Merge branch 'mptcp-checksums'
Mat Martineau says: ==================== mptcp: Fix checksum byte order on little-endian These patches address a bug in the byte ordering of MPTCP checksums on little-endian architectures. The __sum16 type is always big endian, but was being cast to u16 and then byte-swapped (on little-endian archs) when reading/writing the checksum field in MPTCP option headers. MPTCP checksums are off by default, but are enabled if one or both peers request it in the SYN/SYNACK handshake. The corrected code is verified to interoperate between big-endian and little-endian machines. Patch 1 fixes the checksum byte order, patch 2 partially mitigates interoperation with peers sending bad checksums by falling back to TCP instead of resetting the connection. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
commit
575fb4fb02
|
|
@ -107,7 +107,7 @@ static void mptcp_parse_option(const struct sk_buff *skb,
|
|||
ptr += 2;
|
||||
}
|
||||
if (opsize == TCPOLEN_MPTCP_MPC_ACK_DATA_CSUM) {
|
||||
mp_opt->csum = (__force __sum16)get_unaligned_be16(ptr);
|
||||
mp_opt->csum = get_unaligned((__force __sum16 *)ptr);
|
||||
mp_opt->suboptions |= OPTION_MPTCP_CSUMREQD;
|
||||
ptr += 2;
|
||||
}
|
||||
|
|
@ -221,7 +221,7 @@ static void mptcp_parse_option(const struct sk_buff *skb,
|
|||
|
||||
if (opsize == expected_opsize + TCPOLEN_MPTCP_DSS_CHECKSUM) {
|
||||
mp_opt->suboptions |= OPTION_MPTCP_CSUMREQD;
|
||||
mp_opt->csum = (__force __sum16)get_unaligned_be16(ptr);
|
||||
mp_opt->csum = get_unaligned((__force __sum16 *)ptr);
|
||||
ptr += 2;
|
||||
}
|
||||
|
||||
|
|
@ -1240,7 +1240,7 @@ static void mptcp_set_rwin(const struct tcp_sock *tp)
|
|||
WRITE_ONCE(msk->rcv_wnd_sent, ack_seq);
|
||||
}
|
||||
|
||||
u16 __mptcp_make_csum(u64 data_seq, u32 subflow_seq, u16 data_len, __wsum sum)
|
||||
__sum16 __mptcp_make_csum(u64 data_seq, u32 subflow_seq, u16 data_len, __wsum sum)
|
||||
{
|
||||
struct csum_pseudo_header header;
|
||||
__wsum csum;
|
||||
|
|
@ -1256,15 +1256,25 @@ u16 __mptcp_make_csum(u64 data_seq, u32 subflow_seq, u16 data_len, __wsum sum)
|
|||
header.csum = 0;
|
||||
|
||||
csum = csum_partial(&header, sizeof(header), sum);
|
||||
return (__force u16)csum_fold(csum);
|
||||
return csum_fold(csum);
|
||||
}
|
||||
|
||||
static u16 mptcp_make_csum(const struct mptcp_ext *mpext)
|
||||
static __sum16 mptcp_make_csum(const struct mptcp_ext *mpext)
|
||||
{
|
||||
return __mptcp_make_csum(mpext->data_seq, mpext->subflow_seq, mpext->data_len,
|
||||
~csum_unfold(mpext->csum));
|
||||
}
|
||||
|
||||
static void put_len_csum(u16 len, __sum16 csum, void *data)
|
||||
{
|
||||
__sum16 *sumptr = data + 2;
|
||||
__be16 *ptr = data;
|
||||
|
||||
put_unaligned_be16(len, ptr);
|
||||
|
||||
put_unaligned(csum, sumptr);
|
||||
}
|
||||
|
||||
void mptcp_write_options(__be32 *ptr, const struct tcp_sock *tp,
|
||||
struct mptcp_out_options *opts)
|
||||
{
|
||||
|
|
@ -1340,8 +1350,9 @@ void mptcp_write_options(__be32 *ptr, const struct tcp_sock *tp,
|
|||
put_unaligned_be32(mpext->subflow_seq, ptr);
|
||||
ptr += 1;
|
||||
if (opts->csum_reqd) {
|
||||
put_unaligned_be32(mpext->data_len << 16 |
|
||||
mptcp_make_csum(mpext), ptr);
|
||||
put_len_csum(mpext->data_len,
|
||||
mptcp_make_csum(mpext),
|
||||
ptr);
|
||||
} else {
|
||||
put_unaligned_be32(mpext->data_len << 16 |
|
||||
TCPOPT_NOP << 8 | TCPOPT_NOP, ptr);
|
||||
|
|
@ -1392,11 +1403,12 @@ void mptcp_write_options(__be32 *ptr, const struct tcp_sock *tp,
|
|||
goto mp_capable_done;
|
||||
|
||||
if (opts->csum_reqd) {
|
||||
put_unaligned_be32(opts->data_len << 16 |
|
||||
__mptcp_make_csum(opts->data_seq,
|
||||
opts->subflow_seq,
|
||||
opts->data_len,
|
||||
~csum_unfold(opts->csum)), ptr);
|
||||
put_len_csum(opts->data_len,
|
||||
__mptcp_make_csum(opts->data_seq,
|
||||
opts->subflow_seq,
|
||||
opts->data_len,
|
||||
~csum_unfold(opts->csum)),
|
||||
ptr);
|
||||
} else {
|
||||
put_unaligned_be32(opts->data_len << 16 |
|
||||
TCPOPT_NOP << 8 | TCPOPT_NOP, ptr);
|
||||
|
|
|
|||
|
|
@ -443,7 +443,8 @@ struct mptcp_subflow_context {
|
|||
can_ack : 1, /* only after processing the remote a key */
|
||||
disposable : 1, /* ctx can be free at ulp release time */
|
||||
stale : 1, /* unable to snd/rcv data, do not use for xmit */
|
||||
local_id_valid : 1; /* local_id is correctly initialized */
|
||||
local_id_valid : 1, /* local_id is correctly initialized */
|
||||
valid_csum_seen : 1; /* at least one csum validated */
|
||||
enum mptcp_data_avail data_avail;
|
||||
u32 remote_nonce;
|
||||
u64 thmac;
|
||||
|
|
@ -723,7 +724,7 @@ void mptcp_token_destroy(struct mptcp_sock *msk);
|
|||
void mptcp_crypto_key_sha(u64 key, u32 *token, u64 *idsn);
|
||||
|
||||
void mptcp_crypto_hmac_sha(u64 key1, u64 key2, u8 *msg, int len, void *hmac);
|
||||
u16 __mptcp_make_csum(u64 data_seq, u32 subflow_seq, u16 data_len, __wsum sum);
|
||||
__sum16 __mptcp_make_csum(u64 data_seq, u32 subflow_seq, u16 data_len, __wsum sum);
|
||||
|
||||
void __init mptcp_pm_init(void);
|
||||
void mptcp_pm_data_init(struct mptcp_sock *msk);
|
||||
|
|
|
|||
|
|
@ -888,7 +888,7 @@ static enum mapping_status validate_data_csum(struct sock *ssk, struct sk_buff *
|
|||
{
|
||||
struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
|
||||
u32 offset, seq, delta;
|
||||
u16 csum;
|
||||
__sum16 csum;
|
||||
int len;
|
||||
|
||||
if (!csum_reqd)
|
||||
|
|
@ -955,11 +955,14 @@ static enum mapping_status validate_data_csum(struct sock *ssk, struct sk_buff *
|
|||
subflow->map_data_csum);
|
||||
if (unlikely(csum)) {
|
||||
MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_DATACSUMERR);
|
||||
subflow->send_mp_fail = 1;
|
||||
MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_MPFAILTX);
|
||||
if (subflow->mp_join || subflow->valid_csum_seen) {
|
||||
subflow->send_mp_fail = 1;
|
||||
MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_MPFAILTX);
|
||||
}
|
||||
return subflow->mp_join ? MAPPING_INVALID : MAPPING_DUMMY;
|
||||
}
|
||||
|
||||
subflow->valid_csum_seen = 1;
|
||||
return MAPPING_OK;
|
||||
}
|
||||
|
||||
|
|
@ -1141,6 +1144,18 @@ static void subflow_sched_work_if_closed(struct mptcp_sock *msk, struct sock *ss
|
|||
}
|
||||
}
|
||||
|
||||
static bool subflow_can_fallback(struct mptcp_subflow_context *subflow)
|
||||
{
|
||||
struct mptcp_sock *msk = mptcp_sk(subflow->conn);
|
||||
|
||||
if (subflow->mp_join)
|
||||
return false;
|
||||
else if (READ_ONCE(msk->csum_enabled))
|
||||
return !subflow->valid_csum_seen;
|
||||
else
|
||||
return !subflow->fully_established;
|
||||
}
|
||||
|
||||
static bool subflow_check_data_avail(struct sock *ssk)
|
||||
{
|
||||
struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
|
||||
|
|
@ -1218,7 +1233,7 @@ fallback:
|
|||
return true;
|
||||
}
|
||||
|
||||
if (subflow->mp_join || subflow->fully_established) {
|
||||
if (!subflow_can_fallback(subflow)) {
|
||||
/* fatal protocol error, close the socket.
|
||||
* subflow_error_report() will introduce the appropriate barriers
|
||||
*/
|
||||
|
|
|
|||
Loading…
Reference in New Issue