM; + } + } + subflow_req_create_thmac(subflow_req); if (unlikely(req->syncookie)) { @@ -333,6 +352,11 @@ void mptcp_subflow_reset(struct sock *ssk) sock_put(sk); } +static bool subflow_use_different_dport(struct mptcp_sock *msk, const struct sock *sk) +{ + return inet_sk(sk)->inet_dport != inet_sk((struct sock *)msk)->inet_dport; +} + static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); @@ -399,6 +423,12 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) subflow->mp_join = 1; MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINSYNACKRX); + + if (subflow_use_different_dport(mptcp_sk(parent), sk)) { + pr_debug("synack inet_dport=%d %d", + ntohs(inet_sk(sk)->inet_dport), + ntohs(inet_sk(parent)->inet_dport)); + } } else if (mptcp_check_fallback(sk)) { fallback: mptcp_rcv_space_init(mptcp_sk(parent), sk); @@ -661,6 +691,14 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINACKRX); tcp_rsk(req)->drop_req = true; + + if (subflow_use_different_sport(owner, sk)) { + pr_debug("ack inet_sport=%d %d", + ntohs(inet_sk(sk)->inet_sport), + ntohs(inet_sk((struct sock *)owner)->inet_sport)); + if (!mptcp_pm_sport_in_anno_list(owner, sk)) + goto out; + } } }