From b3e982d627858532845726cb1af59c4fa847a101 Mon Sep 17 00:00:00 2001 From: Matthieu Baerts Date: Fri, 11 Jun 2021 16:34:00 +0200 Subject: [PATCH 01/17] tg create t/mptcp-add-sysctl-allow_join_initial_addr_port base --- .topdeps | 1 - .topmsg | 22 ---------------------- 2 files changed, 23 deletions(-) delete mode 100644 .topdeps delete mode 100644 .topmsg diff --git a/.topdeps b/.topdeps deleted file mode 100644 index 883363c75b147..0000000000000 --- a/.topdeps +++ /dev/null @@ -1 +0,0 @@ -t/mptcp-add-MIB-counter-for-invalid-mapping diff --git a/.topmsg b/.topmsg deleted file mode 100644 index 89aedf22c6209..0000000000000 --- a/.topmsg +++ /dev/null @@ -1,22 +0,0 @@ -From: Matthieu Baerts -Subject: [PATCH] selftests: mptcp: display proper reason to abort tests - -Without this modification, we were often displaying this error messages: - - FAIL: Could not even run loopback test - -But $ret could have been set to a non 0 value in many different cases: - -- net.mptcp.enabled=0 is not working as expected -- setsockopt(..., TCP_ULP, "mptcp", ...) is allowed -- ping between each netns are failing -- tests between ns1 as a receiver and ns>1 are failing -- other tests not involving ns1 as a receiver are failing - -So not only for the loopback test. - -Now a clearer message, including the time it took to run all tests, is -displayed. - -Reviewed-by: Mat Martineau -Signed-off-by: Matthieu Baerts From 6fe2c733a8acbbcf8eb9a89aa372be50ed369180 Mon Sep 17 00:00:00 2001 From: Matthieu Baerts Date: Fri, 11 Jun 2021 16:34:00 +0200 Subject: [PATCH 02/17] tg create t/mptcp-add-sysctl-allow_join_initial_addr_port --- .topdeps | 1 + .topmsg | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 .topdeps create mode 100644 .topmsg diff --git a/.topdeps b/.topdeps new file mode 100644 index 0000000000000..7a8d5b64e84bd --- /dev/null +++ b/.topdeps @@ -0,0 +1 @@ +t/selftests-mptcp-display-proper-reason-to-abort-tests diff --git a/.topmsg b/.topmsg new file mode 100644 index 0000000000000..f35ff043708cd --- /dev/null +++ b/.topmsg @@ -0,0 +1,4 @@ +From: Matthieu Baerts +Subject: [PATCH] t/mptcp-add-sysctl-allow_join_initial_addr_port + +Signed-off-by: Matthieu Baerts From 7628313f74508580507fab7d7339db527159a24b Mon Sep 17 00:00:00 2001 From: Matthieu Baerts Date: Fri, 11 Jun 2021 16:34:01 +0200 Subject: [PATCH 03/17] tg import create t/mptcp-add-sysctl-allow_join_initial_addr_port --- .topmsg | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.topmsg b/.topmsg index f35ff043708cd..1db74db6db181 100644 --- a/.topmsg +++ b/.topmsg @@ -1,4 +1,11 @@ -From: Matthieu Baerts -Subject: [PATCH] t/mptcp-add-sysctl-allow_join_initial_addr_port +From: Geliang Tang +Subject: [PATCH] mptcp: add sysctl allow_join_initial_addr_port -Signed-off-by: Matthieu Baerts +This patch added a new sysctl, named allow_join_initial_addr_port, to +control whether allow peers to send join requests to the IP address and +port number used by the initial subflow. + +Suggested-by: Florian Westphal +Reviewed-by: Mat Martineau +Acked-by: Paolo Abeni +Signed-off-by: Geliang Tang From 02acfcf0689f48701e47ffa26a8f6535c65d9046 Mon Sep 17 00:00:00 2001 From: Geliang Tang Date: Tue, 25 May 2021 17:17:03 +0800 Subject: [PATCH 04/17] mptcp: add sysctl allow_join_initial_addr_port This patch added a new sysctl, named allow_join_initial_addr_port, to control whether allow peers to send join requests to the IP address and port number used by the initial subflow. Suggested-by: Florian Westphal Reviewed-by: Mat Martineau Acked-by: Paolo Abeni Signed-off-by: Geliang Tang --- Documentation/networking/mptcp-sysctl.rst | 13 +++++++++++++ net/mptcp/ctrl.c | 16 ++++++++++++++++ net/mptcp/protocol.h | 1 + 3 files changed, 30 insertions(+) diff --git a/Documentation/networking/mptcp-sysctl.rst b/Documentation/networking/mptcp-sysctl.rst index ee06fd782465a..76d939e688b84 100644 --- a/Documentation/networking/mptcp-sysctl.rst +++ b/Documentation/networking/mptcp-sysctl.rst @@ -32,3 +32,16 @@ checksum_enabled - BOOLEAN per-namespace sysctl. Default: 0 + +allow_join_initial_addr_port - BOOLEAN + Allow peers to send join requests to the IP address and port number used + by the initial subflow if the value is 1. This controls a flag that is + sent to the peer at connection time, and whether such join requests are + accepted or denied. + + Joins to addresses advertised with ADD_ADDR are not affected by this + value. + + This is a per-namespace sysctl. + + Default: 1 diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index 6c2639bb9c19f..7d738bd06f2c9 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -24,6 +24,7 @@ struct mptcp_pernet { u8 mptcp_enabled; unsigned int add_addr_timeout; u8 checksum_enabled; + u8 allow_join_initial_addr_port; }; static struct mptcp_pernet *mptcp_get_pernet(struct net *net) @@ -46,11 +47,17 @@ int mptcp_is_checksum_enabled(struct net *net) return mptcp_get_pernet(net)->checksum_enabled; } +int mptcp_allow_join_id0(struct net *net) +{ + return mptcp_get_pernet(net)->allow_join_initial_addr_port; +} + static void mptcp_pernet_set_defaults(struct mptcp_pernet *pernet) { pernet->mptcp_enabled = 1; pernet->add_addr_timeout = TCP_RTO_MAX; pernet->checksum_enabled = 0; + pernet->allow_join_initial_addr_port = 1; } #ifdef CONFIG_SYSCTL @@ -80,6 +87,14 @@ static struct ctl_table mptcp_sysctl_table[] = { .extra1 = SYSCTL_ZERO, .extra2 = SYSCTL_ONE }, + { + .procname = "allow_join_initial_addr_port", + .maxlen = sizeof(u8), + .mode = 0644, + .proc_handler = proc_dou8vec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = SYSCTL_ONE + }, {} }; @@ -98,6 +113,7 @@ static int mptcp_pernet_new_table(struct net *net, struct mptcp_pernet *pernet) table[0].data = &pernet->mptcp_enabled; table[1].data = &pernet->add_addr_timeout; table[2].data = &pernet->checksum_enabled; + table[3].data = &pernet->allow_join_initial_addr_port; hdr = register_net_sysctl(net, MPTCP_SYSCTL_PATH, table); if (!hdr) diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 160c2ab09f194..9aab5fb547164 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -540,6 +540,7 @@ static inline void mptcp_subflow_delegated_done(struct mptcp_subflow_context *su int mptcp_is_enabled(struct net *net); unsigned int mptcp_get_add_addr_timeout(struct net *net); int mptcp_is_checksum_enabled(struct net *net); +int mptcp_allow_join_id0(struct net *net); void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow, struct mptcp_options_received *mp_opt); bool mptcp_subflow_data_available(struct sock *sk); From 0812d0b6b94b680ae2f04b555539a467ce4bfc45 Mon Sep 17 00:00:00 2001 From: Matthieu Baerts Date: Fri, 11 Jun 2021 16:34:03 +0200 Subject: [PATCH 05/17] tg create t/mptcp-add-allow_join_id0-in-mptcp_out_options base --- .topdeps | 1 - .topmsg | 11 ----------- 2 files changed, 12 deletions(-) delete mode 100644 .topdeps delete mode 100644 .topmsg diff --git a/.topdeps b/.topdeps deleted file mode 100644 index 7a8d5b64e84bd..0000000000000 --- a/.topdeps +++ /dev/null @@ -1 +0,0 @@ -t/selftests-mptcp-display-proper-reason-to-abort-tests diff --git a/.topmsg b/.topmsg deleted file mode 100644 index 1db74db6db181..0000000000000 --- a/.topmsg +++ /dev/null @@ -1,11 +0,0 @@ -From: Geliang Tang -Subject: [PATCH] mptcp: add sysctl allow_join_initial_addr_port - -This patch added a new sysctl, named allow_join_initial_addr_port, to -control whether allow peers to send join requests to the IP address and -port number used by the initial subflow. - -Suggested-by: Florian Westphal -Reviewed-by: Mat Martineau -Acked-by: Paolo Abeni -Signed-off-by: Geliang Tang From 157e3e901aa1012711c6f28c076352902465a91b Mon Sep 17 00:00:00 2001 From: Matthieu Baerts Date: Fri, 11 Jun 2021 16:34:03 +0200 Subject: [PATCH 06/17] tg create t/mptcp-add-allow_join_id0-in-mptcp_out_options --- .topdeps | 1 + .topmsg | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 .topdeps create mode 100644 .topmsg diff --git a/.topdeps b/.topdeps new file mode 100644 index 0000000000000..a0f917889748a --- /dev/null +++ b/.topdeps @@ -0,0 +1 @@ +t/mptcp-add-sysctl-allow_join_initial_addr_port diff --git a/.topmsg b/.topmsg new file mode 100644 index 0000000000000..3dd1622a37ae3 --- /dev/null +++ b/.topmsg @@ -0,0 +1,4 @@ +From: Matthieu Baerts +Subject: [PATCH] t/mptcp-add-allow_join_id0-in-mptcp_out_options + +Signed-off-by: Matthieu Baerts From a0a6fcc601f13b7056d326ad04a41482e1a38e70 Mon Sep 17 00:00:00 2001 From: Matthieu Baerts Date: Fri, 11 Jun 2021 16:34:04 +0200 Subject: [PATCH 07/17] tg import create t/mptcp-add-allow_join_id0-in-mptcp_out_options --- .topmsg | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.topmsg b/.topmsg index 3dd1622a37ae3..ea5f08be2acbe 100644 --- a/.topmsg +++ b/.topmsg @@ -1,4 +1,12 @@ -From: Matthieu Baerts -Subject: [PATCH] t/mptcp-add-allow_join_id0-in-mptcp_out_options +From: Geliang Tang +Subject: [PATCH] mptcp: add allow_join_id0 in mptcp_out_options -Signed-off-by: Matthieu Baerts +This patch defined a new flag MPTCP_CAP_DENY_JOIN_ID0 for the third bit, +labeled "C" of the MP_CAPABLE option. + +Add a new flag allow_join_id0 in struct mptcp_out_options. If this flag is +set, send out the MP_CAPABLE option with the flag MPTCP_CAP_DENY_JOIN_ID0. + +Reviewed-by: Mat Martineau +Acked-by: Paolo Abeni +Signed-off-by: Geliang Tang From cd1b6f6c2d8cc8d3315d38e3a54d25954bf0c14b Mon Sep 17 00:00:00 2001 From: Geliang Tang Date: Tue, 25 May 2021 17:17:04 +0800 Subject: [PATCH 08/17] mptcp: add allow_join_id0 in mptcp_out_options This patch defined a new flag MPTCP_CAP_DENY_JOIN_ID0 for the third bit, labeled "C" of the MP_CAPABLE option. Add a new flag allow_join_id0 in struct mptcp_out_options. If this flag is set, send out the MP_CAPABLE option with the flag MPTCP_CAP_DENY_JOIN_ID0. Reviewed-by: Mat Martineau Acked-by: Paolo Abeni Signed-off-by: Geliang Tang --- include/net/mptcp.h | 3 ++- net/mptcp/options.c | 6 ++++++ net/mptcp/protocol.h | 6 ++++-- net/mptcp/subflow.c | 1 + 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/include/net/mptcp.h b/include/net/mptcp.h index d61bbbf119792..cb580b06152f8 100644 --- a/include/net/mptcp.h +++ b/include/net/mptcp.h @@ -67,7 +67,8 @@ struct mptcp_out_options { u8 backup; u8 reset_reason:4, reset_transient:1, - csum_reqd:1; + csum_reqd:1, + allow_join_id0:1; u32 nonce; u64 thmac; u32 token; diff --git a/net/mptcp/options.c b/net/mptcp/options.c index 25189595ed1d7..7a4b6d0bf3f60 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -402,6 +402,7 @@ bool mptcp_syn_options(struct sock *sk, const struct sk_buff *skb, if (subflow->request_mptcp) { opts->suboptions = OPTION_MPTCP_MPC_SYN; opts->csum_reqd = mptcp_is_checksum_enabled(sock_net(sk)); + opts->allow_join_id0 = mptcp_allow_join_id0(sock_net(sk)); *size = TCPOLEN_MPTCP_MPC_SYN; return true; } else if (subflow->request_join) { @@ -490,6 +491,7 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb, opts->sndr_key = subflow->local_key; opts->rcvr_key = subflow->remote_key; opts->csum_reqd = READ_ONCE(msk->csum_enabled); + opts->allow_join_id0 = mptcp_allow_join_id0(sock_net(sk)); /* Section 3.1. * The MP_CAPABLE option is carried on the SYN, SYN/ACK, and ACK @@ -827,6 +829,7 @@ bool mptcp_synack_options(const struct request_sock *req, unsigned int *size, opts->suboptions = OPTION_MPTCP_MPC_SYNACK; opts->sndr_key = subflow_req->local_key; opts->csum_reqd = subflow_req->csum_reqd; + opts->allow_join_id0 = subflow_req->allow_join_id0; *size = TCPOLEN_MPTCP_MPC_SYNACK; pr_debug("subflow_req=%p, local_key=%llu", subflow_req, subflow_req->local_key); @@ -1201,6 +1204,9 @@ void mptcp_write_options(__be32 *ptr, const struct tcp_sock *tp, if (opts->csum_reqd) flag |= MPTCP_CAP_CHECKSUM_REQD; + if (!opts->allow_join_id0) + flag |= MPTCP_CAP_DENY_JOIN_ID0; + *ptr++ = mptcp_option(MPTCPOPT_MP_CAPABLE, len, MPTCP_SUPPORTED_VERSION, flag); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 9aab5fb547164..f2326f6074b94 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -79,8 +79,9 @@ #define MPTCP_VERSION_MASK (0x0F) #define MPTCP_CAP_CHECKSUM_REQD BIT(7) #define MPTCP_CAP_EXTENSIBILITY BIT(6) +#define MPTCP_CAP_DENY_JOIN_ID0 BIT(5) #define MPTCP_CAP_HMAC_SHA256 BIT(0) -#define MPTCP_CAP_FLAG_MASK (0x3F) +#define MPTCP_CAP_FLAG_MASK (0x1F) /* MPTCP DSS flags */ #define MPTCP_DSS_DATA_FIN BIT(4) @@ -350,7 +351,8 @@ struct mptcp_subflow_request_sock { u16 mp_capable : 1, mp_join : 1, backup : 1, - csum_reqd : 1; + csum_reqd : 1, + allow_join_id0 : 1; u8 local_id; u8 remote_id; u64 local_key; diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 585951e7e52fd..e9e8ce862218f 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -109,6 +109,7 @@ static void subflow_init_req(struct request_sock *req, const struct sock *sk_lis subflow_req->mp_capable = 0; subflow_req->mp_join = 0; subflow_req->csum_reqd = mptcp_is_checksum_enabled(sock_net(sk_listener)); + subflow_req->allow_join_id0 = mptcp_allow_join_id0(sock_net(sk_listener)); subflow_req->msk = NULL; mptcp_token_init_request(req); } From 4b67e0617ea81beac300a88cd6acadc85f10b89e Mon Sep 17 00:00:00 2001 From: Matthieu Baerts Date: Fri, 11 Jun 2021 16:34:06 +0200 Subject: [PATCH 09/17] tg create t/mptcp-add-deny_join_id0-in-mptcp_options_received base --- .topdeps | 1 - .topmsg | 12 ------------ 2 files changed, 13 deletions(-) delete mode 100644 .topdeps delete mode 100644 .topmsg diff --git a/.topdeps b/.topdeps deleted file mode 100644 index a0f917889748a..0000000000000 --- a/.topdeps +++ /dev/null @@ -1 +0,0 @@ -t/mptcp-add-sysctl-allow_join_initial_addr_port diff --git a/.topmsg b/.topmsg deleted file mode 100644 index ea5f08be2acbe..0000000000000 --- a/.topmsg +++ /dev/null @@ -1,12 +0,0 @@ -From: Geliang Tang -Subject: [PATCH] mptcp: add allow_join_id0 in mptcp_out_options - -This patch defined a new flag MPTCP_CAP_DENY_JOIN_ID0 for the third bit, -labeled "C" of the MP_CAPABLE option. - -Add a new flag allow_join_id0 in struct mptcp_out_options. If this flag is -set, send out the MP_CAPABLE option with the flag MPTCP_CAP_DENY_JOIN_ID0. - -Reviewed-by: Mat Martineau -Acked-by: Paolo Abeni -Signed-off-by: Geliang Tang From 1a95d9324e99995e96a188c07475586163757aff Mon Sep 17 00:00:00 2001 From: Matthieu Baerts Date: Fri, 11 Jun 2021 16:34:07 +0200 Subject: [PATCH 10/17] tg create t/mptcp-add-deny_join_id0-in-mptcp_options_received --- .topdeps | 1 + .topmsg | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 .topdeps create mode 100644 .topmsg diff --git a/.topdeps b/.topdeps new file mode 100644 index 0000000000000..a764042cd94a6 --- /dev/null +++ b/.topdeps @@ -0,0 +1 @@ +t/mptcp-add-allow_join_id0-in-mptcp_out_options diff --git a/.topmsg b/.topmsg new file mode 100644 index 0000000000000..7131313c1b049 --- /dev/null +++ b/.topmsg @@ -0,0 +1,4 @@ +From: Matthieu Baerts +Subject: [PATCH] t/mptcp-add-deny_join_id0-in-mptcp_options_received + +Signed-off-by: Matthieu Baerts From 6827b9ff351e156848b08af489be2322d010e75d Mon Sep 17 00:00:00 2001 From: Matthieu Baerts Date: Fri, 11 Jun 2021 16:34:07 +0200 Subject: [PATCH 11/17] tg import create t/mptcp-add-deny_join_id0-in-mptcp_options_received --- .topmsg | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/.topmsg b/.topmsg index 7131313c1b049..bbd9970fe94df 100644 --- a/.topmsg +++ b/.topmsg @@ -1,4 +1,17 @@ -From: Matthieu Baerts -Subject: [PATCH] t/mptcp-add-deny_join_id0-in-mptcp_options_received +From: Geliang Tang +Subject: [PATCH] mptcp: add deny_join_id0 in mptcp_options_received -Signed-off-by: Matthieu Baerts +This patch added a new flag named deny_join_id0 in struct +mptcp_options_received. Set it when MP_CAPABLE with the flag +MPTCP_CAP_DENYJOIN_ID0 is received. + +Also add a new flag remote_deny_join_id0 in struct mptcp_pm_data. When the +flag deny_join_id0 is set, set this remote_deny_join_id0 flag. + +In mptcp_pm_create_subflow_or_signal_addr, if the remote_deny_join_id0 flag +is set, and the remote address id is zero, stop this connection. + +Suggested-by: Florian Westphal +Reviewed-by: Mat Martineau +Acked-by: Paolo Abeni +Signed-off-by: Geliang Tang From ef3b48916d09144c36d065c9c01338f1425283f4 Mon Sep 17 00:00:00 2001 From: Geliang Tang Date: Tue, 25 May 2021 17:17:05 +0800 Subject: [PATCH 12/17] mptcp: add deny_join_id0 in mptcp_options_received This patch added a new flag named deny_join_id0 in struct mptcp_options_received. Set it when MP_CAPABLE with the flag MPTCP_CAP_DENYJOIN_ID0 is received. Also add a new flag remote_deny_join_id0 in struct mptcp_pm_data. When the flag deny_join_id0 is set, set this remote_deny_join_id0 flag. In mptcp_pm_create_subflow_or_signal_addr, if the remote_deny_join_id0 flag is set, and the remote address id is zero, stop this connection. Suggested-by: Florian Westphal Reviewed-by: Mat Martineau Acked-by: Paolo Abeni Signed-off-by: Geliang Tang --- net/mptcp/options.c | 6 ++++++ net/mptcp/pm.c | 1 + net/mptcp/pm_netlink.c | 3 ++- net/mptcp/protocol.h | 4 +++- net/mptcp/subflow.c | 2 ++ 5 files changed, 14 insertions(+), 2 deletions(-) diff --git a/net/mptcp/options.c b/net/mptcp/options.c index 7a4b6d0bf3f60..d872b983a849d 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -83,6 +83,9 @@ static void mptcp_parse_option(const struct sk_buff *skb, if (flags & MPTCP_CAP_CHECKSUM_REQD) mp_opt->csum_reqd = 1; + if (flags & MPTCP_CAP_DENY_JOIN_ID0) + mp_opt->deny_join_id0 = 1; + mp_opt->mp_capable = 1; if (opsize >= TCPOLEN_MPTCP_MPC_SYNACK) { mp_opt->sndr_key = get_unaligned_be64(ptr); @@ -360,6 +363,7 @@ void mptcp_get_options(const struct sock *sk, mp_opt->mp_prio = 0; mp_opt->reset = 0; mp_opt->csum_reqd = READ_ONCE(msk->csum_enabled); + mp_opt->deny_join_id0 = 0; length = (th->doff * 4) - sizeof(struct tcphdr); ptr = (const unsigned char *)(th + 1); @@ -1049,6 +1053,8 @@ void mptcp_incoming_options(struct sock *sk, struct sk_buff *skb) } mptcp_get_options(sk, skb, &mp_opt); + if (mp_opt.deny_join_id0) + WRITE_ONCE(msk->pm.remote_deny_join_id0, true); if (!check_fully_established(msk, sk, subflow, skb, &mp_opt)) return; diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 9d00fa6d22e91..639271e09604a 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -320,6 +320,7 @@ void mptcp_pm_data_init(struct mptcp_sock *msk) WRITE_ONCE(msk->pm.addr_signal, 0); WRITE_ONCE(msk->pm.accept_addr, false); WRITE_ONCE(msk->pm.accept_subflow, false); + WRITE_ONCE(msk->pm.remote_deny_join_id0, false); msk->pm.status = 0; spin_lock_init(&msk->pm.lock); diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index d4732a4f223e3..d2591ebf01d93 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -451,7 +451,8 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) /* check if should create a new subflow */ if (msk->pm.local_addr_used < local_addr_max && - msk->pm.subflows < subflows_max) { + msk->pm.subflows < subflows_max && + !READ_ONCE(msk->pm.remote_deny_join_id0)) { local = select_local_address(pernet, msk); if (local) { struct mptcp_addr_info remote = { 0 }; diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index f2326f6074b94..f4eaa5f57e3f0 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -138,7 +138,8 @@ struct mptcp_options_received { mp_prio : 1, echo : 1, csum_reqd : 1, - backup : 1; + backup : 1, + deny_join_id0 : 1; u32 token; u32 nonce; u64 thmac; @@ -193,6 +194,7 @@ struct mptcp_pm_data { bool work_pending; bool accept_addr; bool accept_subflow; + bool remote_deny_join_id0; u8 add_addr_signaled; u8 add_addr_accepted; u8 local_addr_used; diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index e9e8ce862218f..d55f4ef736a50 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -408,6 +408,8 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) if (mp_opt.csum_reqd) WRITE_ONCE(mptcp_sk(parent)->csum_enabled, true); + if (mp_opt.deny_join_id0) + WRITE_ONCE(mptcp_sk(parent)->pm.remote_deny_join_id0, true); subflow->mp_capable = 1; subflow->can_ack = 1; subflow->remote_key = mp_opt.sndr_key; From 1a3fd3bb15d84a50f54cd3e3c1a490ab82858fb8 Mon Sep 17 00:00:00 2001 From: Matthieu Baerts Date: Fri, 11 Jun 2021 16:34:09 +0200 Subject: [PATCH 13/17] tg create t/selftests-mptcp-add-deny_join_id0-testcases base --- .topdeps | 1 - .topmsg | 17 ----------------- 2 files changed, 18 deletions(-) delete mode 100644 .topdeps delete mode 100644 .topmsg diff --git a/.topdeps b/.topdeps deleted file mode 100644 index a764042cd94a6..0000000000000 --- a/.topdeps +++ /dev/null @@ -1 +0,0 @@ -t/mptcp-add-allow_join_id0-in-mptcp_out_options diff --git a/.topmsg b/.topmsg deleted file mode 100644 index bbd9970fe94df..0000000000000 --- a/.topmsg +++ /dev/null @@ -1,17 +0,0 @@ -From: Geliang Tang -Subject: [PATCH] mptcp: add deny_join_id0 in mptcp_options_received - -This patch added a new flag named deny_join_id0 in struct -mptcp_options_received. Set it when MP_CAPABLE with the flag -MPTCP_CAP_DENYJOIN_ID0 is received. - -Also add a new flag remote_deny_join_id0 in struct mptcp_pm_data. When the -flag deny_join_id0 is set, set this remote_deny_join_id0 flag. - -In mptcp_pm_create_subflow_or_signal_addr, if the remote_deny_join_id0 flag -is set, and the remote address id is zero, stop this connection. - -Suggested-by: Florian Westphal -Reviewed-by: Mat Martineau -Acked-by: Paolo Abeni -Signed-off-by: Geliang Tang From 6e392eb43b2b9401a15b4e28b1796100ad1893f1 Mon Sep 17 00:00:00 2001 From: Matthieu Baerts Date: Fri, 11 Jun 2021 16:34:10 +0200 Subject: [PATCH 14/17] tg create t/selftests-mptcp-add-deny_join_id0-testcases --- .topdeps | 1 + .topmsg | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 .topdeps create mode 100644 .topmsg diff --git a/.topdeps b/.topdeps new file mode 100644 index 0000000000000..e84b5a66d1225 --- /dev/null +++ b/.topdeps @@ -0,0 +1 @@ +t/mptcp-add-deny_join_id0-in-mptcp_options_received diff --git a/.topmsg b/.topmsg new file mode 100644 index 0000000000000..ed1fd02aa1c24 --- /dev/null +++ b/.topmsg @@ -0,0 +1,4 @@ +From: Matthieu Baerts +Subject: [PATCH] t/selftests-mptcp-add-deny_join_id0-testcases + +Signed-off-by: Matthieu Baerts From 97bdcdc69469d79582df5262a1265d403fd264f4 Mon Sep 17 00:00:00 2001 From: Matthieu Baerts Date: Fri, 11 Jun 2021 16:34:10 +0200 Subject: [PATCH 15/17] tg import create t/selftests-mptcp-add-deny_join_id0-testcases --- .topmsg | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.topmsg b/.topmsg index ed1fd02aa1c24..0ba3cff4e3775 100644 --- a/.topmsg +++ b/.topmsg @@ -1,4 +1,9 @@ -From: Matthieu Baerts -Subject: [PATCH] t/selftests-mptcp-add-deny_join_id0-testcases +From: Geliang Tang +Subject: [PATCH] selftests: mptcp: add deny_join_id0 testcases -Signed-off-by: Matthieu Baerts +This patch added a new argument '-d' for mptcp_join.sh script, to invoke +the testcases for the MP_CAPABLE 'C' flag. + +Reviewed-by: Mat Martineau +Acked-by: Paolo Abeni +Signed-off-by: Geliang Tang From 0704c54e490d36657b71df8bce9b730a4df2817f Mon Sep 17 00:00:00 2001 From: Geliang Tang Date: Tue, 25 May 2021 17:17:06 +0800 Subject: [PATCH 16/17] selftests: mptcp: add deny_join_id0 testcases This patch added a new argument '-d' for mptcp_join.sh script, to invoke the testcases for the MP_CAPABLE 'C' flag. Reviewed-by: Mat Martineau Acked-by: Paolo Abeni Signed-off-by: Geliang Tang --- .../testing/selftests/net/mptcp/mptcp_join.sh | 75 ++++++++++++++++++- 1 file changed, 74 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 523c7797f30ac..9a191c1a5de8d 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -139,6 +139,17 @@ reset_with_checksum() ip netns exec $ns2 sysctl -q net.mptcp.checksum_enabled=$ns2_enable } +reset_with_allow_join_id0() +{ + local ns1_enable=$1 + local ns2_enable=$2 + + reset + + ip netns exec $ns1 sysctl -q net.mptcp.allow_join_initial_addr_port=$ns1_enable + ip netns exec $ns2 sysctl -q net.mptcp.allow_join_initial_addr_port=$ns2_enable +} + ip -Version > /dev/null 2>&1 if [ $? -ne 0 ];then echo "SKIP: Could not run test without ip tool" @@ -1462,6 +1473,63 @@ checksum_tests() chk_csum_nr "checksum test 1 0" } +deny_join_id0_tests() +{ + # subflow allow join id0 ns1 + reset_with_allow_join_id0 1 0 + ip netns exec $ns1 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "single subflow allow join id0 ns1" 1 1 1 + + # subflow allow join id0 ns2 + reset_with_allow_join_id0 0 1 + ip netns exec $ns1 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "single subflow allow join id0 ns2" 0 0 0 + + # signal address allow join id0 ns1 + # ADD_ADDRs are not affected by allow_join_id0 value. + reset_with_allow_join_id0 1 0 + ip netns exec $ns1 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl limits 1 1 + ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "signal address allow join id0 ns1" 1 1 1 + chk_add_nr 1 1 + + # signal address allow join id0 ns2 + # ADD_ADDRs are not affected by allow_join_id0 value. + reset_with_allow_join_id0 0 1 + ip netns exec $ns1 ./pm_nl_ctl limits 1 1 + ip netns exec $ns2 ./pm_nl_ctl limits 1 1 + ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "signal address allow join id0 ns2" 1 1 1 + chk_add_nr 1 1 + + # subflow and address allow join id0 ns1 + reset_with_allow_join_id0 1 0 + ip netns exec $ns1 ./pm_nl_ctl limits 2 2 + ip netns exec $ns2 ./pm_nl_ctl limits 2 2 + ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal + ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "subflow and address allow join id0 1" 2 2 2 + + # subflow and address allow join id0 ns2 + reset_with_allow_join_id0 0 1 + ip netns exec $ns1 ./pm_nl_ctl limits 2 2 + ip netns exec $ns2 ./pm_nl_ctl limits 2 2 + ip netns exec $ns1 ./pm_nl_ctl add 10.0.2.1 flags signal + ip netns exec $ns2 ./pm_nl_ctl add 10.0.3.2 flags subflow + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr "subflow and address allow join id0 2" 1 1 1 +} + all_tests() { subflows_tests @@ -1476,6 +1544,7 @@ all_tests() add_addr_ports_tests syncookies_tests checksum_tests + deny_join_id0_tests } usage() @@ -1493,6 +1562,7 @@ usage() echo " -p add_addr_ports_tests" echo " -k syncookies_tests" echo " -S checksum_tests" + echo " -d deny_join_id0_tests" echo " -c capture pcap files" echo " -C enable data checksum" echo " -h help" @@ -1528,7 +1598,7 @@ if [ $do_all_tests -eq 1 ]; then exit $ret fi -while getopts 'fsltra64bpkchCS' opt; do +while getopts 'fsltra64bpkdchCS' opt; do case $opt in f) subflows_tests @@ -1566,6 +1636,9 @@ while getopts 'fsltra64bpkchCS' opt; do S) checksum_tests ;; + d) + deny_join_id0_tests + ;; c) ;; C) From 99afe38dce3fc5a1653ac06554d67d415412aa28 Mon Sep 17 00:00:00 2001 From: Matthieu Baerts Date: Fri, 11 Jun 2021 16:34:12 +0200 Subject: [PATCH 17/17] tg: switch to t/selftests-mptcp-add-deny_join_id0-testcases Signed-off-by: Matthieu Baerts --- .topdeps | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.topdeps b/.topdeps index 7a8d5b64e84bd..c379ee76580bf 100644 --- a/.topdeps +++ b/.topdeps @@ -1 +1 @@ -t/selftests-mptcp-display-proper-reason-to-abort-tests +t/selftests-mptcp-add-deny_join_id0-testcases