[MPTCP][PATCH v6 mptcp-next 0/9] ADD_ADDR: ports support

newer

older

Weekly meeting - 10 December 2020...

[MPTCP][PATCH v2 mptcp-next 0/6]...

Geliang Tang

Wednesday, 25 November 2020 Wed, 25 Nov '20

3:01 a.m.

v6: - create and bind the listening socket in mptcp_nl_cmd_add_addr. - drop the patch "mptcp: add port number listened in kernel check" in v5. v5: - use the per netns listening socket. - First 8 patches in v4 had been merged to the export branch, drop them from this patchset. v4: - hold msk->pm.lock in mptcp_pm_sport_in_anno_list. - Merge the patchset 'Squash to "ADD_ADDR: ports support v3"' into v4. v3: - add two new patches, 8 and 11 - add more IS_ENABLED(CONFIG_MPTCP_IPV6) in patch 2 - define TCPOLEN_MPTCP_ADD_ADDR_HMAC in patch 4 - add flags check in patch 10 - update the testcases v2: - change mptcp_out_options's port field in CPU bype order. - keep mptcp_options_received's port field in CPU bype order. - add two new patches to simplify ADD_ADDR suboption writing. - update mptcp_add_addr_len helper use adding up size. - add more commit messages. v1: This series is the first version of ADD_ADDR ports support. I have solved the listener problem which I mentioned at the meeting on 15th of October by adding a new listening socket from the userspace (see patch 8). Up to now this patchset works well. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/54 Geliang Tang (9): mptcp: create the listening socket for new port mptcp: set the listening socket's subflow mptcp: release the listening socket mptcp: add port number check for MP_JOIN mptcp: add port number announced check mptcp: deal with MPTCP_PM_ADDR_ATTR_PORT in PM netlink selftests: mptcp: add port argument for pm_nl_ctl mptcp: add the mibs for ADD_ADDR with port selftests: mptcp: add testcases for ADD_ADDR with port net/mptcp/mib.c | 4 + net/mptcp/mib.h | 4 + net/mptcp/options.c | 4 + net/mptcp/pm_netlink.c | 91 +++++++++++++- net/mptcp/protocol.h | 5 + net/mptcp/subflow.c | 80 +++++++++++- .../testing/selftests/net/mptcp/mptcp_join.sh | 114 +++++++++++++++++- tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 24 +++- 8 files changed, 315 insertions(+), 11 deletions(-) -- 2.26.2

Show replies by date

Geliang Tang

Wednesday, 25 November Wed, 25 Nov

3:01 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 1/9] mptcp: create the listening socket for new port

This patch created a listening socket when a address with a port number is added by PM netlink. Then binded the new port to the socket, and listened for the connection. Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> --- net/mptcp/pm_netlink.c | 41 +++++++++++++++++++++++++++++++++++++++++ net/mptcp/protocol.h | 2 ++ net/mptcp/subflow.c | 4 ++-- 3 files changed, 45 insertions(+), 2 deletions(-) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 2560c502356b..0d9a3c77fdf1 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -26,6 +26,7 @@ struct mptcp_pm_addr_entry { struct list_head list; struct mptcp_addr_info addr; struct rcu_head rcu; + struct socket *lsk; }; struct mptcp_pm_add_entry { @@ -732,6 +733,43 @@ static struct pm_nl_pernet *genl_info_pm_nl(struct genl_info *info) return net_generic(genl_info_net(info), pm_nl_pernet_id); } +static int mptcp_pm_nl_create_listen_socket(struct sock *sk, + struct mptcp_pm_addr_entry *entry) +{ + struct sockaddr_storage addr; + int backlog = 20; + int err; + + err = sock_create_kern(sock_net(sk), entry->addr.family, + SOCK_STREAM, IPPROTO_TCP, + &entry->lsk); + if (err) + return err; + + SOCK_INODE(entry->lsk)->i_uid = GLOBAL_ROOT_UID; + SOCK_INODE(entry->lsk)->i_gid = GLOBAL_ROOT_GID; + + mptcp_info2sockaddr(&entry->addr, &addr); + err = kernel_bind(entry->lsk, (struct sockaddr *)&addr, + sizeof(struct sockaddr_in)); + if (err) { + pr_warn("kernel_bind error, err=%d", err); + goto out; + } + + err = kernel_listen(entry->lsk, backlog); + if (err) { + pr_warn("kernel_listen error, err=%d", err); + goto out; + } + + return 0; + +out: + sock_release(entry->lsk); + return err; +} + static int mptcp_nl_cmd_add_addr(struct sk_buff *skb, struct genl_info *info) { struct nlattr *attr = info->attrs[MPTCP_PM_ATTR_ADDR]; @@ -757,6 +795,9 @@ static int mptcp_nl_cmd_add_addr(struct sk_buff *skb, struct genl_info *info) return ret; } + if (entry->addr.port) + mptcp_pm_nl_create_listen_socket(skb->sk, entry); + return 0; } diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index f5db6e721fcf..f202e22058b5 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -467,6 +467,8 @@ void mptcp_subflow_reset(struct sock *ssk); int __mptcp_subflow_connect(struct sock *sk, const struct mptcp_addr_info *loc, const struct mptcp_addr_info *remote); int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock); +void mptcp_info2sockaddr(const struct mptcp_addr_info *info, + struct sockaddr_storage *addr); static inline void mptcp_subflow_tcp_fallback(struct sock *sk, struct mptcp_subflow_context *ctx) diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index b6cd42649e5d..d4c136f1e754 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1031,8 +1031,8 @@ void mptcpv6_handle_mapped(struct sock *sk, bool mapped) } #endif -static void mptcp_info2sockaddr(const struct mptcp_addr_info *info, - struct sockaddr_storage *addr) +void mptcp_info2sockaddr(const struct mptcp_addr_info *info, + struct sockaddr_storage *addr) { memset(addr, 0, sizeof(*addr)); addr->ss_family = info->family; -- 2.26.2

Geliang Tang

3:01 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 2/9] mptcp: set the listening socket's subflow

This patch set the subflow context of the listening socket. Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> --- net/mptcp/pm_netlink.c | 5 +++++ net/mptcp/protocol.h | 1 + net/mptcp/subflow.c | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 0d9a3c77fdf1..39a91fcac403 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -330,6 +330,11 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) if (mptcp_pm_alloc_anno_list(msk, local)) { msk->pm.add_addr_signaled++; mptcp_pm_announce_addr(msk, &local->addr, false, local->addr.port); + if (local->addr.port) { + spin_unlock_bh(&msk->pm.lock); + mptcp_pm_set_listen_socket_subflow(sk, local->lsk); + spin_lock_bh(&msk->pm.lock); + } mptcp_pm_nl_add_addr_send_ack(msk); } } else { diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index f202e22058b5..38001b7b0bf6 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -469,6 +469,7 @@ int __mptcp_subflow_connect(struct sock *sk, const struct mptcp_addr_info *loc, int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock); void mptcp_info2sockaddr(const struct mptcp_addr_info *info, struct sockaddr_storage *addr); +int mptcp_pm_set_listen_socket_subflow(struct sock *sk, struct socket *sf); static inline void mptcp_subflow_tcp_fallback(struct sock *sk, struct mptcp_subflow_context *ctx) diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index d4c136f1e754..6053a88c176f 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1208,6 +1208,43 @@ int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock) return 0; } +int mptcp_pm_set_listen_socket_subflow(struct sock *sk, struct socket *sf) +{ + struct mptcp_subflow_context *subflow; + struct net *net = sock_net(sk); + int err; + + if (!sf) + return -EINVAL; + + lock_sock(sf->sk); + + mptcp_attach_cgroup(sk, sf->sk); + + sf->sk->sk_net_refcnt = 1; + get_net(net); +#ifdef CONFIG_PROC_FS + this_cpu_add(*net->core.sock_inuse, 1); +#endif + err = tcp_set_ulp(sf->sk, "mptcp"); + release_sock(sf->sk); + + if (err) { + sock_release(sf); + return err; + } + + subflow = mptcp_subflow_ctx(sf->sk); + pr_debug("subflow=%p", subflow); + + sock_hold(sk); + + subflow->conn = sk; + subflow->request_mptcp = 1; + + return 0; +} + static struct mptcp_subflow_context *subflow_create_ctx(struct sock *sk, gfp_t priority) { -- 2.26.2

Geliang Tang

3:01 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 3/9] mptcp: release the listening socket

This patch releases the listening socket when the address is removed or the addresses are flushed by PM netlink. Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> --- net/mptcp/pm_netlink.c | 22 +++++++++++++++++----- net/mptcp/protocol.h | 1 + net/mptcp/subflow.c | 2 +- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 39a91fcac403..2b4e7b077bc9 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -908,18 +908,26 @@ static int mptcp_nl_cmd_del_addr(struct sk_buff *skb, struct genl_info *info) spin_unlock_bh(&pernet->lock); mptcp_nl_remove_subflow_and_signal_addr(sock_net(skb->sk), &entry->addr); + if (entry->lsk) { + subflow_drop_ctx(entry->lsk->sk); + sock_release(entry->lsk); + } kfree_rcu(entry, rcu); return ret; } -static void __flush_addrs(struct pm_nl_pernet *pernet) +static void __flush_addrs(struct list_head *list) { - while (!list_empty(&pernet->local_addr_list)) { + while (!list_empty(list)) { struct mptcp_pm_addr_entry *cur; - cur = list_entry(pernet->local_addr_list.next, + cur = list_entry(list->next, struct mptcp_pm_addr_entry, list); + if (cur->lsk) { + subflow_drop_ctx(cur->lsk->sk); + sock_release(cur->lsk); + } list_del_rcu(&cur->list); kfree_rcu(cur, rcu); } @@ -936,11 +944,13 @@ static void __reset_counters(struct pm_nl_pernet *pernet) static int mptcp_nl_cmd_flush_addrs(struct sk_buff *skb, struct genl_info *info) { struct pm_nl_pernet *pernet = genl_info_pm_nl(info); + LIST_HEAD(free_list); spin_lock_bh(&pernet->lock); - __flush_addrs(pernet); + list_splice_init(&pernet->local_addr_list, &free_list); __reset_counters(pernet); spin_unlock_bh(&pernet->lock); + __flush_addrs(&free_list); return 0; } @@ -1202,10 +1212,12 @@ static void __net_exit pm_nl_exit_net(struct list_head *net_list) struct net *net; list_for_each_entry(net, net_list, exit_list) { + struct pm_nl_pernet *pernet = net_generic(net, pm_nl_pernet_id); + /* net is removed from namespace list, can't race with * other modifiers */ - __flush_addrs(net_generic(net, pm_nl_pernet_id)); + __flush_addrs(&pernet->local_addr_list); } } diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 38001b7b0bf6..adf5944ec5c4 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -456,6 +456,7 @@ int mptcp_is_enabled(struct net *net); unsigned int mptcp_get_add_addr_timeout(struct net *net); void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, struct mptcp_options_received *mp_opt); +void subflow_drop_ctx(struct sock *ssk); bool mptcp_subflow_data_available(struct sock *sk); void __init mptcp_subflow_init(void); void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 6053a88c176f..9a8341eb7a4d 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -468,7 +468,7 @@ static void subflow_ulp_fallback(struct sock *sk, tcp_sk(sk)->is_mptcp = 0; } -static void subflow_drop_ctx(struct sock *ssk) +void subflow_drop_ctx(struct sock *ssk) { struct mptcp_subflow_context *ctx = mptcp_subflow_ctx(ssk); -- 2.26.2

Geliang Tang

3:01 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 4/9] mptcp: add port number check for MP_JOIN

This patch added two new helpers, subflow_use_different_sport and subflow_use_different_dport, to check whether the subflow's source or destination port number is different from the msk's port number. When we received the MP_JOIN's SYN/SYNACK/ACK, we do these port number checks and print out the different port numbers. Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> --- net/mptcp/subflow.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 9a8341eb7a4d..233ec36aa704 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -112,6 +112,11 @@ static int __subflow_init_req(struct request_sock *req, const struct sock *sk_li return 0; } +static bool subflow_use_different_sport(struct mptcp_sock *msk, const struct sock *sk) +{ + return inet_sk(sk)->inet_sport != inet_sk((struct sock *)msk)->inet_sport; +} + static void subflow_init_req(struct request_sock *req, const struct sock *sk_listener, struct sk_buff *skb) @@ -182,6 +187,12 @@ static void subflow_init_req(struct request_sock *req, pr_debug("token=%u, remote_nonce=%u msk=%p", subflow_req->token, subflow_req->remote_nonce, subflow_req->msk); + + if (subflow_use_different_sport(subflow_req->msk, sk_listener)) { + pr_debug("syn inet_sport=%d %d", + ntohs(inet_sk(sk_listener)->inet_sport), + ntohs(inet_sk((struct sock *)subflow_req->msk)->inet_sport)); + } } } @@ -284,6 +295,11 @@ void mptcp_subflow_reset(struct sock *ssk) sock_hold(sk); } +static bool subflow_use_different_dport(struct mptcp_sock *msk, const struct sock *sk) +{ + return inet_sk(sk)->inet_dport != inet_sk((struct sock *)msk)->inet_dport; +} + static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); @@ -349,6 +365,12 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) subflow->mp_join = 1; MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINSYNACKRX); + + if (subflow_use_different_dport(mptcp_sk(parent), sk)) { + pr_debug("synack inet_dport=%d %d", + ntohs(inet_sk(sk)->inet_dport), + ntohs(inet_sk(parent)->inet_dport)); + } } else if (mptcp_check_fallback(sk)) { fallback: mptcp_rcv_space_init(mptcp_sk(parent), sk); @@ -611,6 +633,12 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINACKRX); tcp_rsk(req)->drop_req = true; + + if (subflow_use_different_sport(owner, sk)) { + pr_debug("ack inet_sport=%d %d", + ntohs(inet_sk(sk)->inet_sport), + ntohs(inet_sk((struct sock *)owner)->inet_sport)); + } } } -- 2.26.2

Geliang Tang

3:01 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 5/9] mptcp: add port number announced check

When we received the MP_JOIN's SYN/ACK, we do the port number checks. If the subflow's source port number is different, we use a new helper mptcp_pm_sport_in_anno_list to check whether this port number is announced. If it isn't, we need to abort this connection. Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> --- net/mptcp/pm_netlink.c | 18 ++++++++++++++++++ net/mptcp/protocol.h | 1 + net/mptcp/subflow.c | 6 ++++++ 3 files changed, 25 insertions(+) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 2b4e7b077bc9..b0f182053168 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -202,6 +202,24 @@ lookup_anno_list_by_saddr(struct mptcp_sock *msk, return NULL; } +bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock *sk) +{ + struct mptcp_pm_add_entry *entry; + bool ret = false; + + spin_lock_bh(&msk->pm.lock); + list_for_each_entry(entry, &msk->pm.anno_list, list) { + if (entry->addr.port == inet_sk(sk)->inet_sport) { + ret = true; + goto out; + } + } + +out: + spin_unlock_bh(&msk->pm.lock); + return ret; +} + static void mptcp_pm_add_timer(struct timer_list *timer) { struct mptcp_pm_add_entry *entry = from_timer(entry, timer, add_timer); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index adf5944ec5c4..209cd7690686 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -551,6 +551,7 @@ void mptcp_pm_add_addr_received(struct mptcp_sock *msk, void mptcp_pm_add_addr_send_ack(struct mptcp_sock *msk); void mptcp_pm_rm_addr_received(struct mptcp_sock *msk, u8 rm_id); void mptcp_pm_free_anno_list(struct mptcp_sock *msk); +bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock *sk); struct mptcp_pm_add_entry * mptcp_pm_del_add_timer(struct mptcp_sock *msk, struct mptcp_addr_info *addr); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 233ec36aa704..cb72327c006a 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -192,6 +192,10 @@ static void subflow_init_req(struct request_sock *req, pr_debug("syn inet_sport=%d %d", ntohs(inet_sk(sk_listener)->inet_sport), ntohs(inet_sk((struct sock *)subflow_req->msk)->inet_sport)); + if (!mptcp_pm_sport_in_anno_list(subflow_req->msk, sk_listener)) { + subflow_req->mp_join = 0; + return; + } } } } @@ -638,6 +642,8 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, pr_debug("ack inet_sport=%d %d", ntohs(inet_sk(sk)->inet_sport), ntohs(inet_sk((struct sock *)owner)->inet_sport)); + if (!mptcp_pm_sport_in_anno_list(owner, sk)) + goto out; } } } -- 2.26.2

Geliang Tang

3:01 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 6/9] mptcp: deal with MPTCP_PM_ADDR_ATTR_PORT in PM netlink

This patch added the MPTCP_PM_ADDR_ATTR_PORT filling and parsing in PM netlink. Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> --- net/mptcp/pm_netlink.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index b0f182053168..09e96007a56a 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -748,6 +748,9 @@ static int mptcp_pm_parse_addr(struct nlattr *attr, struct genl_info *info, if (tb[MPTCP_PM_ADDR_ATTR_FLAGS]) entry->addr.flags = nla_get_u32(tb[MPTCP_PM_ADDR_ATTR_FLAGS]); + if (tb[MPTCP_PM_ADDR_ATTR_PORT]) + entry->addr.port = htons(nla_get_u16(tb[MPTCP_PM_ADDR_ATTR_PORT])); + return 0; } @@ -984,6 +987,8 @@ static int mptcp_nl_fill_addr(struct sk_buff *skb, if (nla_put_u16(skb, MPTCP_PM_ADDR_ATTR_FAMILY, addr->family)) goto nla_put_failure; + if (nla_put_u16(skb, MPTCP_PM_ADDR_ATTR_PORT, ntohs(addr->port))) + goto nla_put_failure; if (nla_put_u8(skb, MPTCP_PM_ADDR_ATTR_ID, addr->id)) goto nla_put_failure; if (nla_put_u32(skb, MPTCP_PM_ADDR_ATTR_FLAGS, entry->addr.flags)) -- 2.26.2

Geliang Tang

3:01 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 7/9] selftests: mptcp: add port argument for pm_nl_ctl

This patch added a new argument for pm_nl_ctl tool. We can use it like this: # pm_nl_ctl add 10.0.2.1 flags signal port 10100 # pm_nl_ctl dump id 1 flags signal 10.0.2.1 10100 Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> --- tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/pm_nl_ctl.c b/tools/testing/selftests/net/mptcp/pm_nl_ctl.c index b24a2f17d415..cf654a57552b 100644 --- a/tools/testing/selftests/net/mptcp/pm_nl_ctl.c +++ b/tools/testing/selftests/net/mptcp/pm_nl_ctl.c @@ -176,8 +176,8 @@ int add_addr(int fd, int pm_family, int argc, char *argv[]) 1024]; struct rtattr *rta, *nest; struct nlmsghdr *nh; + u_int32_t flags = 0; u_int16_t family; - u_int32_t flags; int nest_start; u_int8_t id; int off = 0; @@ -223,7 +223,6 @@ int add_addr(int fd, int pm_family, int argc, char *argv[]) char *tok, *str; /* flags */ - flags = 0; if (++arg >= argc) error(1, 0, " missing flags value"); @@ -271,6 +270,20 @@ int add_addr(int fd, int pm_family, int argc, char *argv[]) rta->rta_len = RTA_LENGTH(4); memcpy(RTA_DATA(rta), &ifindex, 4); off += NLMSG_ALIGN(rta->rta_len); + } else if (!strcmp(argv[arg], "port")) { + u_int16_t port; + + if (++arg >= argc) + error(1, 0, " missing port value"); + if (!(flags & MPTCP_PM_ADDR_FLAG_SIGNAL)) + error(1, 0, " flags must be signal when using port"); + + port = atoi(argv[arg]); + rta = (void *)(data + off); + rta->rta_type = MPTCP_PM_ADDR_ATTR_PORT; + rta->rta_len = RTA_LENGTH(2); + memcpy(RTA_DATA(rta), &port, 2); + off += NLMSG_ALIGN(rta->rta_len); } else error(1, 0, "unknown keyword %s", argv[arg]); } @@ -323,6 +336,7 @@ int del_addr(int fd, int pm_family, int argc, char *argv[]) static void print_addr(struct rtattr *attrs, int len) { uint16_t family = 0; + uint16_t port = 0; char str[1024]; uint32_t flags; uint8_t id; @@ -330,12 +344,16 @@ static void print_addr(struct rtattr *attrs, int len) while (RTA_OK(attrs, len)) { if (attrs->rta_type == MPTCP_PM_ADDR_ATTR_FAMILY) memcpy(&family, RTA_DATA(attrs), 2); + if (attrs->rta_type == MPTCP_PM_ADDR_ATTR_PORT) + memcpy(&port, RTA_DATA(attrs), 2); if (attrs->rta_type == MPTCP_PM_ADDR_ATTR_ADDR4) { if (family != AF_INET) error(1, errno, "wrong IP (v4) for family %d", family); inet_ntop(AF_INET, RTA_DATA(attrs), str, sizeof(str)); printf("%s", str); + if (port) + printf(" %d", port); } if (attrs->rta_type == MPTCP_PM_ADDR_ATTR_ADDR6) { if (family != AF_INET6) @@ -343,6 +361,8 @@ static void print_addr(struct rtattr *attrs, int len) family); inet_ntop(AF_INET6, RTA_DATA(attrs), str, sizeof(str)); printf("%s", str); + if (port) + printf(" %d", port); } if (attrs->rta_type == MPTCP_PM_ADDR_ATTR_ID) { memcpy(&id, RTA_DATA(attrs), 1); -- 2.26.2

Geliang Tang

3:01 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 8/9] mptcp: add the mibs for ADD_ADDR with port

This patch added the mibs for ADD_ADDR with port: MPTCP_MIB_PORTADD for receiving of the ADD_ADDR suboption with a port number. MPTCP_MIB_PORTSYNRX, MPTCP_MIB_PORTSYNACKRX, MPTCP_MIB_PORTACKRX, for receiving of the MP_JOIN's SYN or SYN/ACK or ACK with a port number which is different from the msk's port number. Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> --- net/mptcp/mib.c | 4 ++++ net/mptcp/mib.h | 4 ++++ net/mptcp/options.c | 4 ++++ net/mptcp/subflow.c | 3 +++ 4 files changed, 15 insertions(+) diff --git a/net/mptcp/mib.c b/net/mptcp/mib.c index 84d119436b22..5e8f7827cfe0 100644 --- a/net/mptcp/mib.c +++ b/net/mptcp/mib.c @@ -29,6 +29,10 @@ static const struct snmp_mib mptcp_snmp_list[] = { SNMP_MIB_ITEM("DuplicateData", MPTCP_MIB_DUPDATA), SNMP_MIB_ITEM("AddAddr", MPTCP_MIB_ADDADDR), SNMP_MIB_ITEM("EchoAdd", MPTCP_MIB_ECHOADD), + SNMP_MIB_ITEM("PortAdd", MPTCP_MIB_PORTADD), + SNMP_MIB_ITEM("PortSynRx", MPTCP_MIB_PORTSYNRX), + SNMP_MIB_ITEM("PortSynAckRx", MPTCP_MIB_PORTSYNACKRX), + SNMP_MIB_ITEM("PortAckRx", MPTCP_MIB_PORTACKRX), SNMP_MIB_ITEM("RmAddr", MPTCP_MIB_RMADDR), SNMP_MIB_ITEM("RmSubflow", MPTCP_MIB_RMSUBFLOW), SNMP_MIB_SENTINEL diff --git a/net/mptcp/mib.h b/net/mptcp/mib.h index 47bcecce1106..b762941d492f 100644 --- a/net/mptcp/mib.h +++ b/net/mptcp/mib.h @@ -22,6 +22,10 @@ enum linux_mptcp_mib_field { MPTCP_MIB_DUPDATA, /* Segments discarded due to duplicate DSS */ MPTCP_MIB_ADDADDR, /* Received ADD_ADDR with echo-flag=0 */ MPTCP_MIB_ECHOADD, /* Received ADD_ADDR with echo-flag=1 */ + MPTCP_MIB_PORTADD, /* Received ADD_ADDR with port */ + MPTCP_MIB_PORTSYNRX, /* Received a SYN + MP_JOIN with port */ + MPTCP_MIB_PORTSYNACKRX, /* Received a SYN/ACK + MP_JOIN with port */ + MPTCP_MIB_PORTACKRX, /* Received an ACK + MP_JOIN with port */ MPTCP_MIB_RMADDR, /* Received RM_ADDR */ MPTCP_MIB_RMSUBFLOW, /* Remove a subflow */ __MPTCP_MIB_MAX diff --git a/net/mptcp/options.c b/net/mptcp/options.c index d1b4c5d208a9..9db824b1ed33 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -959,6 +959,10 @@ void mptcp_incoming_options(struct sock *sk, struct sk_buff *skb) mptcp_pm_del_add_timer(msk, &addr); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_ECHOADD); } + + if (mp_opt.port) + MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_PORTADD); + mp_opt.add_addr = 0; } diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index cb72327c006a..6193e53d4af1 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -196,6 +196,7 @@ static void subflow_init_req(struct request_sock *req, subflow_req->mp_join = 0; return; } + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_PORTSYNRX); } } } @@ -374,6 +375,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) pr_debug("synack inet_dport=%d %d", ntohs(inet_sk(sk)->inet_dport), ntohs(inet_sk(parent)->inet_dport)); + MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_PORTSYNACKRX); } } else if (mptcp_check_fallback(sk)) { fallback: @@ -644,6 +646,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, ntohs(inet_sk((struct sock *)owner)->inet_sport)); if (!mptcp_pm_sport_in_anno_list(owner, sk)) goto out; + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_PORTACKRX); } } } -- 2.26.2

Geliang Tang

3:01 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 9/9] selftests: mptcp: add testcases for ADD_ADDR with port

This patch added testcases for ADD_ADDR with port and the related MIB counters check in chk_add_nr. The output looks like this: 24 signal address with port syn[ ok ] - synack[ ok ] - ack[ ok ] add[ ok ] - echo [ ok ] - pt [ ok ] syn[ ok ] - synack[ ok ] - ack[ ok ] 25 subflow and signal with port syn[ ok ] - synack[ ok ] - ack[ ok ] add[ ok ] - echo [ ok ] - pt [ ok ] syn[ ok ] - synack[ ok ] - ack[ ok ] 26 remove single address with port syn[ ok ] - synack[ ok ] - ack[ ok ] add[ ok ] - echo [ ok ] - pt [ ok ] syn[ ok ] - synack[ ok ] - ack[ ok ] rm [ ok ] - sf [ ok ] Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> --- .../testing/selftests/net/mptcp/mptcp_join.sh | 114 +++++++++++++++++- 1 file changed, 113 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 0eae628d1ffd..10d702a1e5d3 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -429,6 +429,10 @@ chk_add_nr() { local add_nr=$1 local echo_nr=$2 + local port_nr=${3:-0} + local syn_nr=${4:-$port_nr} + local syn_ack_nr=${5:-$port_nr} + local ack_nr=${6:-$port_nr} local count local dump_stats @@ -451,7 +455,55 @@ chk_add_nr() ret=1 dump_stats=1 else - echo "[ ok ]" + echo -n "[ ok ]" + fi + + if [ $port_nr -gt 0 ]; then + echo -n " - pt " + count=`ip netns exec $ns2 nstat -as | grep MPTcpExtPortAdd | awk '{print $2}'` + [ -z "$count" ] && count=0 + if [ "$count" != "$port_nr" ]; then + echo "[fail] got $count ADD_ADDR[s] with port expected $port_nr" + ret=1 + dump_stats=1 + else + echo "[ ok ]" + fi + + printf "%-39s %s" " " "syn" + count=`ip netns exec $ns1 nstat -as | grep MPTcpExtPortSynRx | awk '{print $2}'` + [ -z "$count" ] && count=0 + if [ "$count" != "$syn_nr" ]; then + echo "[fail] got $count JOIN[s] syn with port expected $syn_nr" + ret=1 + dump_stats=1 + else + echo -n "[ ok ]" + fi + + echo -n " - synack" + count=`ip netns exec $ns2 nstat -as | grep MPTcpExtPortSynAckRx | awk '{print $2}'` + [ -z "$count" ] && count=0 + if [ "$count" != "$syn_ack_nr" ]; then + echo "[fail] got $count JOIN[s] synack with port expected $syn_ack_nr" + ret=1 + dump_stats=1 + else + echo -n "[ ok ]" + fi + + echo -n " - ack" + count=`ip netns exec $ns1 nstat -as | grep MPTcpExtPortAckRx | awk '{print $2}'` + [ -z "$count" ] && count=0 + if [ "$count" != "$ack_nr" ]; then + echo "[fail] got $count JOIN[s] ack with port expected $ack_nr" + ret=1 + dump_stats=1 + else + echo "[ ok ]" + fi + else + echo "" fi if [ "${dump_stats}" = 1 ]; then @@ -717,6 +769,66 @@ chk_join_nr "remove subflow and signal IPv6" 2 2 2 chk_add_nr 1 1 chk_rm_nr 1 1 +# signal address with port +reset +ip netns exec $ns1 ./pm_nl_ctl limits 0 1 +ip netns exec $ns2 ./pm_nl_ctl limits 1 1 +ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal port 10100 +run_tests $ns1 $ns2 10.0.1.1 +chk_join_nr "signal address with port" 1 1 1 +chk_add_nr 1 1 1 + +# subflow and signal with port +reset +ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal port 10100 +ip netns exec $ns1 ./pm_nl_ctl limits 0 2 +ip netns exec $ns2 ./pm_nl_ctl limits 1 2 +ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow +run_tests $ns1 $ns2 10.0.1.1 +chk_join_nr "subflow and signal with port" 2 2 2 +chk_add_nr 1 1 1 + +# single address with port, remove +reset +ip netns exec $ns1 ./pm_nl_ctl limits 0 1 +ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal port 10100 +ip netns exec $ns2 ./pm_nl_ctl limits 1 1 +run_tests $ns1 $ns2 10.0.1.1 0 1 0 slow +chk_join_nr "remove single address with port" 1 1 1 +chk_add_nr 1 1 1 +chk_rm_nr 0 0 + +# subflow and signal with port, remove +reset +ip netns exec $ns1 ./pm_nl_ctl limits 0 2 +ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal port 10100 +ip netns exec $ns2 ./pm_nl_ctl limits 1 2 +ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow +run_tests $ns1 $ns2 10.0.1.1 0 1 1 slow +chk_join_nr "remove subflow and signal with port" 2 2 2 +chk_add_nr 1 1 1 +chk_rm_nr 1 1 + +# multiple addresses with port +reset +ip netns exec $ns1 ./pm_nl_ctl limits 2 2 +ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal port 10100 +ip netns exec $ns1 ./pm_nl_ctl add 10.0.3.1 flags signal port 10100 +ip netns exec $ns2 ./pm_nl_ctl limits 2 2 +run_tests $ns1 $ns2 10.0.1.1 +chk_join_nr "multiple addresses with port" 2 2 2 +chk_add_nr 2 2 2 + +# multiple addresses with ports +reset +ip netns exec $ns1 ./pm_nl_ctl limits 2 2 +ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal port 10100 +ip netns exec $ns1 ./pm_nl_ctl add 10.0.3.1 flags signal port 10101 +ip netns exec $ns2 ./pm_nl_ctl limits 2 2 +run_tests $ns1 $ns2 10.0.1.1 +chk_join_nr "multiple addresses with ports" 2 2 2 +chk_add_nr 2 2 2 + # single subflow, syncookies reset_with_cookies ip netns exec $ns1 ./pm_nl_ctl limits 0 1 -- 2.26.2

Geliang Tang

3:10 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 9/9] selftests: mptcp: add testcases for ADD_ADDR with port

Sorry, there's a checkpatch.pl warning here: WARNING: Possible unwrapped commit description (prefer a maximum 75 chars per line) #19: This patch added testcases for ADD_ADDR with port and the related MIB counters Please update the commit message to: """ This patch added testcases for ADD_ADDR with port and the related MIB counters check in chk_add_nr. The output looks like this: """ -Geliang Geliang Tang <geliangtang(a)gmail.com> 于2020年11月25日周三上午11:01写道： > > This patch added testcases for ADD_ADDR with port and the related MIB counters > check in chk_add_nr. The output looks like this: > > 24 signal address with port syn[ ok ] - synack[ ok ] - ack[ ok ] > add[ ok ] - echo [ ok ] - pt [ ok ] > syn[ ok ] - synack[ ok ] - ack[ ok ] > 25 subflow and signal with port syn[ ok ] - synack[ ok ] - ack[ ok ] > add[ ok ] - echo [ ok ] - pt [ ok ] > syn[ ok ] - synack[ ok ] - ack[ ok ] > 26 remove single address with port syn[ ok ] - synack[ ok ] - ack[ ok ] > add[ ok ] - echo [ ok ] - pt [ ok ] > syn[ ok ] - synack[ ok ] - ack[ ok ] > rm [ ok ] - sf [ ok ] > > Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> > --- > .../testing/selftests/net/mptcp/mptcp_join.sh | 114 +++++++++++++++++- > 1 file changed, 113 insertions(+), 1 deletion(-) > > diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh > index 0eae628d1ffd..10d702a1e5d3 100755 > --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh > +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh > @@ -429,6 +429,10 @@ chk_add_nr() > { > local add_nr=$1 > local echo_nr=$2 > + local port_nr=${3:-0} > + local syn_nr=${4:-$port_nr} > + local syn_ack_nr=${5:-$port_nr} > + local ack_nr=${6:-$port_nr} > local count > local dump_stats > > @@ -451,7 +455,55 @@ chk_add_nr() > ret=1 > dump_stats=1 > else > - echo "[ ok ]" > + echo -n "[ ok ]" > + fi > + > + if [ $port_nr -gt 0 ]; then > + echo -n " - pt " > + count=`ip netns exec $ns2 nstat -as | grep MPTcpExtPortAdd | awk '{print $2}'` > + [ -z "$count" ] && count=0 > + if [ "$count" != "$port_nr" ]; then > + echo "[fail] got $count ADD_ADDR[s] with port expected $port_nr" > + ret=1 > + dump_stats=1 > + else > + echo "[ ok ]" > + fi > + > + printf "%-39s %s" " " "syn" > + count=`ip netns exec $ns1 nstat -as | grep MPTcpExtPortSynRx | awk '{print $2}'` > + [ -z "$count" ] && count=0 > + if [ "$count" != "$syn_nr" ]; then > + echo "[fail] got $count JOIN[s] syn with port expected $syn_nr" > + ret=1 > + dump_stats=1 > + else > + echo -n "[ ok ]" > + fi > + > + echo -n " - synack" > + count=`ip netns exec $ns2 nstat -as | grep MPTcpExtPortSynAckRx | awk '{print $2}'` > + [ -z "$count" ] && count=0 > + if [ "$count" != "$syn_ack_nr" ]; then > + echo "[fail] got $count JOIN[s] synack with port expected $syn_ack_nr" > + ret=1 > + dump_stats=1 > + else > + echo -n "[ ok ]" > + fi > + > + echo -n " - ack" > + count=`ip netns exec $ns1 nstat -as | grep MPTcpExtPortAckRx | awk '{print $2}'` > + [ -z "$count" ] && count=0 > + if [ "$count" != "$ack_nr" ]; then > + echo "[fail] got $count JOIN[s] ack with port expected $ack_nr" > + ret=1 > + dump_stats=1 > + else > + echo "[ ok ]" > + fi > + else > + echo "" > fi > > if [ "${dump_stats}" = 1 ]; then > @@ -717,6 +769,66 @@ chk_join_nr "remove subflow and signal IPv6" 2 2 2 > chk_add_nr 1 1 > chk_rm_nr 1 1 > > +# signal address with port > +reset > +ip netns exec $ns1 ./pm_nl_ctl limits 0 1 > +ip netns exec $ns2 ./pm_nl_ctl limits 1 1 > +ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal port 10100 > +run_tests $ns1 $ns2 10.0.1.1 > +chk_join_nr "signal address with port" 1 1 1 > +chk_add_nr 1 1 1 > + > +# subflow and signal with port > +reset > +ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal port 10100 > +ip netns exec $ns1 ./pm_nl_ctl limits 0 2 > +ip netns exec $ns2 ./pm_nl_ctl limits 1 2 > +ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow > +run_tests $ns1 $ns2 10.0.1.1 > +chk_join_nr "subflow and signal with port" 2 2 2 > +chk_add_nr 1 1 1 > + > +# single address with port, remove > +reset > +ip netns exec $ns1 ./pm_nl_ctl limits 0 1 > +ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal port 10100 > +ip netns exec $ns2 ./pm_nl_ctl limits 1 1 > +run_tests $ns1 $ns2 10.0.1.1 0 1 0 slow > +chk_join_nr "remove single address with port" 1 1 1 > +chk_add_nr 1 1 1 > +chk_rm_nr 0 0 > + > +# subflow and signal with port, remove > +reset > +ip netns exec $ns1 ./pm_nl_ctl limits 0 2 > +ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal port 10100 > +ip netns exec $ns2 ./pm_nl_ctl limits 1 2 > +ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow > +run_tests $ns1 $ns2 10.0.1.1 0 1 1 slow > +chk_join_nr "remove subflow and signal with port" 2 2 2 > +chk_add_nr 1 1 1 > +chk_rm_nr 1 1 > + > +# multiple addresses with port > +reset > +ip netns exec $ns1 ./pm_nl_ctl limits 2 2 > +ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal port 10100 > +ip netns exec $ns1 ./pm_nl_ctl add 10.0.3.1 flags signal port 10100 > +ip netns exec $ns2 ./pm_nl_ctl limits 2 2 > +run_tests $ns1 $ns2 10.0.1.1 > +chk_join_nr "multiple addresses with port" 2 2 2 > +chk_add_nr 2 2 2 > + > +# multiple addresses with ports > +reset > +ip netns exec $ns1 ./pm_nl_ctl limits 2 2 > +ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal port 10100 > +ip netns exec $ns1 ./pm_nl_ctl add 10.0.3.1 flags signal port 10101 > +ip netns exec $ns2 ./pm_nl_ctl limits 2 2 > +run_tests $ns1 $ns2 10.0.1.1 > +chk_join_nr "multiple addresses with ports" 2 2 2 > +chk_add_nr 2 2 2 > + > # single subflow, syncookies > reset_with_cookies > ip netns exec $ns1 ./pm_nl_ctl limits 0 1 > -- > 2.26.2 >

Paolo Abeni

10:03 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 8/9] mptcp: add the mibs for ADD_ADDR with port

On Wed, 2020-11-25 at 11:01 +0800, Geliang Tang wrote:

...

We likely want to increment some 'bad port' MIB counter in case of mismatch. @Christoph: looks like mptcp.org does not have MIBs for these things, any plan to add them? any suggestions on relevant names/things to track? Thanks! Paolo

Matthieu Baerts

10:31 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 8/9] mptcp: add the mibs for ADD_ADDR with port

Hi Paolo, On 25/11/2020 11:03, Paolo Abeni wrote:

...

On Wed, 2020-11-25 at 11:01 +0800, Geliang Tang wrote: > This patch added the mibs for ADD_ADDR with port: > > MPTCP_MIB_PORTADD for receiving of the ADD_ADDR suboption with a port > number. MPTCP_MIB_PORTSYNRX, MPTCP_MIB_PORTSYNACKRX, MPTCP_MIB_PORTACKRX, > for receiving of the MP_JOIN's SYN or SYN/ACK or ACK with a port number > which is different from the msk's port number. > > Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> > ---

(...)

...

> diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c > index cb72327c006a..6193e53d4af1 100644 > --- a/net/mptcp/subflow.c > +++ b/net/mptcp/subflow.c > @@ -196,6 +196,7 @@ static void subflow_init_req(struct request_sock *req, > subflow_req->mp_join = 0; We likely want to increment some 'bad port' MIB counter in case of mismatch. @Christoph: looks like mptcp.org does not have MIBs for these things, any plan to add them? any suggestions on relevant names/things to track?

In mptcp.org, we have one MIB counter related to MP_JOIN on a different port: MPTCP_MIB_JOINALTERNATEPORT https://github.com/multipath-tcp/mptcp/commit/b53ad83908483f28f608b I don't think any PMs in mptcp.org announce an address with a different port but we have "ndiffport" that sends MP_JOIN to a different port. It works because we accept MP_JOIN sent to any port (hack). I think it is not a bad thing to have these new counters :) But maybe we should prefix the PORTSYN/SYNACK/ACK ones with JOIN? (e.g. MPTCP_MIB_JOINPORTSYNRX and MPJoinPortSynRx ; or with "Port" at the end) It is still an MP_JOIN we receive but to a different port. Do you mean we might not need them? Cheers, Matt -- Tessares | Belgium | Hybrid Access Solutions www.tessares.net

Paolo Abeni

12:15 p.m.

New subject: [MPTCP][PATCH v6 mptcp-next 8/9] mptcp: add the mibs for ADD_ADDR with port

On Wed, 2020-11-25 at 11:31 +0100, Matthieu Baerts wrote:

...

I think it is not a bad thing to have these new counters :) But maybe we should prefix the PORTSYN/SYNACK/ACK ones with JOIN? (e.g. MPTCP_MIB_JOINPORTSYNRX and MPJoinPortSynRx ; or with "Port" at the end) It is still an MP_JOIN we receive but to a different port. Do you mean we might not need them?

No, I agree we need them. I was looking for uniform naming and/or collected events. Cheers, Paolo

Geliang Tang

5:28 a.m.

New subject: [MPTCP][PATCH mptcp-next] Squash to "mptcp: add port number announced check"

Use a more strict check in mptcp_pm_sport_in_anno_list. Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> --- net/mptcp/pm_netlink.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 09e96007a56a..da8d2c77a02d 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -111,6 +111,19 @@ static void remote_address(const struct sock_common *skc, #endif } +static void source_address(const struct sock *sk, + struct mptcp_addr_info *addr) +{ + addr->family = ((struct sock_common *)sk)->skc_family; + addr->port = inet_sk(sk)->inet_sport; + if (addr->family == AF_INET) + addr->addr.s_addr = inet_sk(sk)->inet_saddr; +#if IS_ENABLED(CONFIG_MPTCP_IPV6) + else if (addr->family == AF_INET6) + addr->addr6 = inet_sk(sk)->pinet6->saddr; +#endif +} + static bool lookup_subflow_by_saddr(const struct list_head *list, struct mptcp_addr_info *saddr) { @@ -205,11 +218,14 @@ lookup_anno_list_by_saddr(struct mptcp_sock *msk, bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock *sk) { struct mptcp_pm_add_entry *entry; + struct mptcp_addr_info saddr; bool ret = false; + source_address(sk, &saddr); + spin_lock_bh(&msk->pm.lock); list_for_each_entry(entry, &msk->pm.anno_list, list) { - if (entry->addr.port == inet_sk(sk)->inet_sport) { + if (addresses_equal(&entry->addr, &saddr, true)) { ret = true; goto out; } -- 2.26.2

Paolo Abeni

9:09 a.m.

New subject: [MPTCP][PATCH mptcp-next] Squash to "mptcp: add port number announced check"

On Wed, 2020-11-25 at 13:28 +0800, Geliang Tang wrote:

...

If sk can be a request_sock, and thus we are forced to access the 5- tuple fields via sock_common, it's better to specify a sock_common argument...

...

+ addr->port = inet_sk(sk)->inet_sport;

... and this access will be invalid if 'sk' is a request_socket, you should use skc_num instead (which is in host byte order).

...

+ if (addr->family == AF_INET) + addr->addr.s_addr = inet_sk(sk)->inet_saddr;

Same here, you should use 'skc_rcv_saddr'

...

+#if IS_ENABLED(CONFIG_MPTCP_IPV6) + else if (addr->family == AF_INET6) + addr->addr6 = inet_sk(sk)->pinet6->saddr;

Same here, you should use 'skc_v6_rcv_saddr' Cheers, Paolo

Paolo Abeni

9:54 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 5/9] mptcp: add port number announced check

On Wed, 2020-11-25 at 11:01 +0800, Geliang Tang wrote:

...

Is this enough to cause - later - reset for this request socket? I *think* we should do this test earlier - before the syncookie check, and ev. clear subflow_req->msk in case of failure -> so that the syncookie will not be created. Additionally, in subflow_syn_recv_sock(), after options parsing, we should check for NULL subflow_req->msk and eventually fallback. Inverting the order of the existing mptcp_can_accept_new_subflow() and subflow_hmac_valid() checks should suffice. Note: I think this later change is actually an independed bug fix, I fear a peer sending an MP_JOIN with an invalid token will get back an MPJ_SYNACK, while the subflow_req->msk will be cleared. Later in subflow_syn_recv_sock(), we will probably get a NULL ptr dereference in mptcp_can_accept_new_subflow(). @Davide: can we somehow easily check the above with a packet drill? Thanks! /P

Davide Caratti

10:06 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 5/9] mptcp: add port number announced check

On Wed, 2020-11-25 at 10:54 +0100, Paolo Abeni wrote:

...

Note: I think this later change is actually an independed bug fix, I fear a peer sending an MP_JOIN with an invalid token will get back an MPJ_SYNACK, while the subflow_req->msk will be cleared. Later in subflow_syn_recv_sock(), we will probably get a NULL ptr dereference in mptcp_can_accept_new_subflow(). @Davide: can we somehow easily check the above with a packet drill? Thanks!

yes I can try that. I'm now looking once again at the MP_JOIN script (issue #94) and trying to fix this in a way or another (the problem is apparently bad values of [s,c]addr[0,1] in the environment. But at least generation of an inbound MP_JOIN SYN should be under control. I do a quicjk tyest and let you know, ok? -- davide

Davide Caratti

8:33 p.m.

New subject: [MPTCP][PATCH v6 mptcp-next 5/9] mptcp: add port number announced check

On Wed, 2020-11-25 at 11:06 +0100, Davide Caratti wrote:

...

On Wed, 2020-11-25 at 10:54 +0100, Paolo Abeni wrote: > Note: I think this later change is actually an independed bug fix, I > fear a peer sending an MP_JOIN with an invalid token will get back an > MPJ_SYNACK, while the subflow_req->msk will be cleared. Later > in subflow_syn_recv_sock(), we will probably get a NULL ptr dereference > in mptcp_can_accept_new_subflow(). > > @Davide: can we somehow easily check the above with a packet drill? > > Thanks! yes I can try that. I'm now looking once again at the MP_JOIN script (issue #94) and trying to fix this in a way or another (the problem is apparently bad values of [s,c]addr[0,1] in the environment. But at least generation of an inbound MP_JOIN SYN should be under control.

last famous words :) the parsing of "sender_hmac" definetly needs some "love".

...

I do a quicjk tyest and let you know, ok?

the test was not quick, *but* with a slightly modified packetdrill, and the following script, --tolerance_usecs=100000 `../common/defaults.sh` +0 `../common/server.sh` +0.0 socket(..., SOCK_STREAM, IPPROTO_MPTCP) = 3 +0.0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 +0.0 fcntl(3, F_GETFL) = 0x2 (flags O_RDWR) +0.0 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 +0 bind(3, ..., ...) = 0 +0 listen(3, 1) = 0 +0.0 < addr[caddr0] > addr[saddr0] S 0:0(0) win 65535 <mss 1460,sackOK,TS val 4074410674 ecr 0,nop,wscale 8,mpcapable v1 flags[flag_h] nokey> +0.0 > S. 0:0(0) ack 1 <mss 1460,sackOK,TS val 4074410674 ecr 4074410674,nop,wscale 8,mpcapable v1 flags[flag_h] key[skey]> +0.0 < . 1:1(0) ack 1 win 256 <nop,nop,TS val 4074410674 ecr 4074410674,mpcapable v1 flags[flag_h] key[ckey=2,skey]> +0 accept(3, ..., ...) = 4 +1.0 < P. 1:3(2) ack 1 win 256 <nop,nop,TS val 4074418292 ecr 4074410674,mpcapable v1 flags[flag_h] key[skey,ckey] mpcdatalen 2,nop,nop> +0.0 > . 1:1(0) ack 3 <nop,nop,TS val 4074418293 ecr 4074418292,add_address addr[saddr1] hmac=auto,dss dack8=3 dll=0 nocs> // I'm a bad mp_join syn! +0.0 < addr[caddr1] > addr[saddr1] S 0:0(0) win 65535 <mss 1460,sackOK,TS val 448955294 ecr 0,nop,wscale 8,mp_join_syn backup=1 address_id=2 token=666 rand=0> +0.0 > S. 0:0(0) ack 1 <mss 1460,sackOK,TS val 448955294 ecr 448955294,nop,wscale 8,mp_join_syn_ack backup=1 address_id=0 sender_hmac=0> +0.0 < . 1:1(0) ack 1 win 256 <nop,nop,TS val 448955294 ecr 448955294,mp_join_ack sender_hmac=auto> I was able to reproduce the NULL dereference: [16663.161104] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI [16663.162606] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [16663.163562] CPU: 1 PID: 4857 Comm: packetdrill Not tainted 5.10.0-rc4+ #295 [16663.164425] Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014 [16663.165562] RIP: 0010:subflow_syn_recv_sock+0x716/0x14d0 [16663.166243] Code: 48 c1 ee 03 80 3c 16 00 0f 85 f0 09 00 00 4c 8b 83 88 01 00 00 48 ba 00 00 00 00 00 fc ff df 49 8d 78 12 48 89 fe 48 c1 ee 03 <0f> b6 14 16 48 89 fe 83 e6 07 40 38 f2 7f 32 84 d2 74 2e 48 89 44 [16663.168579] RSP: 0018:ffff888114426f58 EFLAGS: 00010212 [16663.169237] RAX: ffff888114426ff8 RBX: ffff88810e7f5c20 RCX: ffff88810e7f5da8 [16663.170133] RDX: dffffc0000000000 RSI: 0000000000000002 RDI: 0000000000000012 [16663.171041] RBP: ffff8881144271b8 R08: 0000000000000000 R09: ffffed1022884e09 [16663.171926] R10: 0000000000000001 R11: ffffed1022884e08 R12: ffff888121696000 [16663.172796] R13: ffff888108413cc0 R14: ffff8881129cee00 R15: 1ffff11022884df3 [16663.173674] FS: 00007f396bbc2100(0000) GS:ffff888145200000(0000) knlGS:0000000000000000 [16663.174682] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [16663.175412] CR2: 0000000001bf0000 CR3: 0000000113cb6000 CR4: 0000000000350ee0 [16663.176283] Call Trace: [16663.176626] ? __lock_acquire+0xceb/0x3970 [16663.177150] ? subflow_drop_ctx+0x330/0x330 [16663.177698] ? kvm_sched_clock_read+0x14/0x30 [16663.178259] ? sched_clock+0x5/0x10 [16663.178711] ? find_held_lock+0x3a/0x1c0 [16663.179208] ? lock_downgrade+0x700/0x700 [16663.179745] tcp_check_req+0x3e2/0x14e0 [16663.180232] ? tcp_create_openreq_child+0x14e0/0x14e0 [16663.180870] ? tcp_v4_inbound_md5_hash+0xdf/0x3a0 [16663.181475] ? bpf_skb_set_tunnel_opt+0x2d0/0x2d0 [16663.182080] ? memmove+0x38/0x60 [16663.182498] tcp_v4_rcv+0x1f90/0x3870 [16663.182972] ? tcp_v4_early_demux+0x7b0/0x7b0 [16663.183532] ? rcu_read_lock_sched_held+0x90/0xd0 [16663.184124] ? rcu_read_lock_sched_held+0xd0/0xd0 [16663.184722] ? rcu_read_unlock+0x40/0x40 [16663.185225] ip_protocol_deliver_rcu+0x76/0x6b0 [16663.185809] ip_local_deliver_finish+0x207/0x300 [16663.186394] ip_local_deliver+0x19e/0x3f0 [16663.186908] ? ip_local_deliver_finish+0x300/0x300 [16663.187518] ? rcu_read_lock_sched_held+0xd0/0xd0 [16663.188112] ip_rcv+0xce/0x2f0 [16663.188508] ? ip_local_deliver+0x3f0/0x3f0 [16663.189035] ? rcu_read_lock_sched_held+0xa1/0xd0 [16663.189632] ? ip_local_deliver+0x3f0/0x3f0 [16663.190177] __netif_receive_skb_one_core+0x16a/0x1b0 [16663.190816] ? __netif_receive_skb_core+0x3380/0x3380 [16663.191464] ? rcu_read_unlock+0x40/0x40 [16663.191959] ? lockdep_hardirqs_on_prepare+0x12c/0x3d0 [16663.192610] ? kvm_clock_get_cycles+0x14/0x20 [16663.193179] ? ktime_get_with_offset+0xfb/0x1e0 [16663.193750] netif_receive_skb+0x15b/0x760 [16663.194274] ? __netif_receive_skb+0x1a0/0x1a0 [16663.194832] ? lockdep_hardirqs_on_prepare+0x3d0/0x3d0 [16663.195507] tun_rx_batched.isra.54+0x46f/0x7e0 [tun] [16663.196148] ? lock_acquire+0x1c8/0x7f0 [16663.196633] ? tun_set_ebpf+0xe0/0xe0 [tun] [16663.197160] ? lock_downgrade+0x700/0x700 [16663.197681] ? rcu_read_unlock+0x40/0x40 [16663.198187] ? lockdep_hardirqs_on_prepare+0x27c/0x3d0 [16663.198842] ? __local_bh_enable_ip+0xa5/0xf0 [16663.199397] tun_get_user+0x256a/0x38a0 [tun] [16663.199943] ? print_usage_bug+0x1a0/0x1a0 [16663.200469] ? tun_build_skb.isra.57+0x11a0/0x11a0 [tun] [16663.201141] ? kvm_sched_clock_read+0x14/0x30 [16663.201693] ? sched_clock+0x5/0x10 [16663.202134] ? sched_clock_cpu+0x18/0x170 [16663.202649] ? find_held_lock+0x3a/0x1c0 [16663.203149] ? lock_downgrade+0x700/0x700 [16663.203664] ? rcu_read_lock_sched_held+0xd0/0xd0 [16663.204254] tun_chr_write_iter+0xb5/0x150 [tun] [16663.204853] do_iter_readv_writev+0x433/0x6d0 [16663.205411] ? new_sync_write+0x620/0x620 [16663.205911] do_iter_write+0x135/0x600 [16663.206415] ? import_iovec+0x43/0x80 [16663.206878] vfs_writev+0x150/0x4f0 [16663.207337] ? vfs_iter_write+0xc0/0xc0 [16663.207838] ? __fget_files+0x1ce/0x2e0 [16663.208330] ? do_writev+0x100/0x280 [16663.208778] do_writev+0x100/0x280 [16663.209208] ? vfs_writev+0x4f0/0x4f0 [16663.209682] do_syscall_64+0x33/0x40 [16663.210148] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [16663.210786] RIP: 0033:0x7f396ae9499f [16663.211241] Code: 00 00 00 41 54 41 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 33 6c 01 00 44 89 e2 48 89 ee 89 df 41 89 c0 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 6c 6c 01 00 48 [16663.213561] RSP: 002b:00007ffc691459b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 [16663.214480] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f396ae9499f [16663.215378] RDX: 0000000000000002 RSI: 00007ffc691459f0 RDI: 0000000000000004 [16663.216268] RBP: 00007ffc691459f0 R08: 0000000000000000 R09: 00007f396bbc2100 [16663.217148] R10: 000000007fffffff R11: 0000000000000293 R12: 0000000000000002 [16663.218044] R13: 00007ffc69145f80 R14: 0000000000000000 R15: 0000000000000000 [16663.218937] Modules linked in: tun rfkill iTCO_wdt iTCO_vendor_support joydev pcspkr virtio_balloon i2c_i801 i2c_smbus lpc_ich ip_tables xfs libcrc32c crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ahci libahci serio_raw libata virtio_blk virtio_net net_failover virtio_console failover sunrpc dm_mirror dm_region_hash dm_log dm_mod [16663.222886] ---[ end trace 7ff0b93e894b1e70 ]--- [16663.223524] RIP: 0010:subflow_syn_recv_sock+0x716/0x14d0 [16663.224199] Code: 48 c1 ee 03 80 3c 16 00 0f 85 f0 09 00 00 4c 8b 83 88 01 00 00 48 ba 00 00 00 00 00 fc ff df 49 8d 78 12 48 89 fe 48 c1 ee 03 <0f> b6 14 16 48 89 fe 83 e6 07 40 38 f2 7f 32 84 d2 74 2e 48 89 44 [16663.226546] RSP: 0018:ffff888114426f58 EFLAGS: 00010212 [16663.227204] RAX: ffff888114426ff8 RBX: ffff88810e7f5c20 RCX: ffff88810e7f5da8 [16663.228109] RDX: dffffc0000000000 RSI: 0000000000000002 RDI: 0000000000000012 [16663.229022] RBP: ffff8881144271b8 R08: 0000000000000000 R09: ffffed1022884e09 [16663.229911] R10: 0000000000000001 R11: ffffed1022884e08 R12: ffff888121696000 [16663.230832] R13: ffff888108413cc0 R14: ffff8881129cee00 R15: 1ffff11022884df3 [16663.231754] FS: 00007f396bbc2100(0000) GS:ffff888145200000(0000) knlGS:0000000000000000 [16663.232776] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [16663.233498] CR2: 0000000001bf0000 CR3: 0000000113cb6000 CR4: 0000000000350ee0 [16663.234385] Kernel panic - not syncing: Fatal exception in interrupt [16663.238356] Kernel Offset: 0x3a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [16663.239699] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- @Paolo, your analysis is correct: the server responds to the (d)evil inbound "MP_JOIN syn" with a MP_JOIN synack having sender HMAC equal to 0; the 3rd packet triggers the NULL dereference. $ ./scripts/faddr2line vmlinux subflow_syn_recv_sock+0x716 subflow_syn_recv_sock+0x716/0x14d0: inet_sk_state_load at include/net/inet_sock.h:312 (discriminator 1) (inlined by) mptcp_is_fully_established at net/mptcp/protocol.h:495 (discriminator 1) (inlined by) mptcp_can_accept_new_subflow at net/mptcp/subflow.c:59 (discriminator 1) (inlined by) subflow_syn_recv_sock at net/mptcp/subflow.c:547 (discriminator 1) -- davide

Paolo Abeni

Thursday, 26 November Thu, 26 Nov

9:56 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 5/9] mptcp: add port number announced check

On Wed, 2020-11-25 at 21:33 +0100, Davide Caratti wrote:

...

On Wed, 2020-11-25 at 11:06 +0100, Davide Caratti wrote: > On Wed, 2020-11-25 at 10:54 +0100, Paolo Abeni wrote: > > Note: I think this later change is actually an independed bug fix, I > > fear a peer sending an MP_JOIN with an invalid token will get back an > > MPJ_SYNACK, while the subflow_req->msk will be cleared. Later > > in subflow_syn_recv_sock(), we will probably get a NULL ptr dereference > > in mptcp_can_accept_new_subflow(). > > > > @Davide: can we somehow easily check the above with a packet drill? > > > > Thanks! > > yes I can try that. I'm now looking once again at the MP_JOIN script > (issue #94) and trying to fix this in a way or another (the problem is > apparently bad values of [s,c]addr[0,1] in the environment. But at least > generation of an inbound MP_JOIN SYN should be under control. last famous words :) the parsing of "sender_hmac" definetly needs some "love". > I do a > quicjk tyest and let you know, ok? the test was not quick, *but* with a slightly modified packetdrill, and the following script, --tolerance_usecs=100000 `../common/defaults.sh` +0 `../common/server.sh` +0.0 socket(..., SOCK_STREAM, IPPROTO_MPTCP) = 3 +0.0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 +0.0 fcntl(3, F_GETFL) = 0x2 (flags O_RDWR) +0.0 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 +0 bind(3, ..., ...) = 0 +0 listen(3, 1) = 0 +0.0 < addr[caddr0] > addr[saddr0] S 0:0(0) win 65535 <mss 1460,sackOK,TS val 4074410674 ecr 0,nop,wscale 8,mpcapable v1 flags[flag_h] nokey> +0.0 > S. 0:0(0) ack 1 <mss 1460,sackOK,TS val 4074410674 ecr 4074410674,nop,wscale 8,mpcapable v1 flags[flag_h] key[skey]> +0.0 < . 1:1(0) ack 1 win 256 <nop,nop,TS val 4074410674 ecr 4074410674,mpcapable v1 flags[flag_h] key[ckey=2,skey]> +0 accept(3, ..., ...) = 4 +1.0 < P. 1:3(2) ack 1 win 256 <nop,nop,TS val 4074418292 ecr 4074410674,mpcapable v1 flags[flag_h] key[skey,ckey] mpcdatalen 2,nop,nop> +0.0 > . 1:1(0) ack 3 <nop,nop,TS val 4074418293 ecr 4074418292,add_address addr[saddr1] hmac=auto,dss dack8=3 dll=0 nocs> // I'm a bad mp_join syn! +0.0 < addr[caddr1] > addr[saddr1] S 0:0(0) win 65535 <mss 1460,sackOK,TS val 448955294 ecr 0,nop,wscale 8,mp_join_syn backup=1 address_id=2 token=666 rand=0> +0.0 > S. 0:0(0) ack 1 <mss 1460,sackOK,TS val 448955294 ecr 448955294,nop,wscale 8,mp_join_syn_ack backup=1 address_id=0 sender_hmac=0> +0.0 < . 1:1(0) ack 1 win 256 <nop,nop,TS val 448955294 ecr 448955294,mp_join_ack sender_hmac=auto> I was able to reproduce the NULL dereference:

...

[16663.161104] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI [16663.162606] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [16663.163562] CPU: 1 PID: 4857 Comm: packetdrill Not tainted 5.10.0-rc4+ #295 [16663.164425] Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014 [16663.165562] RIP: 0010:subflow_syn_recv_sock+0x716/0x14d0 [16663.166243] Code: 48 c1 ee 03 80 3c 16 00 0f 85 f0 09 00 00 4c 8b 83 88 01 00 00 48 ba 00 00 00 00 00 fc ff df 49 8d 78 12 48 89 fe 48 c1 ee 03 <0f> b6 14 16 48 89 fe 83 e6 07 40 38 f2 7f 32 84 d2 74 2e 48 89 44 [16663.168579] RSP: 0018:ffff888114426f58 EFLAGS: 00010212 [16663.169237] RAX: ffff888114426ff8 RBX: ffff88810e7f5c20 RCX: ffff88810e7f5da8 [16663.170133] RDX: dffffc0000000000 RSI: 0000000000000002 RDI: 0000000000000012 [16663.171041] RBP: ffff8881144271b8 R08: 0000000000000000 R09: ffffed1022884e09 [16663.171926] R10: 0000000000000001 R11: ffffed1022884e08 R12: ffff888121696000 [16663.172796] R13: ffff888108413cc0 R14: ffff8881129cee00 R15: 1ffff11022884df3 [16663.173674] FS: 00007f396bbc2100(0000) GS:ffff888145200000(0000) knlGS:0000000000000000 [16663.174682] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [16663.175412] CR2: 0000000001bf0000 CR3: 0000000113cb6000 CR4: 0000000000350ee0 [16663.176283] Call Trace: [16663.176626] ? __lock_acquire+0xceb/0x3970 [16663.177150] ? subflow_drop_ctx+0x330/0x330 [16663.177698] ? kvm_sched_clock_read+0x14/0x30 [16663.178259] ? sched_clock+0x5/0x10 [16663.178711] ? find_held_lock+0x3a/0x1c0 [16663.179208] ? lock_downgrade+0x700/0x700 [16663.179745] tcp_check_req+0x3e2/0x14e0 [16663.180232] ? tcp_create_openreq_child+0x14e0/0x14e0 [16663.180870] ? tcp_v4_inbound_md5_hash+0xdf/0x3a0 [16663.181475] ? bpf_skb_set_tunnel_opt+0x2d0/0x2d0 [16663.182080] ? memmove+0x38/0x60 [16663.182498] tcp_v4_rcv+0x1f90/0x3870 [16663.182972] ? tcp_v4_early_demux+0x7b0/0x7b0 [16663.183532] ? rcu_read_lock_sched_held+0x90/0xd0 [16663.184124] ? rcu_read_lock_sched_held+0xd0/0xd0 [16663.184722] ? rcu_read_unlock+0x40/0x40 [16663.185225] ip_protocol_deliver_rcu+0x76/0x6b0 [16663.185809] ip_local_deliver_finish+0x207/0x300 [16663.186394] ip_local_deliver+0x19e/0x3f0 [16663.186908] ? ip_local_deliver_finish+0x300/0x300 [16663.187518] ? rcu_read_lock_sched_held+0xd0/0xd0 [16663.188112] ip_rcv+0xce/0x2f0 [16663.188508] ? ip_local_deliver+0x3f0/0x3f0 [16663.189035] ? rcu_read_lock_sched_held+0xa1/0xd0 [16663.189632] ? ip_local_deliver+0x3f0/0x3f0 [16663.190177] __netif_receive_skb_one_core+0x16a/0x1b0 [16663.190816] ? __netif_receive_skb_core+0x3380/0x3380 [16663.191464] ? rcu_read_unlock+0x40/0x40 [16663.191959] ? lockdep_hardirqs_on_prepare+0x12c/0x3d0 [16663.192610] ? kvm_clock_get_cycles+0x14/0x20 [16663.193179] ? ktime_get_with_offset+0xfb/0x1e0 [16663.193750] netif_receive_skb+0x15b/0x760 [16663.194274] ? __netif_receive_skb+0x1a0/0x1a0 [16663.194832] ? lockdep_hardirqs_on_prepare+0x3d0/0x3d0 [16663.195507] tun_rx_batched.isra.54+0x46f/0x7e0 [tun] [16663.196148] ? lock_acquire+0x1c8/0x7f0 [16663.196633] ? tun_set_ebpf+0xe0/0xe0 [tun] [16663.197160] ? lock_downgrade+0x700/0x700 [16663.197681] ? rcu_read_unlock+0x40/0x40 [16663.198187] ? lockdep_hardirqs_on_prepare+0x27c/0x3d0 [16663.198842] ? __local_bh_enable_ip+0xa5/0xf0 [16663.199397] tun_get_user+0x256a/0x38a0 [tun] [16663.199943] ? print_usage_bug+0x1a0/0x1a0 [16663.200469] ? tun_build_skb.isra.57+0x11a0/0x11a0 [tun] [16663.201141] ? kvm_sched_clock_read+0x14/0x30 [16663.201693] ? sched_clock+0x5/0x10 [16663.202134] ? sched_clock_cpu+0x18/0x170 [16663.202649] ? find_held_lock+0x3a/0x1c0 [16663.203149] ? lock_downgrade+0x700/0x700 [16663.203664] ? rcu_read_lock_sched_held+0xd0/0xd0 [16663.204254] tun_chr_write_iter+0xb5/0x150 [tun] [16663.204853] do_iter_readv_writev+0x433/0x6d0 [16663.205411] ? new_sync_write+0x620/0x620 [16663.205911] do_iter_write+0x135/0x600 [16663.206415] ? import_iovec+0x43/0x80 [16663.206878] vfs_writev+0x150/0x4f0 [16663.207337] ? vfs_iter_write+0xc0/0xc0 [16663.207838] ? __fget_files+0x1ce/0x2e0 [16663.208330] ? do_writev+0x100/0x280 [16663.208778] do_writev+0x100/0x280 [16663.209208] ? vfs_writev+0x4f0/0x4f0 [16663.209682] do_syscall_64+0x33/0x40 [16663.210148] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [16663.210786] RIP: 0033:0x7f396ae9499f [16663.211241] Code: 00 00 00 41 54 41 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 33 6c 01 00 44 89 e2 48 89 ee 89 df 41 89 c0 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 6c 6c 01 00 48 [16663.213561] RSP: 002b:00007ffc691459b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 [16663.214480] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f396ae9499f [16663.215378] RDX: 0000000000000002 RSI: 00007ffc691459f0 RDI: 0000000000000004 [16663.216268] RBP: 00007ffc691459f0 R08: 0000000000000000 R09: 00007f396bbc2100 [16663.217148] R10: 000000007fffffff R11: 0000000000000293 R12: 0000000000000002 [16663.218044] R13: 00007ffc69145f80 R14: 0000000000000000 R15: 0000000000000000 [16663.218937] Modules linked in: tun rfkill iTCO_wdt iTCO_vendor_support joydev pcspkr virtio_balloon i2c_i801 i2c_smbus lpc_ich ip_tables xfs libcrc32c crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ahci libahci serio_raw libata virtio_blk virtio_net net_failover virtio_console failover sunrpc dm_mirror dm_region_hash dm_log dm_mod [16663.222886] ---[ end trace 7ff0b93e894b1e70 ]--- [16663.223524] RIP: 0010:subflow_syn_recv_sock+0x716/0x14d0 [16663.224199] Code: 48 c1 ee 03 80 3c 16 00 0f 85 f0 09 00 00 4c 8b 83 88 01 00 00 48 ba 00 00 00 00 00 fc ff df 49 8d 78 12 48 89 fe 48 c1 ee 03 <0f> b6 14 16 48 89 fe 83 e6 07 40 38 f2 7f 32 84 d2 74 2e 48 89 44 [16663.226546] RSP: 0018:ffff888114426f58 EFLAGS: 00010212 [16663.227204] RAX: ffff888114426ff8 RBX: ffff88810e7f5c20 RCX: ffff88810e7f5da8 [16663.228109] RDX: dffffc0000000000 RSI: 0000000000000002 RDI: 0000000000000012 [16663.229022] RBP: ffff8881144271b8 R08: 0000000000000000 R09: ffffed1022884e09 [16663.229911] R10: 0000000000000001 R11: ffffed1022884e08 R12: ffff888121696000 [16663.230832] R13: ffff888108413cc0 R14: ffff8881129cee00 R15: 1ffff11022884df3 [16663.231754] FS: 00007f396bbc2100(0000) GS:ffff888145200000(0000) knlGS:0000000000000000 [16663.232776] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [16663.233498] CR2: 0000000001bf0000 CR3: 0000000113cb6000 CR4: 0000000000350ee0 [16663.234385] Kernel panic - not syncing: Fatal exception in interrupt [16663.238356] Kernel Offset: 0x3a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [16663.239699] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- @Paolo, your analysis is correct: the server responds to the (d)evil inbound "MP_JOIN syn" with a MP_JOIN synack having sender HMAC equal to 0; the 3rd packet triggers the NULL dereference. $ ./scripts/faddr2line vmlinux subflow_syn_recv_sock+0x716 subflow_syn_recv_sock+0x716/0x14d0: inet_sk_state_load at include/net/inet_sock.h:312 (discriminator 1) (inlined by) mptcp_is_fully_established at net/mptcp/protocol.h:495 (discriminator 1) (inlined by) mptcp_can_accept_new_subflow at net/mptcp/subflow.c:59 (discriminator 1) (inlined by) subflow_syn_recv_sock at net/mptcp/subflow.c:547 (discriminator 1)

Thank you Davide, great work! Could you please additionally merge the above drill in the packetdrill repo? I'll cook a patch - that deserve a -net target. Thanks! Paolo

Matthieu Baerts

10:01 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 5/9] mptcp: add port number announced check

Hi Paolo, Davide, On 26/11/2020 10:56, Paolo Abeni wrote:

...

On Wed, 2020-11-25 at 21:33 +0100, Davide Caratti wrote:

(...)

...

> @Paolo, your analysis is correct: the server responds to the (d)evil > inbound "MP_JOIN syn" with a MP_JOIN synack having sender HMAC equal to > 0; the 3rd packet triggers the NULL dereference. > Thank you Davide, great work!

...

Could you please additionally merge the above drill in the packetdrill repo?

Please only merge it in mptcp-net-next when the fix patch is merged in our export branch :) Of course, we can also merge it in another branch or in a special dir -- e.g. "in progress" -- or keep an opened PR! Cheers, Matt -- Tessares | Belgium | Hybrid Access Solutions www.tessares.net

Davide Caratti

10:03 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 5/9] mptcp: add port number announced check

On Thu, 2020-11-26 at 10:56 +0100, Paolo Abeni wrote:

...

On Wed, 2020-11-25 at 21:33 +0100, Davide Caratti wrote: > On Wed, 2020-11-25 at 11:06 +0100, Davide Caratti wrote: > > On Wed, 2020-11-25 at 10:54 +0100, Paolo Abeni wrote: > > > Note: I think this later change is actually an independed bug fix, I > > > fear a peer sending an MP_JOIN with an invalid token will get back an > > > MPJ_SYNACK, while the subflow_req->msk will be cleared. Later > > > in subflow_syn_recv_sock(), we will probably get a NULL ptr dereference > > > in mptcp_can_accept_new_subflow(). > > > > > > @Davide: can we somehow easily check the above with a packet drill? > > > > > > Thanks! > > > > yes I can try that. I'm now looking once again at the MP_JOIN script > > (issue #94) and trying to fix this in a way or another (the problem is > > apparently bad values of [s,c]addr[0,1] in the environment. But at least > > generation of an inbound MP_JOIN SYN should be under control. > > last famous words :) the parsing of "sender_hmac" definetly needs some > "love". > > > I do a > > quicjk tyest and let you know, ok? > > the test was not quick, *but* with a slightly modified packetdrill, > and the following script, > > --tolerance_usecs=100000 > `../common/defaults.sh` > > +0 `../common/server.sh` > > +0.0 socket(..., SOCK_STREAM, IPPROTO_MPTCP) = 3 > +0.0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 > +0.0 fcntl(3, F_GETFL) = 0x2 (flags O_RDWR) > +0.0 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 > > +0 bind(3, ..., ...) = 0 > +0 listen(3, 1) = 0 > > +0.0 < addr[caddr0] > addr[saddr0] S 0:0(0) win 65535 <mss 1460,sackOK,TS val 4074410674 ecr 0,nop,wscale 8,mpcapable v1 flags[flag_h] nokey> > +0.0 > S. 0:0(0) ack 1 <mss 1460,sackOK,TS val 4074410674 ecr 4074410674,nop,wscale 8,mpcapable v1 flags[flag_h] key[skey]> > +0.0 < . 1:1(0) ack 1 win 256 <nop,nop,TS val 4074410674 ecr 4074410674,mpcapable v1 flags[flag_h] key[ckey=2,skey]> > +0 accept(3, ..., ...) = 4 > > +1.0 < P. 1:3(2) ack 1 win 256 <nop,nop,TS val 4074418292 ecr 4074410674,mpcapable v1 flags[flag_h] key[skey,ckey] mpcdatalen 2,nop,nop> > +0.0 > . 1:1(0) ack 3 <nop,nop,TS val 4074418293 ecr 4074418292,add_address addr[saddr1] hmac=auto,dss dack8=3 dll=0 nocs> > > // I'm a bad mp_join syn! > +0.0 < addr[caddr1] > addr[saddr1] S 0:0(0) win 65535 <mss 1460,sackOK,TS val 448955294 ecr 0,nop,wscale 8,mp_join_syn backup=1 address_id=2 token=666 rand=0> > +0.0 > S. 0:0(0) ack 1 <mss 1460,sackOK,TS val 448955294 ecr 448955294,nop,wscale 8,mp_join_syn_ack backup=1 address_id=0 sender_hmac=0> > +0.0 < . 1:1(0) ack 1 win 256 <nop,nop,TS val 448955294 ecr 448955294,mp_join_ack sender_hmac=auto> > > > I was able to reproduce the NULL dereference: > > [16663.161104] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI > [16663.162606] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] > [16663.163562] CPU: 1 PID: 4857 Comm: packetdrill Not tainted 5.10.0-rc4+ #295 > [16663.164425] Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014 > [16663.165562] RIP: 0010:subflow_syn_recv_sock+0x716/0x14d0 > [16663.166243] Code: 48 c1 ee 03 80 3c 16 00 0f 85 f0 09 00 00 4c 8b 83 88 01 00 00 48 ba 00 00 00 00 00 fc ff df 49 8d 78 12 48 89 fe 48 c1 ee 03 <0f> b6 14 16 48 89 fe 83 e6 07 40 38 f2 7f 32 84 d2 74 2e 48 89 44 > [16663.168579] RSP: 0018:ffff888114426f58 EFLAGS: 00010212 > [16663.169237] RAX: ffff888114426ff8 RBX: ffff88810e7f5c20 RCX: ffff88810e7f5da8 > [16663.170133] RDX: dffffc0000000000 RSI: 0000000000000002 RDI: 0000000000000012 > [16663.171041] RBP: ffff8881144271b8 R08: 0000000000000000 R09: ffffed1022884e09 > [16663.171926] R10: 0000000000000001 R11: ffffed1022884e08 R12: ffff888121696000 > [16663.172796] R13: ffff888108413cc0 R14: ffff8881129cee00 R15: 1ffff11022884df3 > [16663.173674] FS: 00007f396bbc2100(0000) GS:ffff888145200000(0000) knlGS:0000000000000000 > [16663.174682] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [16663.175412] CR2: 0000000001bf0000 CR3: 0000000113cb6000 CR4: 0000000000350ee0 > [16663.176283] Call Trace: > [16663.176626] ? __lock_acquire+0xceb/0x3970 > [16663.177150] ? subflow_drop_ctx+0x330/0x330 > [16663.177698] ? kvm_sched_clock_read+0x14/0x30 > [16663.178259] ? sched_clock+0x5/0x10 > [16663.178711] ? find_held_lock+0x3a/0x1c0 > [16663.179208] ? lock_downgrade+0x700/0x700 > [16663.179745] tcp_check_req+0x3e2/0x14e0 > [16663.180232] ? tcp_create_openreq_child+0x14e0/0x14e0 > [16663.180870] ? tcp_v4_inbound_md5_hash+0xdf/0x3a0 > [16663.181475] ? bpf_skb_set_tunnel_opt+0x2d0/0x2d0 > [16663.182080] ? memmove+0x38/0x60 > [16663.182498] tcp_v4_rcv+0x1f90/0x3870 > [16663.182972] ? tcp_v4_early_demux+0x7b0/0x7b0 > [16663.183532] ? rcu_read_lock_sched_held+0x90/0xd0 > [16663.184124] ? rcu_read_lock_sched_held+0xd0/0xd0 > [16663.184722] ? rcu_read_unlock+0x40/0x40 > [16663.185225] ip_protocol_deliver_rcu+0x76/0x6b0 > [16663.185809] ip_local_deliver_finish+0x207/0x300 > [16663.186394] ip_local_deliver+0x19e/0x3f0 > [16663.186908] ? ip_local_deliver_finish+0x300/0x300 > [16663.187518] ? rcu_read_lock_sched_held+0xd0/0xd0 > [16663.188112] ip_rcv+0xce/0x2f0 > [16663.188508] ? ip_local_deliver+0x3f0/0x3f0 > [16663.189035] ? rcu_read_lock_sched_held+0xa1/0xd0 > [16663.189632] ? ip_local_deliver+0x3f0/0x3f0 > [16663.190177] __netif_receive_skb_one_core+0x16a/0x1b0 > [16663.190816] ? __netif_receive_skb_core+0x3380/0x3380 > [16663.191464] ? rcu_read_unlock+0x40/0x40 > [16663.191959] ? lockdep_hardirqs_on_prepare+0x12c/0x3d0 > [16663.192610] ? kvm_clock_get_cycles+0x14/0x20 > [16663.193179] ? ktime_get_with_offset+0xfb/0x1e0 > [16663.193750] netif_receive_skb+0x15b/0x760 > [16663.194274] ? __netif_receive_skb+0x1a0/0x1a0 > [16663.194832] ? lockdep_hardirqs_on_prepare+0x3d0/0x3d0 > [16663.195507] tun_rx_batched.isra.54+0x46f/0x7e0 [tun] > [16663.196148] ? lock_acquire+0x1c8/0x7f0 > [16663.196633] ? tun_set_ebpf+0xe0/0xe0 [tun] > [16663.197160] ? lock_downgrade+0x700/0x700 > [16663.197681] ? rcu_read_unlock+0x40/0x40 > [16663.198187] ? lockdep_hardirqs_on_prepare+0x27c/0x3d0 > [16663.198842] ? __local_bh_enable_ip+0xa5/0xf0 > [16663.199397] tun_get_user+0x256a/0x38a0 [tun] > [16663.199943] ? print_usage_bug+0x1a0/0x1a0 > [16663.200469] ? tun_build_skb.isra.57+0x11a0/0x11a0 [tun] > [16663.201141] ? kvm_sched_clock_read+0x14/0x30 > [16663.201693] ? sched_clock+0x5/0x10 > [16663.202134] ? sched_clock_cpu+0x18/0x170 > [16663.202649] ? find_held_lock+0x3a/0x1c0 > [16663.203149] ? lock_downgrade+0x700/0x700 > [16663.203664] ? rcu_read_lock_sched_held+0xd0/0xd0 > [16663.204254] tun_chr_write_iter+0xb5/0x150 [tun] > [16663.204853] do_iter_readv_writev+0x433/0x6d0 > [16663.205411] ? new_sync_write+0x620/0x620 > [16663.205911] do_iter_write+0x135/0x600 > [16663.206415] ? import_iovec+0x43/0x80 > [16663.206878] vfs_writev+0x150/0x4f0 > [16663.207337] ? vfs_iter_write+0xc0/0xc0 > [16663.207838] ? __fget_files+0x1ce/0x2e0 > [16663.208330] ? do_writev+0x100/0x280 > [16663.208778] do_writev+0x100/0x280 > [16663.209208] ? vfs_writev+0x4f0/0x4f0 > [16663.209682] do_syscall_64+0x33/0x40 > [16663.210148] entry_SYSCALL_64_after_hwframe+0x44/0xa9 > [16663.210786] RIP: 0033:0x7f396ae9499f > [16663.211241] Code: 00 00 00 41 54 41 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 33 6c 01 00 44 89 e2 48 89 ee 89 df 41 89 c0 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 6c 6c 01 00 48 > [16663.213561] RSP: 002b:00007ffc691459b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 > [16663.214480] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f396ae9499f > [16663.215378] RDX: 0000000000000002 RSI: 00007ffc691459f0 RDI: 0000000000000004 > [16663.216268] RBP: 00007ffc691459f0 R08: 0000000000000000 R09: 00007f396bbc2100 > [16663.217148] R10: 000000007fffffff R11: 0000000000000293 R12: 0000000000000002 > [16663.218044] R13: 00007ffc69145f80 R14: 0000000000000000 R15: 0000000000000000 > [16663.218937] Modules linked in: tun rfkill iTCO_wdt iTCO_vendor_support joydev pcspkr virtio_balloon i2c_i801 i2c_smbus lpc_ich ip_tables xfs libcrc32c crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ahci libahci serio_raw libata virtio_blk virtio_net net_failover virtio_console failover sunrpc dm_mirror dm_region_hash dm_log dm_mod > [16663.222886] ---[ end trace 7ff0b93e894b1e70 ]--- > [16663.223524] RIP: 0010:subflow_syn_recv_sock+0x716/0x14d0 > [16663.224199] Code: 48 c1 ee 03 80 3c 16 00 0f 85 f0 09 00 00 4c 8b 83 88 01 00 00 48 ba 00 00 00 00 00 fc ff df 49 8d 78 12 48 89 fe 48 c1 ee 03 <0f> b6 14 16 48 89 fe 83 e6 07 40 38 f2 7f 32 84 d2 74 2e 48 89 44 > [16663.226546] RSP: 0018:ffff888114426f58 EFLAGS: 00010212 > [16663.227204] RAX: ffff888114426ff8 RBX: ffff88810e7f5c20 RCX: ffff88810e7f5da8 > [16663.228109] RDX: dffffc0000000000 RSI: 0000000000000002 RDI: 0000000000000012 > [16663.229022] RBP: ffff8881144271b8 R08: 0000000000000000 R09: ffffed1022884e09 > [16663.229911] R10: 0000000000000001 R11: ffffed1022884e08 R12: ffff888121696000 > [16663.230832] R13: ffff888108413cc0 R14: ffff8881129cee00 R15: 1ffff11022884df3 > [16663.231754] FS: 00007f396bbc2100(0000) GS:ffff888145200000(0000) knlGS:0000000000000000 > [16663.232776] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [16663.233498] CR2: 0000000001bf0000 CR3: 0000000113cb6000 CR4: 0000000000350ee0 > [16663.234385] Kernel panic - not syncing: Fatal exception in interrupt > [16663.238356] Kernel Offset: 0x3a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) > [16663.239699] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- > > > @Paolo, your analysis is correct: the server responds to the (d)evil > inbound "MP_JOIN syn" with a MP_JOIN synack having sender HMAC equal to > 0; the 3rd packet triggers the NULL dereference. > > $ ./scripts/faddr2line vmlinux subflow_syn_recv_sock+0x716 > subflow_syn_recv_sock+0x716/0x14d0: > inet_sk_state_load at include/net/inet_sock.h:312 (discriminator 1) > (inlined by) mptcp_is_fully_established at net/mptcp/protocol.h:495 (discriminator 1) > (inlined by) mptcp_can_accept_new_subflow at net/mptcp/subflow.c:59 (discriminator 1) > (inlined by) subflow_syn_recv_sock at net/mptcp/subflow.c:547 (discriminator 1) Thank you Davide, great work! Could you please additionally merge the above drill in the packetdrill repo?

the above script will probably generate a test failure on the outbound MP_JOIN synack as long as a patched kernel does not crash anymore. What we can do is to add a scenario that verifies the correct behavior _ according to RFC § 3.2: << If the token is unknown or the host wants to refuse subflow establishment (for example, due to a limit on the number of subflows it will permit), the receiver will send back a reset (RST) signal, analogous to an unknown port in TCP, containing an MP_TCPRST option (Section 3.6) with an "MPTCP specific error" reason code. >>

...

I'll cook a patch - that deserve a -net target.

makes sense, thanks! -- davide

Matthieu Baerts

10:06 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 5/9] mptcp: add port number announced check

Hi Davide, On 26/11/2020 11:03, Davide Caratti wrote:

...

For me it would be good to have both but only merge the one you shared when the fix is available :) In general, I think it is good to add all the ones we have to fix issues in the "regression" dir. Even if they are simple or specific to one issue. Cheers, Matt -- Tessares | Belgium | Hybrid Access Solutions www.tessares.net

Paolo Abeni

Wednesday, 25 November Wed, 25 Nov

9:24 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 2/9] mptcp: set the listening socket's subflow

On Wed, 2020-11-25 at 11:01 +0800, Geliang Tang wrote:

...

Why it's needed to this at announce time? Why not at lsk creation time? Probably more related to the previous patch, why lsk is TCP socket instead of an MPTCP one? (I feel the latter would be a more natural choice, but it's just a feeling).

...

+ spin_lock_bh(&msk->pm.lock); + } mptcp_pm_nl_add_addr_send_ack(msk); } } else { diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index f202e22058b5..38001b7b0bf6 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -469,6 +469,7 @@ int __mptcp_subflow_connect(struct sock *sk, const struct mptcp_addr_info *loc, int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock); void mptcp_info2sockaddr(const struct mptcp_addr_info *info, struct sockaddr_storage *addr); +int mptcp_pm_set_listen_socket_subflow(struct sock *sk, struct socket *sf); static inline void mptcp_subflow_tcp_fallback(struct sock *sk, struct mptcp_subflow_context *ctx) diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index d4c136f1e754..6053a88c176f 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1208,6 +1208,43 @@ int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock) return 0; } +int mptcp_pm_set_listen_socket_subflow(struct sock *sk, struct socket *sf) +{ + struct mptcp_subflow_context *subflow; + struct net *net = sock_net(sk); + int err; + + if (!sf) + return -EINVAL; + + lock_sock(sf->sk); + + mptcp_attach_cgroup(sk, sf->sk);

This will likely not work if there are multiple MPTCP sockets using this endpoint. Possibly the cgroup attaching should be done at subflow_syn_recv_sock() time, for the child socket, with some custom code - because it must override the existing cgroup inherited from the listener. /P

Geliang Tang

10:20 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 2/9] mptcp: set the listening socket's subflow

Hi Paolo, Paolo Abeni <pabeni(a)redhat.com> 于2020年11月25日周三下午5:25写道：

...

On Wed, 2020-11-25 at 11:01 +0800, Geliang Tang wrote: > This patch set the subflow context of the listening socket. > > Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> > --- > net/mptcp/pm_netlink.c | 5 +++++ > net/mptcp/protocol.h | 1 + > net/mptcp/subflow.c | 37 +++++++++++++++++++++++++++++++++++++ > 3 files changed, 43 insertions(+) > > diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c > index 0d9a3c77fdf1..39a91fcac403 100644 > --- a/net/mptcp/pm_netlink.c > +++ b/net/mptcp/pm_netlink.c > @@ -330,6 +330,11 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) > if (mptcp_pm_alloc_anno_list(msk, local)) { > msk->pm.add_addr_signaled++; > mptcp_pm_announce_addr(msk, &local->addr, false, local->addr.port); > + if (local->addr.port) { > + spin_unlock_bh(&msk->pm.lock); > + mptcp_pm_set_listen_socket_subflow(sk, local->lsk); Why it's needed to this at announce time? Why not at lsk creation time? Probably more related to the previous patch, why lsk is TCP socket instead of an MPTCP one? (I feel the latter would be a more natural choice, but it's just a feeling).

I think the listening socket lsk is a subsocket. It should be joined to the msk as a subflow. lsk is created in PM netlink as a TCP socket, since this moment, the msk is not created. At announce time, the msk is fully established, here I set up lsk's subflow context, and add it into the msk as a subflow. If lsk is an MPTCP socket, how can it to be joined to the msk? -Geliang > > > + spin_lock_bh(&msk->pm.lock); > > + } > > mptcp_pm_nl_add_addr_send_ack(msk); > > } > > } else { > > diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h > > index f202e22058b5..38001b7b0bf6 100644 > > --- a/net/mptcp/protocol.h > > +++ b/net/mptcp/protocol.h > > @@ -469,6 +469,7 @@ int __mptcp_subflow_connect(struct sock *sk, const struct mptcp_addr_info *loc, > > int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock); > > void mptcp_info2sockaddr(const struct mptcp_addr_info *info, > > struct sockaddr_storage *addr); > > +int mptcp_pm_set_listen_socket_subflow(struct sock *sk, struct socket *sf); > > > > static inline void mptcp_subflow_tcp_fallback(struct sock *sk, > > struct mptcp_subflow_context *ctx) > > diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c > > index d4c136f1e754..6053a88c176f 100644 > > --- a/net/mptcp/subflow.c > > +++ b/net/mptcp/subflow.c > > @@ -1208,6 +1208,43 @@ int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock) > > return 0; > > } > > > > +int mptcp_pm_set_listen_socket_subflow(struct sock *sk, struct socket *sf) > > +{ > > + struct mptcp_subflow_context *subflow; > > + struct net *net = sock_net(sk); > > + int err; > > + > > + if (!sf) > > + return -EINVAL; > > + > > + lock_sock(sf->sk); > > + > > + mptcp_attach_cgroup(sk, sf->sk); > > This will likely not work if there are multiple MPTCP sockets using > this endpoint. > > Possibly the cgroup attaching should be done at subflow_syn_recv_sock() > time, for the child socket, with some custom code - because it must > override the existing cgroup inherited from the listener. > > /P >

Paolo Abeni

12:11 p.m.

New subject: [MPTCP][PATCH v6 mptcp-next 2/9] mptcp: set the listening socket's subflow

On Wed, 2020-11-25 at 18:20 +0800, Geliang Tang wrote:

...

Hi Paolo, Paolo Abeni <pabeni(a)redhat.com> 于2020年11月25日周三下午5:25写道： > On Wed, 2020-11-25 at 11:01 +0800, Geliang Tang wrote: > > This patch set the subflow context of the listening socket. > > > > Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> > > --- > > net/mptcp/pm_netlink.c | 5 +++++ > > net/mptcp/protocol.h | 1 + > > net/mptcp/subflow.c | 37 +++++++++++++++++++++++++++++++++++++ > > 3 files changed, 43 insertions(+) > > > > diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c > > index 0d9a3c77fdf1..39a91fcac403 100644 > > --- a/net/mptcp/pm_netlink.c > > +++ b/net/mptcp/pm_netlink.c > > @@ -330,6 +330,11 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) > > if (mptcp_pm_alloc_anno_list(msk, local)) { > > msk->pm.add_addr_signaled++; > > mptcp_pm_announce_addr(msk, &local->addr, false, local->addr.port); > > + if (local->addr.port) { > > + spin_unlock_bh(&msk->pm.lock); > > + mptcp_pm_set_listen_socket_subflow(sk, local->lsk); > > Why it's needed to this at announce time? Why not at lsk creation time? > Probably more related to the previous patch, why lsk is TCP socket > instead of an MPTCP one? (I feel the latter would be a more natural > choice, but it's just a feeling). I think the listening socket lsk is a subsocket. It should be joined to the msk as a subflow. lsk is created in PM netlink as a TCP socket, since this moment, the msk is not created.

Ah that is the main point! I think quite the opposite: the listening socket *should* be unrelated to any user-created msk, because it's sort of "shared" among all the msk announcing the additional port. The subflow created by the listening sockets at accept time instead should join an existing msk, and that is already done by subflow_syn_recv_sock().

...

At announce time, the msk is fully established, here I set up lsk's subflow context, and add it into the msk as a subflow.

What if another msk annunces the same endpoint?

...

If lsk is an MPTCP socket, how can it to be joined to the msk?

As said, I think the listener subflow should _not_ join any existing user-created msk. Not sure if the above is clear enough, please let me know. Paolo

Mat Martineau

Friday, 4 December Fri, 4 Dec

1:40 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 2/9] mptcp: set the listening socket's subflow

On Wed, 25 Nov 2020, Paolo Abeni wrote:

...

On Wed, 2020-11-25 at 11:01 +0800, Geliang Tang wrote: > This patch set the subflow context of the listening socket. > > Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> > --- > net/mptcp/pm_netlink.c | 5 +++++ > net/mptcp/protocol.h | 1 + > net/mptcp/subflow.c | 37 +++++++++++++++++++++++++++++++++++++ > 3 files changed, 43 insertions(+) > > diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c > index d4c136f1e754..6053a88c176f 100644 > --- a/net/mptcp/subflow.c > +++ b/net/mptcp/subflow.c > @@ -1208,6 +1208,43 @@ int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock) > return 0; > } > > +int mptcp_pm_set_listen_socket_subflow(struct sock *sk, struct socket *sf) > +{ > + struct mptcp_subflow_context *subflow; > + struct net *net = sock_net(sk); > + int err; > + > + if (!sf) > + return -EINVAL; > + > + lock_sock(sf->sk); > + > + mptcp_attach_cgroup(sk, sf->sk); This will likely not work if there are multiple MPTCP sockets using this endpoint. Possibly the cgroup attaching should be done at subflow_syn_recv_sock() time, for the child socket, with some custom code - because it must override the existing cgroup inherited from the listener.

Geliang - I didn't see the cgroup issue addressed in v7, was it not necessary or is there more to figure out to get the child socket attached to the right cgroup? -- Mat Martineau Intel

Geliang Tang

Wednesday, 9 December Wed, 9 Dec

9:11 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 2/9] mptcp: set the listening socket's subflow

Hi Mat, Mat Martineau <mathew.j.martineau(a)linux.intel.com> 于2020年12月4日周五上午9:40写道：

...

On Wed, 25 Nov 2020, Paolo Abeni wrote: > On Wed, 2020-11-25 at 11:01 +0800, Geliang Tang wrote: >> This patch set the subflow context of the listening socket. >> >> Signed-off-by: Geliang Tang <geliangtang(a)gmail.com> >> --- >> net/mptcp/pm_netlink.c | 5 +++++ >> net/mptcp/protocol.h | 1 + >> net/mptcp/subflow.c | 37 +++++++++++++++++++++++++++++++++++++ >> 3 files changed, 43 insertions(+) >> >> diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c >> index d4c136f1e754..6053a88c176f 100644 >> --- a/net/mptcp/subflow.c >> +++ b/net/mptcp/subflow.c >> @@ -1208,6 +1208,43 @@ int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock) >> return 0; >> } >> >> +int mptcp_pm_set_listen_socket_subflow(struct sock *sk, struct socket *sf) >> +{ >> + struct mptcp_subflow_context *subflow; >> + struct net *net = sock_net(sk); >> + int err; >> + >> + if (!sf) >> + return -EINVAL; >> + >> + lock_sock(sf->sk); >> + >> + mptcp_attach_cgroup(sk, sf->sk); > > This will likely not work if there are multiple MPTCP sockets using > this endpoint. > > Possibly the cgroup attaching should be done at subflow_syn_recv_sock() > time, for the child socket, with some custom code - because it must > override the existing cgroup inherited from the listener. > Geliang - I didn't see the cgroup issue addressed in v7, was it not necessary or is there more to figure out to get the child socket attached to the right cgroup?

This patch is dropped in v7 since a MPTCP socket is used in v7, instead of the TCP socket in v6. So no need to deal with the cgroup attaching now. -Geliang > > -- > Mat Martineau > Intel

Paolo Abeni

Wednesday, 25 November Wed, 25 Nov

9:15 a.m.

New subject: [MPTCP][PATCH v6 mptcp-next 1/9] mptcp: create the listening socket for new port

On Wed, 2020-11-25 at 11:01 +0800, Geliang Tang wrote:

...

This should be invoked before calling mptcp_pm_nl_append_new_local_addr(), in case of error mptcp_nl_cmd_add_addr() should fail and the error code should be returned to the caller. Moreover, if mptcp_pm_nl_append_new_local_addr() later fails, we should dispose the listener socket, if present. Also is likely better squash patch 3/9 here, so that after this patch we don't leak the listener socket on endpoint deletion (for a couple of patches only). Cheers, Paolo

564

days inactive

578

days old

mptcp@lists.01.org

Manage subscription

28 comments

5 participants

tags (0)

participants (5)

Davide Caratti
Geliang Tang
Mat Martineau
Matthieu Baerts
Paolo Abeni

2022

2021

2020

2019

2018

2017

[MPTCP][PATCH v6 mptcp-next 0/9] ADD_ADDR: ports support