Commit 11f46ea9 authored by Jason Xing's avatar Jason Xing Committed by Jakub Kicinski

tcp: rstreason: fully support in tcp_check_req()

We're going to send an RST due to invalid syn packet which is already
checked whether 1) it is in sequence, 2) it is a retransmitted skb.

As RFC 793 says, if the state of socket is not CLOSED/LISTEN/SYN-SENT,
then we should send an RST when receiving bad syn packet:
"fourth, check the SYN bit,...If the SYN is in the window it is an
error, send a reset"
Signed-off-by: default avatarJason Xing <kernelxing@tencent.com>
Link: https://lore.kernel.org/r/20240510122502.27850-6-kerneljasonxing@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 22a32557
...@@ -16,6 +16,7 @@ ...@@ -16,6 +16,7 @@
FN(TCP_OLD_ACK) \ FN(TCP_OLD_ACK) \
FN(TCP_ABORT_ON_DATA) \ FN(TCP_ABORT_ON_DATA) \
FN(TCP_TIMEWAIT_SOCKET) \ FN(TCP_TIMEWAIT_SOCKET) \
FN(INVALID_SYN) \
FN(MPTCP_RST_EUNSPEC) \ FN(MPTCP_RST_EUNSPEC) \
FN(MPTCP_RST_EMPTCP) \ FN(MPTCP_RST_EMPTCP) \
FN(MPTCP_RST_ERESOURCE) \ FN(MPTCP_RST_ERESOURCE) \
...@@ -76,6 +77,13 @@ enum sk_rst_reason { ...@@ -76,6 +77,13 @@ enum sk_rst_reason {
/* Here start with the independent reasons */ /* Here start with the independent reasons */
/** @SK_RST_REASON_TCP_TIMEWAIT_SOCKET: happen on the timewait socket */ /** @SK_RST_REASON_TCP_TIMEWAIT_SOCKET: happen on the timewait socket */
SK_RST_REASON_TCP_TIMEWAIT_SOCKET, SK_RST_REASON_TCP_TIMEWAIT_SOCKET,
/**
* @SK_RST_REASON_INVALID_SYN: receive bad syn packet
* RFC 793 says if the state is not CLOSED/LISTEN/SYN-SENT then
* "fourth, check the SYN bit,...If the SYN is in the window it is
* an error, send a reset"
*/
SK_RST_REASON_INVALID_SYN,
/* Copy from include/uapi/linux/mptcp.h. /* Copy from include/uapi/linux/mptcp.h.
* These reset fields will not be changed since they adhere to * These reset fields will not be changed since they adhere to
......
...@@ -879,7 +879,7 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb, ...@@ -879,7 +879,7 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
* avoid becoming vulnerable to outside attack aiming at * avoid becoming vulnerable to outside attack aiming at
* resetting legit local connections. * resetting legit local connections.
*/ */
req->rsk_ops->send_reset(sk, skb, SK_RST_REASON_NOT_SPECIFIED); req->rsk_ops->send_reset(sk, skb, SK_RST_REASON_INVALID_SYN);
} else if (fastopen) { /* received a valid RST pkt */ } else if (fastopen) { /* received a valid RST pkt */
reqsk_fastopen_remove(sk, req, true); reqsk_fastopen_remove(sk, req, true);
tcp_reset(sk, skb); tcp_reset(sk, skb);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment