mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-01 06:33:07 +00:00
tcp: add TCP_MINTTL drop reason
In the unlikely case incoming packets are dropped because of IP_MINTTL / IPV6_MINHOPCOUNT constraints... Signed-off-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20230201174345.2708943-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
parent
0719bc3a5c
commit
2798e36dc2
3 changed files with 9 additions and 1 deletions
|
@ -71,6 +71,7 @@
|
||||||
FN(DUP_FRAG) \
|
FN(DUP_FRAG) \
|
||||||
FN(FRAG_REASM_TIMEOUT) \
|
FN(FRAG_REASM_TIMEOUT) \
|
||||||
FN(FRAG_TOO_FAR) \
|
FN(FRAG_TOO_FAR) \
|
||||||
|
FN(TCP_MINTTL) \
|
||||||
FNe(MAX)
|
FNe(MAX)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -312,6 +313,11 @@ enum skb_drop_reason {
|
||||||
* (/proc/sys/net/ipv4/ipfrag_max_dist)
|
* (/proc/sys/net/ipv4/ipfrag_max_dist)
|
||||||
*/
|
*/
|
||||||
SKB_DROP_REASON_FRAG_TOO_FAR,
|
SKB_DROP_REASON_FRAG_TOO_FAR,
|
||||||
|
/**
|
||||||
|
* @SKB_DROP_REASON_TCP_MINTTL: ipv4 ttl or ipv6 hoplimit below
|
||||||
|
* the threshold (IP_MINTTL or IPV6_MINHOPCOUNT).
|
||||||
|
*/
|
||||||
|
SKB_DROP_REASON_TCP_MINTTL,
|
||||||
/**
|
/**
|
||||||
* @SKB_DROP_REASON_MAX: the maximum of drop reason, which shouldn't be
|
* @SKB_DROP_REASON_MAX: the maximum of drop reason, which shouldn't be
|
||||||
* used as a real 'reason'
|
* used as a real 'reason'
|
||||||
|
|
|
@ -2102,6 +2102,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
|
||||||
/* min_ttl can be changed concurrently from do_ip_setsockopt() */
|
/* min_ttl can be changed concurrently from do_ip_setsockopt() */
|
||||||
if (unlikely(iph->ttl < READ_ONCE(inet_sk(sk)->min_ttl))) {
|
if (unlikely(iph->ttl < READ_ONCE(inet_sk(sk)->min_ttl))) {
|
||||||
__NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
|
__NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
|
||||||
|
drop_reason = SKB_DROP_REASON_TCP_MINTTL;
|
||||||
goto discard_and_relse;
|
goto discard_and_relse;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1708,8 +1708,9 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
|
||||||
|
|
||||||
if (static_branch_unlikely(&ip6_min_hopcount)) {
|
if (static_branch_unlikely(&ip6_min_hopcount)) {
|
||||||
/* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */
|
/* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */
|
||||||
if (hdr->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount)) {
|
if (unlikely(hdr->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount))) {
|
||||||
__NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
|
__NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
|
||||||
|
drop_reason = SKB_DROP_REASON_TCP_MINTTL;
|
||||||
goto discard_and_relse;
|
goto discard_and_relse;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue