From patchwork Thu May 6 04:48:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Geliang Tang X-Patchwork-Id: 1474803 X-Patchwork-Delegate: mathew.j.martineau@linux.intel.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.dev (client-ip=2604:1380:1:3600::1; helo=ewr.edge.kernel.org; envelope-from=mptcp+bounces-545-incoming=patchwork.ozlabs.org@lists.linux.dev; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=YeuAjIMf; dkim-atps=neutral Received: from ewr.edge.kernel.org (ewr.edge.kernel.org [IPv6:2604:1380:1:3600::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FbLgT0XJmz9sRf for ; Thu, 6 May 2021 14:48:21 +1000 (AEST) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ewr.edge.kernel.org (Postfix) with ESMTPS id E659A1C0D80 for ; Thu, 6 May 2021 04:48:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AC41A72; Thu, 6 May 2021 04:48:17 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC73E71 for ; Thu, 6 May 2021 04:48:16 +0000 (UTC) Received: by mail-pf1-f172.google.com with SMTP id i13so4344730pfu.2 for ; Wed, 05 May 2021 21:48:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8CTRfYcyqRjo9A5S73+wjjqhzQL/vzbt5fY3a33esBc=; b=YeuAjIMfOQxr7qVRpzzM2783VfWW673uvb69iKGrLhm3TFEn4WFyhEduLVqgTUWFB9 FdCZUbmKqGU2BwKO6OJ3dmIbQNncTTEwSLDeO1cbb5t3g2bleYJX5TMHjyQTss0nSwT+ xvoL//2gHTb5lGLZlsMwxjl73cil8uLFhPogcrCQnwoK56RkcNfStrlptgyuCVIz4p2y +JKCLtxR+EbVQmR+4oTeT4+2oyiqVcBn9VYcgmH0CAYyUazur+UP2GAYRVV/wcs4ocD/ 5k3e/vuYsg9q/Cqozval5mOz+w+R3owaHeDQ2m+mI8lY+sE3aTRf6Rn0mxTgJMtuuHEX dnZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8CTRfYcyqRjo9A5S73+wjjqhzQL/vzbt5fY3a33esBc=; b=j8GWDXh1IevtyLfz5a0E3AN4zuR3JhtbY38Pi7P8/KxPJ+N7S+fURQePfMZxwLVl/9 3MQeTsmZO7ae0Slzt4xqX5DssB5XklbdOY5XwQ9jvPeJ1590bZj/3zALNhHj8STs9ahW 3WzNyu8yf/Z0QwMVM0VxDFZoXmwejAZH1KsmWVbgi6AVnrGCSrD8p3vh0mzTMuDDDGwS 82gb7xz0IcqcdBo6NlYRh/7QuU0COhLZBCyxWXlheC6kDyCl7fpIgxlR3D26zolAWVp+ eAtJZ+i8YiElb1/Bw8LqIXVo9N9qByG6c4znUS7sQ1UmXtnJoD6u5GGL/FdiRtOPR5Q1 IHyg== X-Gm-Message-State: AOAM532oInfZWMDCCbdHxXbViNy6E8TJR7jTzv/cq28sVITf3P97dI11 8lPzW5OLCyZMJ6pfezQPQzMcpBG+yN8= X-Google-Smtp-Source: ABdhPJwy0OZc7+Gto9uo7mptip7X2jSIez+xB2qa32AlXws55Dl3FgdXg02rjA/PHPU3bHWhqmUXhQ== X-Received: by 2002:a65:538d:: with SMTP id x13mr2409263pgq.108.1620276496214; Wed, 05 May 2021 21:48:16 -0700 (PDT) Received: from localhost ([209.9.72.213]) by smtp.gmail.com with ESMTPSA id t15sm711069pgh.33.2021.05.05.21.48.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 May 2021 21:48:16 -0700 (PDT) From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Florian Westphal Subject: [MPTCP][PATCH v4 mptcp-next 1/4] mptcp: add sysctl allow_join_initial_addr_port Date: Thu, 6 May 2021 12:48:05 +0800 Message-Id: <025c3e92286c1c425b6ce65b4feac7e416947e54.1620275759.git.geliangtang@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This patch added a new sysctl, named allow_join_initial_addr_port, to control whether allow peers to send join requests to the IP address and port number used by the initial subflow. Suggested-by: Florian Westphal Signed-off-by: Geliang Tang --- Documentation/networking/mptcp-sysctl.rst | 13 +++++++++++++ net/mptcp/ctrl.c | 16 ++++++++++++++++ net/mptcp/protocol.h | 1 + 3 files changed, 30 insertions(+) diff --git a/Documentation/networking/mptcp-sysctl.rst b/Documentation/networking/mptcp-sysctl.rst index ee06fd782465..76d939e688b8 100644 --- a/Documentation/networking/mptcp-sysctl.rst +++ b/Documentation/networking/mptcp-sysctl.rst @@ -32,3 +32,16 @@ checksum_enabled - BOOLEAN per-namespace sysctl. Default: 0 + +allow_join_initial_addr_port - BOOLEAN + Allow peers to send join requests to the IP address and port number used + by the initial subflow if the value is 1. This controls a flag that is + sent to the peer at connection time, and whether such join requests are + accepted or denied. + + Joins to addresses advertised with ADD_ADDR are not affected by this + value. + + This is a per-namespace sysctl. + + Default: 1 diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index b5ff77dae503..786055b0c6eb 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -24,6 +24,7 @@ struct mptcp_pernet { u8 mptcp_enabled; unsigned int add_addr_timeout; u8 checksum_enabled; + u8 allow_join_initial_addr_port; }; static struct mptcp_pernet *mptcp_get_pernet(struct net *net) @@ -46,6 +47,7 @@ static void mptcp_pernet_set_defaults(struct mptcp_pernet *pernet) pernet->mptcp_enabled = 1; pernet->add_addr_timeout = TCP_RTO_MAX; pernet->checksum_enabled = 0; + pernet->allow_join_initial_addr_port = 1; } #ifdef CONFIG_SYSCTL @@ -54,6 +56,11 @@ int mptcp_is_checksum_enabled(struct net *net) return mptcp_get_pernet(net)->checksum_enabled; } +int mptcp_allow_join_id0(struct net *net) +{ + return mptcp_get_pernet(net)->allow_join_initial_addr_port; +} + static struct ctl_table mptcp_sysctl_table[] = { { .procname = "enabled", @@ -80,6 +87,14 @@ static struct ctl_table mptcp_sysctl_table[] = { .extra1 = SYSCTL_ZERO, .extra2 = SYSCTL_ONE }, + { + .procname = "allow_join_initial_addr_port", + .maxlen = sizeof(u8), + .mode = 0644, + .proc_handler = proc_dou8vec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = SYSCTL_ONE + }, {} }; @@ -98,6 +113,7 @@ static int mptcp_pernet_new_table(struct net *net, struct mptcp_pernet *pernet) table[0].data = &pernet->mptcp_enabled; table[1].data = &pernet->add_addr_timeout; table[2].data = &pernet->checksum_enabled; + table[3].data = &pernet->allow_join_initial_addr_port; hdr = register_net_sysctl(net, MPTCP_SYSCTL_PATH, table); if (!hdr) diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 98c735f237b4..17ce5639665a 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -542,6 +542,7 @@ static inline void mptcp_subflow_delegated_done(struct mptcp_subflow_context *su int mptcp_is_enabled(struct net *net); unsigned int mptcp_get_add_addr_timeout(struct net *net); int mptcp_is_checksum_enabled(struct net *net); +int mptcp_allow_join_id0(struct net *net); void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, struct mptcp_options_received *mp_opt); bool mptcp_subflow_data_available(struct sock *sk); From patchwork Thu May 6 04:48:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Geliang Tang X-Patchwork-Id: 1474804 X-Patchwork-Delegate: mathew.j.martineau@linux.intel.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.dev (client-ip=147.75.197.195; helo=ewr.edge.kernel.org; envelope-from=mptcp+bounces-546-incoming=patchwork.ozlabs.org@lists.linux.dev; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=fEp9gFmu; dkim-atps=neutral Received: from ewr.edge.kernel.org (ewr.edge.kernel.org [147.75.197.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FbLgW5DLWz9sRf for ; Thu, 6 May 2021 14:48:23 +1000 (AEST) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ewr.edge.kernel.org (Postfix) with ESMTPS id CA4A71C0D80 for ; Thu, 6 May 2021 04:48:21 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 41F0E72; Thu, 6 May 2021 04:48:20 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 321F671 for ; Thu, 6 May 2021 04:48:19 +0000 (UTC) Received: by mail-pg1-f180.google.com with SMTP id y32so3855497pga.11 for ; Wed, 05 May 2021 21:48:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=QIAqrWJ2Mm5uhiilKv5y/k+nyX0y7HVT5srGRz12/t8=; b=fEp9gFmuZhfg84cRtdrLU34IHTpzFLXoDzQ3dulJxVMlYLR+mYDVfff81NolMsOr0E raoO7lGR2280X3qklCd/wbLmfITVSSTNFRB6sPzwjK+lgn2dgwQEvUHzV/0vBgjJD+Ok UlWf61TArN1PlWCTZBL6fI2LKXFLfJ19gegGlc1uYtntzwI0QoNL7DzpgyicYlfHJxIU qVbhYNIVqV+3eQkEMBjt0o/TXXx4y/gG4ydp8cDcnThDa6MFOLdrwX3bIkWHwt6Gyyvj dzmM3IEqCXIWDCpo2RQ46KpbKwPuTcKFLlVUPK+PgBDnRU8qEQQbfTwo0XA6RlvY/6sx PMFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=QIAqrWJ2Mm5uhiilKv5y/k+nyX0y7HVT5srGRz12/t8=; b=FBYwCkUqKS43C9p6GEXqSi5E3mUTXgZBk3f1ZO4fN9xcyIvTOyiAmZoJpVwDRRpxnr zL2x8AzaGmr9cEpkjsF5gajCUs1guBczIcPPYkcE1Vnd8SVBQsFOY1Dx9tpAluSGmaGE gMPmeBLsMK1hYudfek2IMhK8O3FWVOZqlLxDNMsy4IeKtzecJMKmBp8FNDEM1uUchUH/ I6bDcnunKtT5OV6thtg8pyWceTgz/Z696LIGPqyu74yZADN8KPfFQaDXiY3ouOafJji7 ExWYHkK6FMUoB6gOoElMWmR4BschXGD6NzFtNdIWR94QmPLh92xDFoJtIKdNMvIeaIAA nA9w== X-Gm-Message-State: AOAM531qcADPBm8WsUo16vuvJL9Xl7w+jAx4hSWCWxZfK8s1lfRXG8xs loaun1nhfeuEhY6bEEcpvC/hLNNsyvg= X-Google-Smtp-Source: ABdhPJz+0WSNkEC3/8tHz81jvy8Euy3OD+EN1HD2SsMen6U8Hs5l5Pn4VkU55k+/Jf2SpqgcLYN9EQ== X-Received: by 2002:a63:c49:: with SMTP id 9mr2322427pgm.381.1620276498641; Wed, 05 May 2021 21:48:18 -0700 (PDT) Received: from localhost ([209.9.72.213]) by smtp.gmail.com with ESMTPSA id c24sm776609pfi.32.2021.05.05.21.48.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 May 2021 21:48:18 -0700 (PDT) From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang Subject: [MPTCP][PATCH v4 mptcp-next 2/4] mptcp: add allow_join_id0 in mptcp_out_options Date: Thu, 6 May 2021 12:48:06 +0800 Message-Id: <75cdf44b996264eeacf424f60fecd873ebc47d39.1620275759.git.geliangtang@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <025c3e92286c1c425b6ce65b4feac7e416947e54.1620275759.git.geliangtang@gmail.com> References: <025c3e92286c1c425b6ce65b4feac7e416947e54.1620275759.git.geliangtang@gmail.com> X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This patch defined a new flag MPTCP_CAP_DENY_JOIN_ID0 for the third bit, labeled "C" of the MP_CAPABLE option. Add a new flag allow_join_id0 in struct mptcp_out_options. If this flag is set, send out the MP_CAPABLE option with the flag MPTCP_CAP_DENY_JOIN_ID0. Signed-off-by: Geliang Tang --- include/net/mptcp.h | 3 ++- net/mptcp/options.c | 6 ++++++ net/mptcp/protocol.h | 6 ++++-- net/mptcp/subflow.c | 1 + 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/include/net/mptcp.h b/include/net/mptcp.h index d61bbbf11979..cb580b06152f 100644 --- a/include/net/mptcp.h +++ b/include/net/mptcp.h @@ -67,7 +67,8 @@ struct mptcp_out_options { u8 backup; u8 reset_reason:4, reset_transient:1, - csum_reqd:1; + csum_reqd:1, + allow_join_id0:1; u32 nonce; u64 thmac; u32 token; diff --git a/net/mptcp/options.c b/net/mptcp/options.c index 310c3887be91..630c87c62a87 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -403,6 +403,7 @@ bool mptcp_syn_options(struct sock *sk, const struct sk_buff *skb, if (subflow->request_mptcp) { opts->suboptions = OPTION_MPTCP_MPC_SYN; opts->csum_reqd = mptcp_is_checksum_enabled(sock_net(sk)); + opts->allow_join_id0 = mptcp_allow_join_id0(sock_net(sk)); *size = TCPOLEN_MPTCP_MPC_SYN; return true; } else if (subflow->request_join) { @@ -491,6 +492,7 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb, opts->sndr_key = subflow->local_key; opts->rcvr_key = subflow->remote_key; opts->csum_reqd = READ_ONCE(msk->csum_enabled); + opts->allow_join_id0 = mptcp_allow_join_id0(sock_net(sk)); /* Section 3.1. * The MP_CAPABLE option is carried on the SYN, SYN/ACK, and ACK @@ -833,6 +835,7 @@ bool mptcp_synack_options(const struct request_sock *req, unsigned int *size, opts->suboptions = OPTION_MPTCP_MPC_SYNACK; opts->sndr_key = subflow_req->local_key; opts->csum_reqd = subflow_req->csum_reqd; + opts->allow_join_id0 = subflow_req->allow_join_id0; *size = TCPOLEN_MPTCP_MPC_SYNACK; pr_debug("subflow_req=%p, local_key=%llu", subflow_req, subflow_req->local_key); @@ -1207,6 +1210,9 @@ void mptcp_write_options(__be32 *ptr, const struct tcp_sock *tp, if (opts->csum_reqd) flag |= MPTCP_CAP_CHECKSUM_REQD; + if (!opts->allow_join_id0) + flag |= MPTCP_CAP_DENY_JOIN_ID0; + *ptr++ = mptcp_option(MPTCPOPT_MP_CAPABLE, len, MPTCP_SUPPORTED_VERSION, flag); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 17ce5639665a..fd6fe3176e08 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -79,8 +79,9 @@ #define MPTCP_VERSION_MASK (0x0F) #define MPTCP_CAP_CHECKSUM_REQD BIT(7) #define MPTCP_CAP_EXTENSIBILITY BIT(6) +#define MPTCP_CAP_DENY_JOIN_ID0 BIT(5) #define MPTCP_CAP_HMAC_SHA256 BIT(0) -#define MPTCP_CAP_FLAG_MASK (0x3F) +#define MPTCP_CAP_FLAG_MASK (0x1F) /* MPTCP DSS flags */ #define MPTCP_DSS_DATA_FIN BIT(4) @@ -351,7 +352,8 @@ struct mptcp_subflow_request_sock { u16 mp_capable : 1, mp_join : 1, backup : 1, - csum_reqd : 1; + csum_reqd : 1, + allow_join_id0 : 1; u8 local_id; u8 remote_id; u64 local_key; diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 7a01723f6080..324aff0b2f16 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -109,6 +109,7 @@ static void subflow_init_req(struct request_sock *req, const struct sock *sk_lis subflow_req->mp_capable = 0; subflow_req->mp_join = 0; subflow_req->csum_reqd = mptcp_is_checksum_enabled(sock_net(sk_listener)); + subflow_req->allow_join_id0 = mptcp_allow_join_id0(sock_net(sk_listener)); subflow_req->msk = NULL; mptcp_token_init_request(req); } From patchwork Thu May 6 04:48:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Geliang Tang X-Patchwork-Id: 1474805 X-Patchwork-Delegate: mathew.j.martineau@linux.intel.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.dev (client-ip=2604:1380:1000:8100::1; helo=sjc.edge.kernel.org; envelope-from=mptcp+bounces-547-incoming=patchwork.ozlabs.org@lists.linux.dev; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=U0PvZc8l; dkim-atps=neutral Received: from sjc.edge.kernel.org (sjc.edge.kernel.org [IPv6:2604:1380:1000:8100::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FbLgZ0Y0bz9sRf for ; Thu, 6 May 2021 14:48:25 +1000 (AEST) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sjc.edge.kernel.org (Postfix) with ESMTPS id A73E73E0F5A for ; Thu, 6 May 2021 04:48:23 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AC07572; Thu, 6 May 2021 04:48:22 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B9C3071 for ; Thu, 6 May 2021 04:48:21 +0000 (UTC) Received: by mail-pg1-f177.google.com with SMTP id m37so3866895pgb.8 for ; Wed, 05 May 2021 21:48:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=IqeTve6QriXWWc4oolxh8Ndb3Ly54ts6owA0Tft+dJU=; b=U0PvZc8lIHqpXlHvJNCtcXRi+woy35+bwMrodXf4Sly3wlOkMwSYji7Uc4utwIRbZk LQTdY5bOMz3vsPCv68q3ZE1rwUquvywpWUWoAS+LTP7j3oLNLJG5rzbb7ZbsxVfH91MA SlEEs5Ueo7CeDHQ8tegufggVzNBUHgVhVWtwyXD57bkMVD9l0Uis59O34Rr+6nmwiTFa 6vKYf+dWLfhvIfvfFBqV98WyvBP9U3Az0oCaNtpKG+D9a2xqxJDGdRghMXLoZp0qt8ZP spY5lLxBXBkg39LGbja3yv0X/nNv4u9tLr/p8M8fCgEc1UowgliCsMKBm7i0owLfRl53 4gFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=IqeTve6QriXWWc4oolxh8Ndb3Ly54ts6owA0Tft+dJU=; b=lbIMD3z/+CCxBkrdE5G8Tk3DMMxCvA4lNBbHPNWSk6t7iMfpLCzKJfScHxUiFdBvbc cXrariZ83NEQJDCPBtUTyLT54oFgAdCByv4gUHZgfpWKaOIUqVudNjo1MocamboVmZ0s U0mxUJ9BVxa82V5/f3N6l/vOqPzgEbi/YlJipOUK9XtGRsU9OeDGNs38WFYAA2PLDv/n DZZv7aZu5+yS7dLue9HR4eZlKdZsL7ZXvqCDGb78GltyAF/uWDEiBJl236inY7vHem7u xUPPdB/FleSKOtLNc2TQaoaPToi66uL+PZsItErSmgMx9OdX7bHsOxSxuA+GrBuuO742 cdsA== X-Gm-Message-State: AOAM531wCmty0qr9vWfjYSQWqGLNPR9LNhKJrSQdZTP2kd+QmhAJb6nu c0UvRLhl9+p9pwIxHLQFNMmqSmrKU/M= X-Google-Smtp-Source: ABdhPJy3RS1/4FC0hexQsd+kXFSc/DMv5Ho0PbyP956vCUwzb8wdOlKhfUV9d9q28picRuc29RanbA== X-Received: by 2002:a63:b10:: with SMTP id 16mr2497546pgl.90.1620276501265; Wed, 05 May 2021 21:48:21 -0700 (PDT) Received: from localhost ([209.9.72.213]) by smtp.gmail.com with ESMTPSA id j21sm8843822pjl.27.2021.05.05.21.48.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 May 2021 21:48:21 -0700 (PDT) From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Florian Westphal Subject: [MPTCP][PATCH v4 mptcp-next 3/4] mptcp: add deny_join_id0 in mptcp_options_received Date: Thu, 6 May 2021 12:48:07 +0800 Message-Id: <2b2c8a35b85111f472e735f29166e1f88ecc3909.1620275759.git.geliangtang@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <75cdf44b996264eeacf424f60fecd873ebc47d39.1620275759.git.geliangtang@gmail.com> References: <025c3e92286c1c425b6ce65b4feac7e416947e54.1620275759.git.geliangtang@gmail.com> <75cdf44b996264eeacf424f60fecd873ebc47d39.1620275759.git.geliangtang@gmail.com> X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This patch added a new flag named deny_join_id0 in struct mptcp_options_received. Set it when MP_CAPABLE with the flag MPTCP_CAP_DENYJOIN_ID0 is received. Also add a new flag remote_deny_join_id0 in struct mptcp_pm_data. When the flag deny_join_id0 is set, set this remote_deny_join_id0 flag. In mptcp_pm_create_subflow_or_signal_addr, if the remote_deny_join_id0 flag is set, and the remote address id is zero, stop this connection. Suggested-by: Florian Westphal Signed-off-by: Geliang Tang --- net/mptcp/options.c | 6 ++++++ net/mptcp/pm.c | 1 + net/mptcp/pm_netlink.c | 4 +++- net/mptcp/protocol.h | 4 +++- net/mptcp/subflow.c | 2 ++ 5 files changed, 15 insertions(+), 2 deletions(-) diff --git a/net/mptcp/options.c b/net/mptcp/options.c index 630c87c62a87..4179287bd647 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -87,6 +87,9 @@ static void mptcp_parse_option(const struct sock *sk, if (flags & MPTCP_CAP_CHECKSUM_REQD) mp_opt->csum_reqd = 1; + if (flags & MPTCP_CAP_DENY_JOIN_ID0) + mp_opt->deny_join_id0 = 1; + mp_opt->mp_capable = 1; if (opsize >= TCPOLEN_MPTCP_MPC_SYNACK) { mp_opt->sndr_key = get_unaligned_be64(ptr); @@ -363,6 +366,7 @@ void mptcp_get_options(const struct sock *sk, mp_opt->mp_prio = 0; mp_opt->reset = 0; mp_opt->csum_reqd = 0; + mp_opt->deny_join_id0 = 0; length = (th->doff * 4) - sizeof(struct tcphdr); ptr = (const unsigned char *)(th + 1); @@ -1055,6 +1059,8 @@ void mptcp_incoming_options(struct sock *sk, struct sk_buff *skb) } mptcp_get_options(sk, skb, &mp_opt); + if (mp_opt.deny_join_id0) + WRITE_ONCE(msk->pm.remote_deny_join_id0, true); if (!check_fully_established(msk, sk, subflow, skb, &mp_opt)) return; diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 9d00fa6d22e9..639271e09604 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -320,6 +320,7 @@ void mptcp_pm_data_init(struct mptcp_sock *msk) WRITE_ONCE(msk->pm.addr_signal, 0); WRITE_ONCE(msk->pm.accept_addr, false); WRITE_ONCE(msk->pm.accept_subflow, false); + WRITE_ONCE(msk->pm.remote_deny_join_id0, false); msk->pm.status = 0; spin_lock_init(&msk->pm.lock); diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index d094588afad8..58161510feef 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -456,10 +456,12 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) if (local) { struct mptcp_addr_info remote = { 0 }; + remote_address((struct sock_common *)sk, &remote); + if (!remote.id && READ_ONCE(msk->pm.remote_deny_join_id0)) + return; msk->pm.local_addr_used++; msk->pm.subflows++; check_work_pending(msk); - remote_address((struct sock_common *)sk, &remote); spin_unlock_bh(&msk->pm.lock); __mptcp_subflow_connect(sk, &local->addr, &remote, local->flags, local->ifindex); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index fd6fe3176e08..41baa2ffc9a9 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -138,7 +138,8 @@ struct mptcp_options_received { mp_prio : 1, echo : 1, csum_reqd : 1, - backup : 1; + backup : 1, + deny_join_id0 : 1; u32 token; u32 nonce; u64 thmac; @@ -193,6 +194,7 @@ struct mptcp_pm_data { bool work_pending; bool accept_addr; bool accept_subflow; + bool remote_deny_join_id0; u8 add_addr_signaled; u8 add_addr_accepted; u8 local_addr_used; diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 324aff0b2f16..659b8842ae3b 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -408,6 +408,8 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) if (mp_opt.csum_reqd) WRITE_ONCE(mptcp_sk(parent)->csum_enabled, true); + if (mp_opt.deny_join_id0) + WRITE_ONCE(mptcp_sk(parent)->pm.remote_deny_join_id0, true); subflow->mp_capable = 1; subflow->can_ack = 1; subflow->remote_key = mp_opt.sndr_key; From patchwork Thu May 6 04:48:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Geliang Tang X-Patchwork-Id: 1474806 X-Patchwork-Delegate: mathew.j.martineau@linux.intel.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.dev (client-ip=147.75.69.165; helo=sjc.edge.kernel.org; envelope-from=mptcp+bounces-548-incoming=patchwork.ozlabs.org@lists.linux.dev; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=kdUi9XXx; dkim-atps=neutral Received: from sjc.edge.kernel.org (sjc.edge.kernel.org [147.75.69.165]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FbLgb6fClz9sRf for ; Thu, 6 May 2021 14:48:27 +1000 (AEST) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sjc.edge.kernel.org (Postfix) with ESMTPS id 4F0CD3E0F53 for ; Thu, 6 May 2021 04:48:26 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 31CD772; Thu, 6 May 2021 04:48:25 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 40A5471 for ; Thu, 6 May 2021 04:48:24 +0000 (UTC) Received: by mail-pf1-f178.google.com with SMTP id k19so4233749pfu.5 for ; Wed, 05 May 2021 21:48:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Ao2/Wrrbomw1R5ZvGnpFfM5ao9tL5fForOfn9fjnyYQ=; b=kdUi9XXx50pcjt3yEQcNkuqIWgGpiy1w8cXse4OGxydBhzSw9AInSa4+nVXhtR3k91 AKDq3SwmG6d0vjFlHsgpxYHEmDPXFKztydLN7DyPd8TaTz/9pBY7YbL+gjodUQXmdLe3 8BhrTCaebK68vYy6O0Av6HKPAJu+s4OrN/MSt+AkADSEOKNa8WDaYvWI3cJYIMwCb5SG fNOnh154zRLlc1oaX64XCvtkUzIII5nkd5m5MhUSKGLao2RcHlPl9iC6grCQLGlj5ugz 1mn53Ws87Jva9318uj02lzezxIh1vkWY4nvYcwqlaXh1H302ousDG7Rx8h4e6RsCuFes kI9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Ao2/Wrrbomw1R5ZvGnpFfM5ao9tL5fForOfn9fjnyYQ=; b=eW/vSHEKmCqoD65D+tK6mSu6xMQ053FL0VyEf9hBs25BNRIVYuHZWXeXbF+FsmvF+7 A3m/Fki62M1c17uM1pCsApFhzrb4GcnW/ck00m6CaQcswVkOr/JrxtbE7R9hNhboigAa UY09/vj/kv6TNi2T0CsbqHHhv4n9lWhP2mg4C4hO9AIem8ZrrNQP80DpAnrQxPI+kz7/ udhLPjcmwaJucSBf+L6GeJIiNXfpCHulvAH7rGOQH1eQv9iPFkH5Hdi5lzK/IzXT1ymv EKQ68a2uG9bFUhc1QmfVWrb6T+Yz0i6d5rmMG0QdoAwuVzenFH0vW/844ZJIAoXyS0mn gZOg== X-Gm-Message-State: AOAM533GB/7OSh0VY67dn4mNg8Soms8wxKG+5TNWSTFVE8gFEJhatJEn +Z/i20mxiB7LJJ3vRVqUJUEg+DzkNrk= X-Google-Smtp-Source: ABdhPJwPps8Pgv99D+xRaaf9p8GyzkL0rwFnxPrBb8wlFa6UFFQCE+ECaaPU6l5WlQ7y4eQYO0DUrQ== X-Received: by 2002:aa7:908c:0:b029:209:aacd:d8b with SMTP id i12-20020aa7908c0000b0290209aacd0d8bmr2667067pfa.74.1620276503668; Wed, 05 May 2021 21:48:23 -0700 (PDT) Received: from localhost ([209.9.72.213]) by smtp.gmail.com with ESMTPSA id u1sm786258pfb.97.2021.05.05.21.48.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 May 2021 21:48:23 -0700 (PDT) From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang Subject: [MPTCP][PATCH v4 mptcp-next 4/4] selftests: mptcp: add deny_join_id0 testcases Date: Thu, 6 May 2021 12:48:08 +0800 Message-Id: X-Mailer: git-send-email 2.31.1 In-Reply-To: <2b2c8a35b85111f472e735f29166e1f88ecc3909.1620275759.git.geliangtang@gmail.com> References: <025c3e92286c1c425b6ce65b4feac7e416947e54.1620275759.git.geliangtang@gmail.com> <75cdf44b996264eeacf424f60fecd873ebc47d39.1620275759.git.geliangtang@gmail.com> <2b2c8a35b85111f472e735f29166e1f88ecc3909.1620275759.git.geliangtang@gmail.com> X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This patch added a new argument '-d' for mptcp_join.sh script, to invoke the testcases for the MP_CAPABLE 'C' flag. Signed-off-by: Geliang Tang --- .../testing/selftests/net/mptcp/mptcp_join.sh | 57 ++++++++++++++++++- 1 file changed, 56 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index ef8341c851f7..4366fdadacf8 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -139,6 +139,17 @@ reset_with_checksum() ip netns exec $ns2 sysctl -q net.mptcp.checksum_enabled=$ns2_enable } +reset_with_allow_join_id0() +{ + local ns1_enable=$1 + local ns2_enable=$2 + + reset + + ip netns exec $ns1 sysctl -q net.mptcp.allow_join_initial_addr_port=$ns1_enable + ip netns exec $ns2 sysctl -q net.mptcp.allow_join_initial_addr_port=$ns2_enable +} + ip -Version > /dev/null 2>&1 if [ $? -ne 0 ];then echo "SKIP: Could not run test without ip tool" @@ -1462,6 +1473,45 @@ checksum_tests() chk_csum_nr "checksum test 1 0" } +deny_join_id0_tests() +{ + # subflow allow join id0 ns1 + reset_with_allow_join_id0 1 0 + ip netns exec $ns1 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "single subflow allow join id0 ns1" 1 1 1 + + # subflow allow join id0 ns2 + reset_with_allow_join_id0 0 1 + ip netns exec $ns1 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "single subflow allow join id0 ns2" 0 0 0 + + # signal address allow join id0 ns1 + # ADD_ADDRs are not affected by allow_join_id0 value. + reset_with_allow_join_id0 1 0 + ip netns exec $ns1 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl limits 1 1 + ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "signal address allow join id0 ns1" 1 1 1 + chk_add_nr 1 1 + + # signal address allow join id0 ns2 + # ADD_ADDRs are not affected by allow_join_id0 value. + reset_with_allow_join_id0 0 1 + ip netns exec $ns1 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl limits 1 1 + ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "signal address allow join id0 ns2" 1 1 1 + chk_add_nr 1 1 +} + all_tests() { subflows_tests @@ -1476,6 +1526,7 @@ all_tests() add_addr_ports_tests syncookies_tests checksum_tests + deny_join_id0_tests } usage() @@ -1493,6 +1544,7 @@ usage() echo " -p add_addr_ports_tests" echo " -k syncookies_tests" echo " -S checksum_tests" + echo " -d deny_join_id0_tests" echo " -c capture pcap files" echo " -C enable data checksum" echo " -h help" @@ -1528,7 +1580,7 @@ if [ $do_all_tests -eq 1 ]; then exit $ret fi -while getopts 'fsltra64bpkchCS' opt; do +while getopts 'fsltra64bpkdchCS' opt; do case $opt in f) subflows_tests @@ -1566,6 +1618,9 @@ while getopts 'fsltra64bpkchCS' opt; do S) checksum_tests ;; + d) + deny_join_id0_tests + ;; c) ;; C)