korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-09-22 12:44:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
e114e1e8ac
linux/net
History
Eric Dumazet e114e1e8ac tcp: md5: do not send silly options in SYNCOOKIES 
Whenever cookie_init_timestamp() has been used to encode
ECN,SACK,WSCALE options, we can not remove the TS option in the SYNACK.

Otherwise, tcp_synack_options() will still advertize options like WSCALE
that we can not deduce later when receiving the packet from the client
to complete 3WHS.

Note that modern linux TCP stacks wont use MD5+TS+SACK in a SYN packet,
but we can not know for sure that all TCP stacks have the same logic.

Before the fix a tcpdump would exhibit this wrong exchange :

10:12:15.464591 IP C > S: Flags [S], seq 4202415601, win 65535, options [nop,nop,md5 valid,mss 1400,sackOK,TS val 456965269 ecr 0,nop,wscale 8], length 0
10:12:15.464602 IP S > C: Flags [S.], seq 253516766, ack 4202415602, win 65535, options [nop,nop,md5 valid,mss 1400,nop,nop,sackOK,nop,wscale 8], length 0
10:12:15.464611 IP C > S: Flags [.], ack 1, win 256, options [nop,nop,md5 valid], length 0
10:12:15.464678 IP C > S: Flags [P.], seq 1:13, ack 1, win 256, options [nop,nop,md5 valid], length 12
10:12:15.464685 IP S > C: Flags [.], ack 13, win 65535, options [nop,nop,md5 valid], length 0

After this patch the exchange looks saner :

11:59:59.882990 IP C > S: Flags [S], seq 517075944, win 65535, options [nop,nop,md5 valid,mss 1400,sackOK,TS val 1751508483 ecr 0,nop,wscale 8], length 0
11:59:59.883002 IP S > C: Flags [S.], seq 1902939253, ack 517075945, win 65535, options [nop,nop,md5 valid,mss 1400,sackOK,TS val 1751508479 ecr 1751508483,nop,wscale 8], length 0
11:59:59.883012 IP C > S: Flags [.], ack 1, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508483 ecr 1751508479], length 0
11:59:59.883114 IP C > S: Flags [P.], seq 1:13, ack 1, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508483 ecr 1751508479], length 12
11:59:59.883122 IP S > C: Flags [.], ack 13, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508483 ecr 1751508483], length 0
11:59:59.883152 IP S > C: Flags [P.], seq 1:13, ack 13, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508484 ecr 1751508483], length 12
11:59:59.883170 IP C > S: Flags [.], ack 13, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508484 ecr 1751508484], length 0

Of course, no SACK block will ever be added later, but nothing should break.
Technically, we could remove the 4 nops included in MD5+TS options,
but again some stacks could break seeing not conventional alignment.

Fixes: 4957faade1 ("TCPCT part 1g: Responder Cookie => Initiator")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Florian Westphal <fw@strlen.de>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-07-01 17:36:23 -07:00
..
6lowpan treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
9p net: Add MODULE_DESCRIPTION entries to network modules 2020-06-20 21:33:57 -07:00
802 net: 802: psnap.c: Use built-in RCU list checking 2020-02-24 13:02:53 -08:00
8021q net: get rid of lockdep_set_class_and_subclass() 2020-06-28 21:37:23 -07:00
appletalk ipv4,appletalk: move SIOCADDRT and SIOCDELRT handling into ->compat_ioctl 2020-05-18 17:35:02 -07:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-06-13 16:27:13 -07:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-24 13:47:27 -07:00
batman-adv net: change addr_list_lock back to static key 2020-06-09 12:59:45 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
bpf bpf: Add tests for PTR_TO_BTF_ID vs. null comparison 2020-06-30 22:21:29 +02:00
bpfilter bpfilter: document build requirements for bpfilter_umh 2020-05-26 00:03:16 +09:00
bridge bridge: mrp: Fix endian conversion and some other warnings 2020-06-28 20:44:10 -07:00
caif treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
can treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ceph libceph: don't omit used_replica in target_copy() 2020-06-16 16:02:08 +02:00
core Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 2020-06-30 14:20:45 -07:00
dcb treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-06-13 16:27:13 -07:00
decnet treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
dns_resolver docs: networking: convert dns_resolver.txt to ReST 2020-04-28 14:39:46 -07:00
dsa dsa: Allow forwarding of redirected IGMP traffic 2020-06-24 14:39:43 -07:00
ethernet net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
ethtool ethtool: fix error handling in linkstate_prepare_data() 2020-06-25 16:17:16 -07:00
hsr hsr: avoid to create proc file after unregister 2020-06-22 20:42:23 -07:00
ieee802154 treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ife net: Fix Kconfig indentation 2019-09-26 08:56:17 +02:00
ipv4 tcp: md5: do not send silly options in SYNCOOKIES 2020-07-01 17:36:23 -07:00
ipv6 net: sit: implement header_ops->parse_protocol for AF_PACKET 2020-06-30 12:29:39 -07:00
iucv net/af_iucv: clean up function prototypes 2020-05-19 12:50:14 -07:00
kcm treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
key
l2tp treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
l3mdev treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
lapb treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
llc llc: make sure applications use ARPHRD_ETHER 2020-06-28 21:41:23 -07:00
mac80211 mac80211: allow rx of mesh eapol frames with default rx key 2020-06-25 12:55:45 +02:00
mac802154 treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mpls treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mptcp mptcp: drop sndr_key in mptcp_syn_options 2020-06-22 21:06:39 -07:00
ncsi treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
netfilter netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
netlabel treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
netlink genetlink: remove genl_bind 2020-07-01 15:49:11 -07:00
netrom net: change addr_list_lock back to static key 2020-06-09 12:59:45 -07:00
nfc treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
nsh treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
openvswitch openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len 2020-06-24 14:34:58 -07:00
packet treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
phonet sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
psample net: psample: fix build error when CONFIG_INET is not enabled 2020-05-23 16:36:05 -07:00
qrtr net: qrtr: Fix an out of bounds read qrtr_endpoint_post() 2020-06-30 18:36:13 -07:00
rds rds: If one path needs re-connection, check all and re-connect 2020-07-01 17:35:17 -07:00
rfkill rfkill: Fix incorrect check to avoid NULL pointer dereference 2019-12-16 10:15:49 +01:00
rose net: change addr_list_lock back to static key 2020-06-09 12:59:45 -07:00
rxrpc rxrpc: Fix notification call on completion of discarded calls 2020-06-20 21:31:43 -07:00
sched sch_cake: fix a few style nits 2020-06-25 16:24:05 -07:00
sctp sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket 2020-06-25 16:11:33 -07:00
smc treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
strparser
sunrpc NFS Client Updates for Linux 5.8 2020-06-11 12:22:41 -07:00
switchdev treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-06-13 16:27:13 -07:00
tls treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
unix treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
vmw_vsock vsock/vmci: make vmci_vsock_transport_cb() static 2020-06-05 13:18:26 -07:00
wimax
wireless nl80211: fix memory leak when parsing NL80211_ATTR_HE_BSS_COLOR 2020-06-26 11:52:57 +02:00
x25 treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
xdp xsk: Use dma_need_sync instead of reimplenting it 2020-06-30 15:44:03 +02:00
xfrm net: xfrmi: implement header_ops->parse_protocol for AF_PACKET 2020-06-30 12:29:39 -07:00
compat.c switch cmsghdr_from_user_compat_to_kern() to copy_from_user() 2020-06-01 12:05:45 -07:00
devres.c net: devres: provide devm_register_netdev() 2020-05-23 16:56:17 -07:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
socket.c net: remove kernel_setsockopt 2020-05-29 13:10:39 -07:00
sysctl_net.c