[PATCH net-next 8/9] net: tcp: store drop reasons in route_req

From: menglong8 . dong
Date: Sat Oct 29 2022 - 09:12:36 EST

Next message: menglong8 . dong: "[PATCH net-next 9/9] net: tcp: use LINUX_MIB_TCPABORTONLINGER in tcp_rcv_state_process()"
Previous message: menglong8 . dong: "[PATCH net-next 7/9] net: tcp: store drop reasons in tcp_rcv_state_process()"
In reply to: menglong8 . dong: "[PATCH net-next 7/9] net: tcp: store drop reasons in tcp_rcv_state_process()"
Next in thread: menglong8 . dong: "[PATCH net-next 9/9] net: tcp: use LINUX_MIB_TCPABORTONLINGER in tcp_rcv_state_process()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Menglong Dong <imagedong@xxxxxxxxxxx>

Add skb drop reasons to tcp_v4_route_req() and tcp_v6_route_req().

And the new reason SKB_DROP_REASON_LSM is added, which is used when
skb is dropped by LSM.

Signed-off-by: Menglong Dong <imagedong@xxxxxxxxxxx>
---
include/net/dropreason.h | 5 +++++
net/ipv4/tcp_ipv4.c | 11 +++++++++--
net/ipv6/tcp_ipv6.c | 11 +++++++++--
3 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/include/net/dropreason.h b/include/net/dropreason.h
index 364811bce63f..a5de00d02213 100644
--- a/include/net/dropreason.h
+++ b/include/net/dropreason.h
@@ -74,6 +74,7 @@
FN(TCP_REQQFULLDROP) \
FN(TCP_ABORTONDATA) \
FN(TCP_ABORTONLINGER) \
+ FN(LSM) \
FNe(MAX)

/**
@@ -336,6 +337,10 @@ enum skb_drop_reason {
* LINUX_MIB_TCPABORTONLINGER
*/
SKB_DROP_REASON_TCP_ABORTONLINGER,
+ /**
+ * @SKB_DROP_REASON_LSM: dropped by LSM
+ */
+ SKB_DROP_REASON_LSM,
/**
* @SKB_DROP_REASON_MAX: the maximum of drop reason, which shouldn't be
* used as a real 'reason'
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index a85bc7483c5a..8fdea8e6207f 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1447,12 +1447,19 @@ static struct dst_entry *tcp_v4_route_req(const struct sock *sk,
struct flowi *fl,
struct request_sock *req)
{
+ struct dst_entry *dst;
+
tcp_v4_init_req(req, sk, skb);

- if (security_inet_conn_request(sk, skb, req))
+ if (security_inet_conn_request(sk, skb, req)) {
+ TCP_SKB_DR(skb, LSM);
return NULL;
+ }

- return inet_csk_route_req(sk, &fl->u.ip4, req);
+ dst = inet_csk_route_req(sk, &fl->u.ip4, req);
+ if (!dst)
+ TCP_SKB_DR(skb, IP_OUTNOROUTES);
+ return dst;
}

struct request_sock_ops tcp_request_sock_ops __read_mostly = {
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 2c2048832714..44c4aa2789d6 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -823,12 +823,19 @@ static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
struct flowi *fl,
struct request_sock *req)
{
+ struct dst_entry *dst;
+
tcp_v6_init_req(req, sk, skb);

- if (security_inet_conn_request(sk, skb, req))
+ if (security_inet_conn_request(sk, skb, req)) {
+ TCP_SKB_DR(skb, LSM);
return NULL;
+ }

- return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
+ dst = inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
+ if (!dst)
+ TCP_SKB_DR(skb, IP_OUTNOROUTES);
+ return dst;
}

struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
--
2.37.2

Next message: menglong8 . dong: "[PATCH net-next 9/9] net: tcp: use LINUX_MIB_TCPABORTONLINGER in tcp_rcv_state_process()"
Previous message: menglong8 . dong: "[PATCH net-next 7/9] net: tcp: store drop reasons in tcp_rcv_state_process()"
In reply to: menglong8 . dong: "[PATCH net-next 7/9] net: tcp: store drop reasons in tcp_rcv_state_process()"
Next in thread: menglong8 . dong: "[PATCH net-next 9/9] net: tcp: use LINUX_MIB_TCPABORTONLINGER in tcp_rcv_state_process()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]