iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e114e1e8ac
linux/net/ipv4
History
Eric Dumazet e114e1e8ac tcp: md5: do not send silly options in SYNCOOKIES 
Whenever cookie_init_timestamp() has been used to encode
ECN,SACK,WSCALE options, we can not remove the TS option in the SYNACK.

Otherwise, tcp_synack_options() will still advertize options like WSCALE
that we can not deduce later when receiving the packet from the client
to complete 3WHS.

Note that modern linux TCP stacks wont use MD5+TS+SACK in a SYN packet,
but we can not know for sure that all TCP stacks have the same logic.

Before the fix a tcpdump would exhibit this wrong exchange :

10:12:15.464591 IP C > S: Flags [S], seq 4202415601, win 65535, options [nop,nop,md5 valid,mss 1400,sackOK,TS val 456965269 ecr 0,nop,wscale 8], length 0
10:12:15.464602 IP S > C: Flags [S.], seq 253516766, ack 4202415602, win 65535, options [nop,nop,md5 valid,mss 1400,nop,nop,sackOK,nop,wscale 8], length 0
10:12:15.464611 IP C > S: Flags [.], ack 1, win 256, options [nop,nop,md5 valid], length 0
10:12:15.464678 IP C > S: Flags [P.], seq 1:13, ack 1, win 256, options [nop,nop,md5 valid], length 12
10:12:15.464685 IP S > C: Flags [.], ack 13, win 65535, options [nop,nop,md5 valid], length 0

After this patch the exchange looks saner :

11:59:59.882990 IP C > S: Flags [S], seq 517075944, win 65535, options [nop,nop,md5 valid,mss 1400,sackOK,TS val 1751508483 ecr 0,nop,wscale 8], length 0
11:59:59.883002 IP S > C: Flags [S.], seq 1902939253, ack 517075945, win 65535, options [nop,nop,md5 valid,mss 1400,sackOK,TS val 1751508479 ecr 1751508483,nop,wscale 8], length 0
11:59:59.883012 IP C > S: Flags [.], ack 1, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508483 ecr 1751508479], length 0
11:59:59.883114 IP C > S: Flags [P.], seq 1:13, ack 1, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508483 ecr 1751508479], length 12
11:59:59.883122 IP S > C: Flags [.], ack 13, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508483 ecr 1751508483], length 0
11:59:59.883152 IP S > C: Flags [P.], seq 1:13, ack 13, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508484 ecr 1751508483], length 12
11:59:59.883170 IP C > S: Flags [.], ack 13, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508484 ecr 1751508484], length 0

Of course, no SACK block will ever be added later, but nothing should break.
Technically, we could remove the 4 nops included in MD5+TS options,
but again some stacks could break seeing not conventional alignment.

Fixes: 4957faade1 ("TCPCT part 1g: Responder Cookie => Initiator")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Florian Westphal <fw@strlen.de>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-07-01 17:36:23 -07:00
..
bpfilter
netfilter netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c. 2020-06-25 00:50:31 +02:00
af_inet.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-05-22 18:30:34 -07:00
ah4.c inet: Use fallthrough; 2020-03-12 15:55:00 -07:00
arp.c inet: Use fallthrough; 2020-03-12 15:55:00 -07:00
bpf_tcp_ca.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-03-30 19:52:37 -07:00
cipso_ipv4.c netlabel: cope with NULL catmap 2020-05-12 18:12:40 -07:00
datagram.c inet: stop leaking jiffies on the wire 2019-11-01 14:57:52 -07:00
devinet.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-31 17:48:46 -07:00
esp4_offload.c net: Add MODULE_DESCRIPTION entries to network modules 2020-06-20 21:33:57 -07:00
esp4.c ESP: Export esp_output_fill_trailer function 2020-02-19 13:52:32 +01:00
fib_frontend.c ipv4: nexthop version of fib_info_nh_uses_dev 2020-05-26 16:06:07 -07:00
fib_lookup.h net: add net available in build_state 2020-03-29 22:30:57 -07:00
fib_notifier.c net: fib_notifier: propagate extack down to the notifier block callback 2019-10-04 11:10:56 -07:00
fib_rules.c net: fib_notifier: propagate extack down to the notifier block callback 2019-10-04 11:10:56 -07:00
fib_semantics.c net: Fix the arp error in some cases 2020-06-18 20:21:51 -07:00
fib_trie.c ipv4: Refactor nhc evaluation in fib_table_lookup 2020-05-26 16:06:07 -07:00
fou.c net: Add MODULE_DESCRIPTION entries to network modules 2020-06-20 21:33:57 -07:00
gre_demux.c gre: fix uninit-value in __iptunnel_pull_header 2020-03-08 21:25:37 -07:00
gre_offload.c net: remove the check argument from __skb_gro_checksum_convert 2020-01-03 12:24:34 -08:00
icmp.c docs: networking: convert ip-sysctl.txt to ReST 2020-04-28 14:40:18 -07:00
igmp.c ip*_mc_gsfget(): lift copyout of struct group_filter into callers 2020-05-20 20:31:27 -04:00
inet_connection_sock.c inet_connection_sock: clear inet_num out of destroy helper 2020-06-04 15:59:56 -07:00
inet_diag.c inet_diag: bc: read cgroup id only for full sockets 2020-05-02 16:42:51 -07:00
inet_fragment.c
inet_hashtables.c tcp/dccp: fix possible race __inet_lookup_established() 2019-12-13 21:40:49 -08:00
inet_timewait_sock.c
inetpeer.c inetpeer: fix data-race in inet_putpeer / inet_putpeer 2019-11-07 16:15:56 -08:00
ip_forward.c
ip_fragment.c
ip_gre.c net: add a new ndo_tunnel_ioctl method 2020-05-19 15:45:11 -07:00
ip_input.c bpf: Add socket assign support 2020-03-30 13:45:04 -07:00
ip_options.c
ip_output.c net: Fix typo of SKB_SGO_CB_OFFSET 2020-03-29 21:53:18 -07:00
ip_sockglue.c ipv4: add ip_sock_set_pktinfo 2020-05-28 11:11:45 -07:00
ip_tunnel_core.c net: ip_tunnel: add header_ops for layer 3 devices 2020-06-30 12:29:39 -07:00
ip_tunnel.c ip_tunnel: fix use-after-free in ip_tunnel_lookup() 2020-06-18 20:12:34 -07:00
ip_vti.c net: vti: implement header_ops->parse_protocol for AF_PACKET 2020-06-30 12:29:39 -07:00
ipcomp.c
ipconfig.c Documentation: nfsroot.rst: Fix references to nfsroot.rst 2020-03-02 13:11:46 -07:00
ipip.c net: ipip: implement header_ops->parse_protocol for AF_PACKET 2020-06-30 12:29:39 -07:00
ipmr_base.c net: fib_notifier: propagate extack down to the notifier block callback 2019-10-04 11:10:56 -07:00
ipmr.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-24 13:47:27 -07:00
Kconfig Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2020-06-19 13:03:47 -07:00
Makefile bpf: Add sockmap hooks for UDP sockets 2020-03-09 22:34:58 +01:00
metrics.c
netfilter.c
netlink.c
nexthop.c nexthop: Fix fdb labeling for groups 2020-06-10 13:18:40 -07:00
ping.c
proc.c mptcp: add and use MIB counter infrastructure 2020-03-29 22:14:49 -07:00
protocol.c
raw_diag.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-12 22:34:48 -07:00
raw.c raw: Add missing annotations to raw_seq_start() and raw_seq_stop() 2020-03-11 23:19:40 -07:00
route.c net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() 2020-06-27 18:02:32 -07:00
syncookies.c mptcp: handle tcp fallback when using syn cookies 2020-01-29 17:45:20 +01:00
sysctl_net_ipv4.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-05-01 17:02:27 -07:00
tcp_bbr.c tcp_bbr: improve arithmetic division in bbr_update_bw() 2020-01-21 10:45:49 +01:00
tcp_bic.c tcp: fix stretch ACK bugs in BIC 2020-03-16 18:26:54 -07:00
tcp_bpf.c bpf: tcp: Recv() should return 0 when the peer socket is closed 2020-06-12 15:10:12 -07:00
tcp_cdg.c
tcp_cong.c bpf: tcp: Support tcp_congestion_ops in bpf 2020-01-09 08:46:18 -08:00
tcp_cubic.c tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT 2020-06-25 16:08:47 -07:00
tcp_dctcp.c
tcp_dctcp.h
tcp_diag.c inet_diag: Move the INET_DIAG_REQ_BYTECODE nlattr to cb->data 2020-02-27 18:50:19 -08:00
tcp_fastopen.c tcp: add TCP_INFO status for failed client TFO 2019-10-25 19:25:37 -07:00
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: don't ignore ECN CWR on pure ACK 2020-06-25 12:20:24 -07:00
tcp_ipv4.c tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers 2020-07-01 17:29:45 -07:00
tcp_lp.c
tcp_metrics.c net-tcp: Disable TCP ssthresh metrics cache by default 2019-12-09 20:17:48 -08:00
tcp_minisocks.c mptcp: add new sock flag to deal with join subflows 2020-05-15 12:30:13 -07:00
tcp_nv.c
tcp_offload.c
tcp_output.c tcp: md5: do not send silly options in SYNCOOKIES 2020-07-01 17:36:23 -07:00
tcp_rate.c
tcp_recovery.c
tcp_scalable.c tcp: fix stretch ACK bugs in Scalable 2020-03-16 18:26:54 -07:00
tcp_timer.c tcp: add tp->dup_ack_counter 2020-04-30 13:24:01 -07:00
tcp_ulp.c bpf: sockmap: Only check ULP for TCP sockets 2020-03-09 22:34:58 +01:00
tcp_vegas.c
tcp_vegas.h
tcp_veno.c tcp: fix stretch ACK bugs in Veno 2020-03-16 18:26:55 -07:00
tcp_westwood.c
tcp_yeah.c tcp: fix stretch ACK bugs in Yeah 2020-03-16 18:26:55 -07:00
tcp.c tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers 2020-07-01 17:29:45 -07:00
tunnel4.c
udp_bpf.c bpf: Add sockmap hooks for UDP sockets 2020-03-09 22:34:58 +01:00
udp_diag.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-12 22:34:48 -07:00
udp_impl.h
udp_offload.c udp: initialize is_flist with 0 in udp_gro_receive 2020-03-30 10:35:03 -07:00
udp_tunnel.c net: Make locking in sock_bindtoindex optional 2020-06-01 14:57:14 -07:00
udp.c xfrm: add support for UDPv6 encapsulation of ESP 2020-04-28 11:28:36 +02:00
udplite.c
xfrm4_input.c xfrm: state: remove extract_input indirection from xfrm_state_afinfo 2020-05-06 09:40:08 +02:00
xfrm4_output.c xfrm: fix unused variable warning if CONFIG_NETFILTER=n 2020-05-11 15:12:27 +02:00
xfrm4_policy.c net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2019-12-24 22:28:54 -08:00
xfrm4_protocol.c xfrm: add route lookup to xfrm4_rcv_encap 2019-12-09 09:59:07 +01:00
xfrm4_state.c xfrm: remove output_finish indirection from xfrm_state_afinfo 2020-05-06 09:40:08 +02:00
xfrm4_tunnel.c