From nobody Tue Apr 30 03:06:41 2024
Delivered-To: wpasupplicant.patchew@gmail.com
Received: by 2002:a05:6638:bd2:0:0:0:0 with SMTP id g18csp482343jad;
        Thu, 17 Feb 2022 06:25:58 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJzkp5xsJwJGOgIZMbiX3jtIIFVTyifSi74UXy2yLfd27fTZByPiYf+9Vdez0S9jE9Wo3zLP
X-Received: by 2002:a05:622a:138a:b0:2c9:efe8:72c7 with SMTP id
 o10-20020a05622a138a00b002c9efe872c7mr2619439qtk.546.1645107958045;
        Thu, 17 Feb 2022 06:25:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645107958; cv=none;
        d=google.com; s=arc-20160816;
        b=Hkwp2dkokA15HiYybZAeKsqUrQL/Xq1BY7nyEdt1BCm1kMYtA1Bvi+dbavvxHY17xg
         /kP609ySVcYGA8zuReqExte61WAQCdQhvujNekMoW3ZBofM+mMzlIhjbqMTEKR3//RGu
         z/SHSEAiJp6V23DTLvaHP9vbmH+4R8OpxXVOiq73IZVx85XzzBSsFv3HKZ6RCqvy7bKo
         Pi7j9rLiM2GFRRNnTU2yQWQ/qoKYH20upKOyOfyD8ZYVmFkXfpb4opNRaNNmN9qBQ0z+
         S1y+XyVvBr+bT4b+17zdnFJeyFmmWH7cw0svurMB44kWmRgbHYTsy4Xdo5CPsV5LdSua
         osDA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=jSwWObi4QeSowVuDkXAGzTWL8k32l6HECm7JsEHizwc=;
        b=i7+//aEYcpNdDunPFeFtg9oLSKlpRICnR6IN33HmqASEuioyoyEVfbZdhLQdYj5XG2
         bIcytObRccdTZ1r6RX4OryCKApVyFzH5wf7158kyyfGuj3UGX5cR0ZwXizcosmgaKbcO
         HbNpWA/dQkb4Su3HUGS415m2cFrYWI7p1LPrmZh60VmkL7mDjuAgUobD6+Iq5g7hneXN
         b5N+LN9fWC9TeVx0uOcWh6/n7gbL/49rAbIcgV0k9Lyox2vEFCLrOhyDAzf4UE+xsqpz
         qYkucmnOxNBy4kvbH/oPIZoGn1NWwrufRgYFFQOgp1OKdIMq5ihTPZrOxIQjp+Tk86KT
         s3Qw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-3801-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender)
 smtp.mailfrom="mptcp+bounces-3801-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Return-Path: 
 <mptcp+bounces-3801-wpasupplicant.patchew=gmail.com@lists.linux.dev>
Received: from ewr.edge.kernel.org (ewr.edge.kernel.org. [147.75.197.195])
        by mx.google.com with ESMTPS id o6si8178500qkj.287.2022.02.17.06.25.57
        for <wpasupplicant.patchew@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 17 Feb 2022 06:25:58 -0800 (PST)
Received-SPF: pass (google.com: domain of
 mptcp+bounces-3801-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender) client-ip=147.75.197.195;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-3801-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender)
 smtp.mailfrom="mptcp+bounces-3801-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ewr.edge.kernel.org (Postfix) with ESMTPS id CB4231C0BCE
	for <wpasupplicant.patchew@gmail.com>; Thu, 17 Feb 2022 14:25:57 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 9E6293D9E;
	Thu, 17 Feb 2022 14:25:56 +0000 (UTC)
X-Original-To: mptcp@lists.linux.dev
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc
 [193.142.43.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B443291C
	for <mptcp@lists.linux.dev>; Thu, 17 Feb 2022 14:25:55 +0000 (UTC)
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
	(envelope-from <fw@breakpoint.cc>)
	id 1nKhj9-0004Da-Qv; Thu, 17 Feb 2022 15:25:47 +0100
From: Florian Westphal <fw@strlen.de>
To: <mptcp@lists.linux.dev>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH mptcp-next v2 1/5] mptcp: check netns in mptcp_token_exists
Date: Thu, 17 Feb 2022 15:25:34 +0100
Message-Id: <20220217142538.7849-2-fw@strlen.de>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220217142538.7849-1-fw@strlen.de>
References: <20220217142538.7849-1-fw@strlen.de>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

This will be used by a followup patch to check if the token
specified in mp_join option exists in the current netns.

At this time, tokens are unique across all namespaces, but
we need to treat a token that exists in netns x as 'does not exist'
when doing existence check from netns y.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/mptcp/protocol.h | 2 +-
 net/mptcp/subflow.c  | 4 +++-
 net/mptcp/token.c    | 5 +++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index 18ca0248c084..c43ca46dbc27 100644
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -725,7 +725,7 @@ void mptcp_token_destroy_request(struct request_sock *r=
eq);
 int mptcp_token_new_connect(struct sock *sk);
 void mptcp_token_accept(struct mptcp_subflow_request_sock *r,
 			struct mptcp_sock *msk);
-bool mptcp_token_exists(u32 token);
+bool mptcp_token_exists(const struct net *net, u32 token);
 struct mptcp_sock *mptcp_token_get_sock(struct net *net, u32 token);
 struct mptcp_sock *mptcp_token_iter_next(const struct net *net, long *s_sl=
ot,
 					 long *s_num);
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index e727d838da0e..be43077fe76e 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -176,10 +176,12 @@ static int subflow_check_req(struct request_sock *req,
 		} while (subflow_req->local_key =3D=3D 0);
=20
 		if (unlikely(req->syncookie)) {
+			const struct net *net =3D read_pnet(&inet_rsk(req)->ireq_net);
+
 			mptcp_crypto_key_sha(subflow_req->local_key,
 					     &subflow_req->token,
 					     &subflow_req->idsn);
-			if (mptcp_token_exists(subflow_req->token)) {
+			if (mptcp_token_exists(net, subflow_req->token)) {
 				if (retries-- > 0)
 					goto again;
 				SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_TOKENFALLBACKINIT);
diff --git a/net/mptcp/token.c b/net/mptcp/token.c
index f52ee7b26aed..0593c83385e0 100644
--- a/net/mptcp/token.c
+++ b/net/mptcp/token.c
@@ -203,7 +203,7 @@ void mptcp_token_accept(struct mptcp_subflow_request_so=
ck *req,
 	spin_unlock_bh(&bucket->lock);
 }
=20
-bool mptcp_token_exists(u32 token)
+bool mptcp_token_exists(const struct net *net, u32 token)
 {
 	struct hlist_nulls_node *pos;
 	struct token_bucket *bucket;
@@ -216,7 +216,8 @@ bool mptcp_token_exists(u32 token)
 again:
 	sk_nulls_for_each_rcu(sk, pos, &bucket->msk_chain) {
 		msk =3D mptcp_sk(sk);
-		if (READ_ONCE(msk->token) =3D=3D token)
+		if (READ_ONCE(msk->token) =3D=3D token &&
+		    net_eq(sock_net(sk), net))
 			goto found;
 	}
 	if (get_nulls_value(pos) !=3D (token & token_mask))
--=20
2.34.1


From nobody Tue Apr 30 03:06:41 2024
Delivered-To: wpasupplicant.patchew@gmail.com
Received: by 2002:a05:6638:bd2:0:0:0:0 with SMTP id g18csp482331jad;
        Thu, 17 Feb 2022 06:25:56 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJw3CTDGhjOlEWS2CnurNa5mhinOjeFpjQvPVZPlJGljl6zRczJpel2bgLoeBl0XiETjET7W
X-Received: by 2002:a17:902:7285:b0:14d:7f5b:94d0 with SMTP id
 d5-20020a170902728500b0014d7f5b94d0mr2991572pll.25.1645107956710;
        Thu, 17 Feb 2022 06:25:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645107956; cv=none;
        d=google.com; s=arc-20160816;
        b=peFeOdzbzXhhklAGSIiFLRnlt82voOvQ2c0RnZog3LjmokuKsNrpnE2HM18xJZeAJN
         HID63txQkGYu7bzUiEDZWRC41MfGY0WGbEDoQtXCp+eGgk2IoTcd17cZ3SvxK+cUyCed
         +8jYr+XaTWBrv+zQvY3agt8lp3zjRjKNFopX8NElo+CMA9+mpXfnaUKnuzrTs7ojB38P
         XLHoOjoJx/hbfxGKA3nglbybn1iI0hiteKPHJdOs/xAXntMtGKqDOgputp66m+ipl9LJ
         AmM96or/C3cfn1Do6HXHZi/1dEIIvtuLmI5opQN8sh67RQimu7N3TvjT8ctEaphBkeYZ
         EGNg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=3aBJeOlw+nlPaxSev71ZP1dFFeWHJajCde0dOTDjqm0=;
        b=ge7OlIhgTyHwmPnAudDFdAsTG1OvIaUtP1Ao2I9ZfKHdrubEOybAe4fVhppDCBPj0T
         /n26hB3tbMrMMM8Y6YHjJd1L/YI0fywv74TuHDbHluNWRPgPmVK4uiSiWt6GZKfn3uz7
         z2bXtkvx2BLAylWavRpuHLTHWyfTjFbINtyNybDyFfZt9yRN0Enqmhvi0Af1l95fcMof
         lQr8pO6YgF7vGo9yWgmp8pH9RKlYzOGKCfm2aoDKUVm1Ud4tlhOXFK4FXKVPjkoNGkQy
         KzhOgvFsaMAlORsayZB2ybwLebyDez/YevPr9lnoVf2/qhl2vczeNYDkuoQLCaUsO/xl
         i7dQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-3800-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 2604:1380:1000:8100::1 as permitted sender)
 smtp.mailfrom="mptcp+bounces-3800-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Return-Path: 
 <mptcp+bounces-3800-wpasupplicant.patchew=gmail.com@lists.linux.dev>
Received: from sjc.edge.kernel.org (sjc.edge.kernel.org.
 [2604:1380:1000:8100::1])
        by mx.google.com with ESMTPS id g5si5412801plt.387.2022.02.17.06.25.56
        for <wpasupplicant.patchew@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 17 Feb 2022 06:25:56 -0800 (PST)
Received-SPF: pass (google.com: domain of
 mptcp+bounces-3800-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 2604:1380:1000:8100::1 as permitted sender) client-ip=2604:1380:1000:8100::1;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-3800-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 2604:1380:1000:8100::1 as permitted sender)
 smtp.mailfrom="mptcp+bounces-3800-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sjc.edge.kernel.org (Postfix) with ESMTPS id 5F56E3E0F34
	for <wpasupplicant.patchew@gmail.com>; Thu, 17 Feb 2022 14:25:56 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id D680C3D9F;
	Thu, 17 Feb 2022 14:25:54 +0000 (UTC)
X-Original-To: mptcp@lists.linux.dev
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc
 [193.142.43.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9ABA73B29
	for <mptcp@lists.linux.dev>; Thu, 17 Feb 2022 14:25:53 +0000 (UTC)
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
	(envelope-from <fw@breakpoint.cc>)
	id 1nKhjD-0004Di-Vu; Thu, 17 Feb 2022 15:25:52 +0100
From: Florian Westphal <fw@strlen.de>
To: <mptcp@lists.linux.dev>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH mptcp-next v2 2/5] mptcp: prefer ip address in syn skb instead
 of listen sk bound address
Date: Thu, 17 Feb 2022 15:25:35 +0100
Message-Id: <20220217142538.7849-3-fw@strlen.de>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220217142538.7849-1-fw@strlen.de>
References: <20220217142538.7849-1-fw@strlen.de>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Once we change mptcp to use tproxy-like scheme to steer mptcp join
requests to a special pernet socket, the 'sk bound address' becomes
meaningless because it will never be identical to the tcp dport/ip daddr
of the on-wire packet.

Prepare for this: pass the skbuff and use the packet data instead of
the address the listener socket is bound to.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/mptcp/pm_netlink.c | 17 +++++++++++++++--
 net/mptcp/protocol.h   |  2 +-
 net/mptcp/subflow.c    |  5 +++--
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c
index 56f5603c10f2..614b5d05aa62 100644
--- a/net/mptcp/pm_netlink.c
+++ b/net/mptcp/pm_netlink.c
@@ -279,13 +279,26 @@ mptcp_lookup_anno_list_by_saddr(const struct mptcp_so=
ck *msk,
 	return NULL;
 }
=20
-bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock=
 *sk)
+static void skb_fetch_src_address(const struct sk_buff *skb,
+				  struct mptcp_addr_info *addr)
+{
+	addr->port =3D tcp_hdr(skb)->dest;
+	if (addr->family =3D=3D AF_INET)
+		addr->addr.s_addr =3D ip_hdr(skb)->daddr;
+#if IS_ENABLED(CONFIG_MPTCP_IPV6)
+	else if (addr->family =3D=3D AF_INET6)
+		addr->addr6 =3D ipv6_hdr(skb)->daddr;
+#endif
+}
+
+bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, int af, const str=
uct sk_buff *skb)
 {
 	struct mptcp_pm_add_entry *entry;
 	struct mptcp_addr_info saddr;
 	bool ret =3D false;
=20
-	local_address((struct sock_common *)sk, &saddr);
+	saddr.family =3D af;
+	skb_fetch_src_address(skb, &saddr);
=20
 	spin_lock_bh(&msk->pm.lock);
 	list_for_each_entry(entry, &msk->pm.anno_list, list) {
diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index c43ca46dbc27..7bd064b68b51 100644
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -760,7 +760,7 @@ void mptcp_pm_rm_addr_received(struct mptcp_sock *msk,
 void mptcp_pm_mp_prio_received(struct sock *sk, u8 bkup);
 void mptcp_pm_mp_fail_received(struct sock *sk, u64 fail_seq);
 void mptcp_pm_free_anno_list(struct mptcp_sock *msk);
-bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock=
 *sk);
+bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, int af, const str=
uct sk_buff *skb);
 struct mptcp_pm_add_entry *
 mptcp_pm_del_add_timer(struct mptcp_sock *msk,
 		       const struct mptcp_addr_info *addr, bool check_id);
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index be43077fe76e..8be20f7b76df 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -218,7 +218,8 @@ static int subflow_check_req(struct request_sock *req,
 			pr_debug("syn inet_sport=3D%d %d",
 				 ntohs(inet_sk(sk_listener)->inet_sport),
 				 ntohs(inet_sk((struct sock *)subflow_req->msk)->inet_sport));
-			if (!mptcp_pm_sport_in_anno_list(subflow_req->msk, sk_listener)) {
+			if (!mptcp_pm_sport_in_anno_list(subflow_req->msk,
+							 sk_listener->sk_family, skb)) {
 				SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MISMATCHPORTSYNRX);
 				return -EPERM;
 			}
@@ -750,7 +751,7 @@ static struct sock *subflow_syn_recv_sock(const struct =
sock *sk,
 				pr_debug("ack inet_sport=3D%d %d",
 					 ntohs(inet_sk(sk)->inet_sport),
 					 ntohs(inet_sk((struct sock *)owner)->inet_sport));
-				if (!mptcp_pm_sport_in_anno_list(owner, sk)) {
+				if (!mptcp_pm_sport_in_anno_list(owner, sk->sk_family, skb)) {
 					SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MISMATCHPORTACKRX);
 					goto dispose_child;
 				}
--=20
2.34.1


From nobody Tue Apr 30 03:06:41 2024
Delivered-To: wpasupplicant.patchew@gmail.com
Received: by 2002:a05:6638:bd2:0:0:0:0 with SMTP id g18csp482392jad;
        Thu, 17 Feb 2022 06:26:00 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJybbmNUaePei5nspyvo8EtDGnRJe0f0++Jpm3BtX4uumGCHyb+aBpG+d2+p7KFLLz1bpmoH
X-Received: by 2002:a17:90b:4391:b0:1b8:efac:58b6 with SMTP id
 in17-20020a17090b439100b001b8efac58b6mr7440772pjb.60.1645107960453;
        Thu, 17 Feb 2022 06:26:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645107960; cv=none;
        d=google.com; s=arc-20160816;
        b=FrbtkkURfUg3vHsvAG2h5T1LedCqr7o0ZPe58MreG1YWoySN/IocAmurm5FL5l3ln/
         9/AbhvppD0tTynx7uwyaravlP5rmSY0p7lrYC53lDcAUJkMX3vzge1vVtvABI1vaMfLv
         65QJ++QrfW1ZciKouS7grkNyRbTiU7fpzmbJosCASgFBGtu1peBi0hXWUgVP510DM8A/
         iJB1WVCfs61sw0eJbVwlIVSnDvwCmYf1c4FEDCuXT+NaVbGmTaevfXdNVJEHc4EBWOM3
         Ik8gAo38ETawD/yMIhvQ5WhzRKRrOuV3ULPj9bFAhlfoPCEQ3HcjQIN307Rzl0DaUiWp
         RPCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=WdJT3cbDm66ucF1Q7holBPmEhk4Q4YYGaTSfAEokRqw=;
        b=jqSpeB+2kjvwzgUrHAUPM/nZBWifPbM6v8Z4RmXYXcG54dlfTLK/rZAa+uCGQqR0hu
         SW3hsCYFaURz50tEy8077G58X7tsATewW0aQvzyd+8ZAKtR+2XcZ4RNvxSa9eERiSSTb
         bybWvHINt8rGHy1ZUCp+6gs9XOQeNnnGgKPXklPxirHe04brfItAR+DQPBr6jO9JUF3Y
         v3G1x3IS9XCEQlpDyHyWNRf/YiMcnawxM2T1A+9AKZfiCTgzqkUEBYLRm247/IVpE3bb
         +bsa5Bk/+FkPKYUBUW45mmzmlV4b7ueLT0N/B9khemflAXQ0ppmLOgGYjS+/q+4UoPjl
         4eaA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-3802-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.69.165 as permitted sender)
 smtp.mailfrom="mptcp+bounces-3802-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Return-Path: 
 <mptcp+bounces-3802-wpasupplicant.patchew=gmail.com@lists.linux.dev>
Received: from sjc.edge.kernel.org (sjc.edge.kernel.org. [147.75.69.165])
        by mx.google.com with ESMTPS id g7si962904pgu.391.2022.02.17.06.26.00
        for <wpasupplicant.patchew@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 17 Feb 2022 06:26:00 -0800 (PST)
Received-SPF: pass (google.com: domain of
 mptcp+bounces-3802-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.69.165 as permitted sender) client-ip=147.75.69.165;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-3802-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.69.165 as permitted sender)
 smtp.mailfrom="mptcp+bounces-3802-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sjc.edge.kernel.org (Postfix) with ESMTPS id CA49D3E0F69
	for <wpasupplicant.patchew@gmail.com>; Thu, 17 Feb 2022 14:25:59 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id C157A3D9E;
	Thu, 17 Feb 2022 14:25:58 +0000 (UTC)
X-Original-To: mptcp@lists.linux.dev
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc
 [193.142.43.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C368A291C
	for <mptcp@lists.linux.dev>; Thu, 17 Feb 2022 14:25:57 +0000 (UTC)
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
	(envelope-from <fw@breakpoint.cc>)
	id 1nKhjI-0004Ds-3j; Thu, 17 Feb 2022 15:25:56 +0100
From: Florian Westphal <fw@strlen.de>
To: <mptcp@lists.linux.dev>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH mptcp-next v2 3/5] tcp: add mptcp join demultiplex hooks
Date: Thu, 17 Feb 2022 15:25:36 +0100
Message-Id: <20220217142538.7849-4-fw@strlen.de>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220217142538.7849-1-fw@strlen.de>
References: <20220217142538.7849-1-fw@strlen.de>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Split from the next patch to make core tcp changes more obvious:
add a dummy function that gets called after tcp socket demux came up
empty.

This will be used by mptcp to check if a tcp syn contains an mptcp
join option with a valid token (connection id).

If so, a hidden pernet mptcp listener socket is returned and packet
resumes normally.

This patch series does not cover timewait sockets so far.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 include/net/mptcp.h | 5 +++++
 net/ipv4/tcp_ipv4.c | 4 ++++
 net/ipv6/tcp_ipv6.c | 4 ++++
 3 files changed, 13 insertions(+)

diff --git a/include/net/mptcp.h b/include/net/mptcp.h
index 8b1afd6f5cc4..5ee422b56902 100644
--- a/include/net/mptcp.h
+++ b/include/net/mptcp.h
@@ -197,6 +197,10 @@ static inline __be32 mptcp_reset_option(const struct s=
k_buff *skb)
=20
 	return htonl(0u);
 }
+static inline struct sock *mptcp_handle_join(int af, struct sk_buff *skb)
+{
+	return NULL;
+}
 #else
=20
 static inline void mptcp_init(void)
@@ -274,6 +278,7 @@ static inline int mptcp_subflow_init_cookie_req(struct =
request_sock *req,
 }
=20
 static inline __be32 mptcp_reset_option(const struct sk_buff *skb)  { retu=
rn htonl(0u); }
+static inline struct sock *mptcp_handle_join(int af, struct sk_buff *skb) =
{ return NULL; }
 #endif /* CONFIG_MPTCP */
=20
 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 6873f46fc8ba..6e6675a09443 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2140,6 +2140,10 @@ int tcp_v4_rcv(struct sk_buff *skb)
 	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
 		goto discard_it;
=20
+	sk =3D mptcp_handle_join(AF_INET, skb);
+	if (sk)
+		goto process;
+
 	tcp_v4_fill_cb(skb, iph, th);
=20
 	if (tcp_checksum_complete(skb)) {
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 0c648bf07f39..788040db8e9e 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1782,6 +1782,10 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buf=
f *skb)
 	if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
 		goto discard_it;
=20
+	sk =3D mptcp_handle_join(AF_INET6, skb);
+	if (sk)
+		goto process;
+
 	tcp_v6_fill_cb(skb, hdr, th);
=20
 	if (tcp_checksum_complete(skb)) {
--=20
2.34.1


From nobody Tue Apr 30 03:06:41 2024
Delivered-To: wpasupplicant.patchew@gmail.com
Received: by 2002:a05:6638:bd2:0:0:0:0 with SMTP id g18csp482472jad;
        Thu, 17 Feb 2022 06:26:05 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJzLWejG6FjEyfL4805I3bHMD8D8zX7kKCoPpFMw83q2wulViz3+SU2nbfOqffo+wNn6c172
X-Received: by 2002:ad4:4585:0:b0:42d:7bff:ffad with SMTP id
 x5-20020ad44585000000b0042d7bffffadmr2199115qvu.29.1645107965286;
        Thu, 17 Feb 2022 06:26:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645107965; cv=none;
        d=google.com; s=arc-20160816;
        b=RCxamBQMcKnLHM1qmtLesjdG5yjCuvIJx/0YJ7MNpTPkylq6r1zXG7Hik+AxGn0+5L
         uBTE6pfh0q/RS4IUfHxVvgcPvKoJhW0jzQwUQ6zqcOZOAdByuZXHMco2fsVxTSF45rcn
         m+JYRdf4XCjG9xfpCPvUUkylzcxZAMVYPr6HTSjoVTSk2UgQnEMkO4aiDMDVLWLJ3kHY
         VmljeBpsTJAcx+j5KTJbz/BElbl5Fg9LoMMlZOlMGX3EzFfnq7jkSb0J7uKnnyEW6zzb
         OduLFAlDYl9qhz0JzTxPhv0rIYmbjmHClNv8iZB7DcFBEGPBmMVF1QmiEn9YgGy945oQ
         JGKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=M+6rIR4ANX7lW8eeDvGk7hO0z5hyQf8JCo77lHx6xyU=;
        b=S5EGOJjD7lLM95hKceTQ6Kg9ONq2V/BW6aO3ip/z0KmrAe4LzXudZaFNKkgcW+pLtf
         Gj+jKPKTT/NWTaLCB5HN0XbmanH/6B+qglZKi4dqEvOfI6ANJoy1ctZj0pkUw20E/XfY
         cXioo0nIXV69vXpwlTnORevOFXk5j7swWM5bFAIYrIhS5V/cDYukE9bEcEBGdiqEYIpA
         mxbK1uEPBJI8BXJOXQye5b/DJMQDyUmUPBgkDN8GdvenYFwn/urAnfm/YNK4Kz/gN7ns
         GaC8RXVbkxG6PuFfRpHC0yilbA2kywBnd7206F+0ZngMmPHzuc3TY3gXN/R+z9fFLrfk
         to8w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-3803-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender)
 smtp.mailfrom="mptcp+bounces-3803-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Return-Path: 
 <mptcp+bounces-3803-wpasupplicant.patchew=gmail.com@lists.linux.dev>
Received: from ewr.edge.kernel.org (ewr.edge.kernel.org. [147.75.197.195])
        by mx.google.com with ESMTPS id
 201si2008236qkl.711.2022.02.17.06.26.05
        for <wpasupplicant.patchew@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 17 Feb 2022 06:26:05 -0800 (PST)
Received-SPF: pass (google.com: domain of
 mptcp+bounces-3803-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender) client-ip=147.75.197.195;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-3803-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 147.75.197.195 as permitted sender)
 smtp.mailfrom="mptcp+bounces-3803-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ewr.edge.kernel.org (Postfix) with ESMTPS id E5FEE1C0B8E
	for <wpasupplicant.patchew@gmail.com>; Thu, 17 Feb 2022 14:26:04 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 69B1F3D9E;
	Thu, 17 Feb 2022 14:26:03 +0000 (UTC)
X-Original-To: mptcp@lists.linux.dev
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc
 [193.142.43.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 01310291C
	for <mptcp@lists.linux.dev>; Thu, 17 Feb 2022 14:26:02 +0000 (UTC)
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
	(envelope-from <fw@breakpoint.cc>)
	id 1nKhjM-0004EG-94; Thu, 17 Feb 2022 15:26:00 +0100
From: Florian Westphal <fw@strlen.de>
To: <mptcp@lists.linux.dev>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH mptcp-next v2 4/5] mptcp: handle join requests via pernet
 listen socket
Date: Thu, 17 Feb 2022 15:25:37 +0100
Message-Id: <20220217142538.7849-5-fw@strlen.de>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220217142538.7849-1-fw@strlen.de>
References: <20220217142538.7849-1-fw@strlen.de>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Currently mptcp adds kernel-based listener socket for all
netlink-configured mptcp address endpoints.

This has caveats because kernel may interfere with unrelated programs
that use same address/port pairs.

RFC 8684 says:
 Demultiplexing subflow SYNs MUST be done using the token; this is
 unlike traditional TCP, where the destination port is used for
 demultiplexing SYN packets.  Once a subflow is set up, demultiplexing
 packets is done using the 5-tuple, as in traditional TCP.

This patch deviates from this in that it retrains the existing checks of
verifying the incoming requests destination vs. the list of announced
addresses.

This can be relaxed later if deemed appropriate.

Furthermore, TCP-only listeners take precedence: An MPTCP peer
MUST NOT announce address:port pairs that are already in use by a
non-mptcp listener.
This could be changed, but it requires move of mptcp_handle_join()
hook *before* the tcp port demux, i.e. an additional conditional in
hotpath.  As-is, the additional conditional (syn && !rst && ...) is
in the 'no socket found' path.

The pernet 'listening' socket is hidden from userspace.
It is not part of any hashes and not bound to any address or port.

TPROXY-like semantics apply: If tcp demux cannot find a port for a given
packet, check if the packet is a syn packet with a valid join token.

If so, the pernet listener is returned and tcp processing resumes.
Otherwise, handling is intentical.

This patch does not cover timewait sockets.

Signed-off-by: Florian Westphal <fw@strlen.de>
Reported-by: kernel test robot <lkp@intel.com>
---
 include/net/mptcp.h  |  10 ++
 net/ipv6/tcp_ipv6.c  |  19 ++--
 net/mptcp/ctrl.c     | 211 ++++++++++++++++++++++++++++++++++++++++++-
 net/mptcp/protocol.c |   2 +-
 net/mptcp/protocol.h |   2 +-
 net/mptcp/subflow.c  |   3 +
 6 files changed, 233 insertions(+), 14 deletions(-)

diff --git a/include/net/mptcp.h b/include/net/mptcp.h
index 5ee422b56902..49c188b978e1 100644
--- a/include/net/mptcp.h
+++ b/include/net/mptcp.h
@@ -189,6 +189,7 @@ int mptcp_subflow_init_cookie_req(struct request_sock *=
req,
 				  struct sk_buff *skb);
=20
 __be32 mptcp_get_reset_option(const struct sk_buff *skb);
+struct sock *__mptcp_handle_join(int af, struct sk_buff *skb);
=20
 static inline __be32 mptcp_reset_option(const struct sk_buff *skb)
 {
@@ -199,6 +200,11 @@ static inline __be32 mptcp_reset_option(const struct s=
k_buff *skb)
 }
 static inline struct sock *mptcp_handle_join(int af, struct sk_buff *skb)
 {
+	const struct tcphdr *th =3D tcp_hdr(skb);
+
+	if (th->syn && !th->ack && !th->rst && !th->fin)
+		return __mptcp_handle_join(af, skb);
+
 	return NULL;
 }
 #else
@@ -283,9 +289,13 @@ static inline struct sock *mptcp_handle_join(int af, s=
truct sk_buff *skb) { retu
=20
 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
 int mptcpv6_init(void);
+int mptcpv6_init_net(struct net *net);
+void mptcpv6_exit_net(struct net *net);
 void mptcpv6_handle_mapped(struct sock *sk, bool mapped);
 #elif IS_ENABLED(CONFIG_IPV6)
 static inline int mptcpv6_init(void) { return 0; }
+static inline int mptcpv6_init_net(struct net *net) { return 0; }
+static inline void mptcpv6_exit_net(struct net *net) { }
 static inline void mptcpv6_handle_mapped(struct sock *sk, bool mapped) { }
 #endif
=20
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 788040db8e9e..3b8608d35dcd 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -2233,13 +2233,22 @@ static struct inet_protosw tcpv6_protosw =3D {
=20
 static int __net_init tcpv6_net_init(struct net *net)
 {
-	return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
-				    SOCK_RAW, IPPROTO_TCP, net);
+	int err =3D inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
+				       SOCK_RAW, IPPROTO_TCP, net);
+	if (err)
+		return err;
+
+	err =3D mptcpv6_init_net(net);
+	if (err)
+		inet_ctl_sock_destroy(net->ipv6.tcp_sk);
+
+	return err;
 }
=20
 static void __net_exit tcpv6_net_exit(struct net *net)
 {
 	inet_ctl_sock_destroy(net->ipv6.tcp_sk);
+	mptcpv6_exit_net(net);
 }
=20
 static struct pernet_operations tcpv6_net_ops =3D {
@@ -2264,15 +2273,9 @@ int __init tcpv6_init(void)
 	if (ret)
 		goto out_tcpv6_protosw;
=20
-	ret =3D mptcpv6_init();
-	if (ret)
-		goto out_tcpv6_pernet_subsys;
-
 out:
 	return ret;
=20
-out_tcpv6_pernet_subsys:
-	unregister_pernet_subsys(&tcpv6_net_ops);
 out_tcpv6_protosw:
 	inet6_unregister_protosw(&tcpv6_protosw);
 out_tcpv6_protocol:
diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c
index ae20b7d92e28..6358c803ba12 100644
--- a/net/mptcp/ctrl.c
+++ b/net/mptcp/ctrl.c
@@ -21,6 +21,12 @@ static int mptcp_pernet_id;
 static int mptcp_pm_type_max =3D __MPTCP_PM_TYPE_MAX;
 #endif
=20
+struct mptcp_join_sk {
+	struct sock *sk;
+	struct inet_bind_bucket *tb;
+	struct inet_bind_hashbucket head;
+};
+
 struct mptcp_pernet {
 #ifdef CONFIG_SYSCTL
 	struct ctl_table_header *ctl_table_hdr;
@@ -32,6 +38,18 @@ struct mptcp_pernet {
 	u8 checksum_enabled;
 	u8 allow_join_initial_addr_port;
 	u8 pm_type;
+
+	/* pernet listener to handle mptcp join requests
+	 * based on the mptcp token.
+	 *
+	 * Has to be pernet because tcp uses
+	 * sock_net(sk_listener) to obtain the net namespace for
+	 * the syn/ack route lookup.
+	 */
+	struct mptcp_join_sk join4;
+#if IS_ENABLED(CONFIG_MPTCP_IPV6)
+	struct mptcp_join_sk join6;
+#endif
 };
=20
 static struct mptcp_pernet *mptcp_get_pernet(const struct net *net)
@@ -185,13 +203,173 @@ static void mptcp_pernet_del_table(struct mptcp_pern=
et *pernet) {}
=20
 #endif /* CONFIG_SYSCTL */
=20
+struct sock *__mptcp_handle_join(int af, struct sk_buff *skb)
+{
+	struct mptcp_options_received mp_opt;
+	struct mptcp_pernet *pernet;
+	struct socket *ssock;
+	struct sock *lsk;
+	struct net *net;
+
+	/* paranoia check: don't allow 0 destination port,
+	 * else __inet_inherit_port will insert the child socket
+	 * into the phony hash slot of the pernet listener.
+	 */
+	if (tcp_hdr(skb)->dest =3D=3D 0)
+		return NULL;
+
+	mptcp_get_options(skb, &mp_opt);
+
+	if (!(mp_opt.suboptions & OPTIONS_MPTCP_MPJ))
+		return NULL;
+
+	net =3D dev_net(skb_dst(skb)->dev);
+	if (!mptcp_is_enabled(net))
+		return NULL;
+
+	/* RFC8684: If the token is unknown [..], the receiver will send
+	 * back a reset (RST) signal, analogous to an unknown port in TCP,
+	 * containing an MP_TCPRST option (Section 3.6) [..]
+	 */
+	if (!mptcp_token_exists(net, mp_opt.token)) {
+		struct mptcp_ext *ext =3D skb_ext_add(skb, SKB_EXT_MPTCP);
+
+		if (ext) {
+			memset(ext, 0, sizeof(*ext));
+			ext->reset_reason =3D MPTCP_RST_EMPTCP;
+		}
+		return NULL;
+	}
+
+	pernet =3D mptcp_get_pernet(net);
+
+	switch (af) {
+	case AF_INET:
+		lsk =3D pernet->join4.sk;
+		break;
+	case AF_INET6:
+		lsk =3D pernet->join6.sk;
+		break;
+	default:
+		WARN_ON_ONCE(1);
+		return NULL;
+	}
+
+	ssock =3D __mptcp_nmpc_socket(mptcp_sk(lsk));
+	if (WARN_ON(!ssock))
+		return NULL;
+
+	return ssock->sk;
+}
+
+static struct socket *mptcp_create_join_listen_socket(struct net *net, int=
 af)
+{
+	struct socket *s, *ssock;
+	int err;
+
+	err =3D sock_create_kern(net, af, SOCK_STREAM, IPPROTO_MPTCP, &s);
+	if (err)
+		return ERR_PTR(err);
+
+	ssock =3D __mptcp_nmpc_socket(mptcp_sk(s->sk));
+	if (!ssock) {
+		err =3D -EINVAL;
+		goto out;
+	}
+
+	ssock->sk->sk_max_ack_backlog =3D SOMAXCONN;
+	inet_sk_state_store(ssock->sk, TCP_LISTEN);
+
+	s->sk->sk_max_ack_backlog =3D SOMAXCONN;
+	inet_sk_state_store(s->sk, TCP_LISTEN);
+
+	s->sk->sk_net_refcnt =3D 1;
+	get_net_track(net, &s->sk->ns_tracker, GFP_KERNEL);
+	sock_inuse_add(net, 1);
+
+	return s;
+out:
+	sock_release(s);
+	return ERR_PTR(err);
+}
+
+static int mptcp_init_join_sk(struct net *net, struct sock *sk, struct mpt=
cp_join_sk *join_sk)
+{
+	struct socket *ssock =3D __mptcp_nmpc_socket(mptcp_sk(sk));
+	struct inet_hashinfo *table =3D ssock->sk->sk_prot->h.hashinfo;
+	struct inet_bind_bucket *tb;
+
+	spin_lock_init(&join_sk->head.lock);
+	INIT_HLIST_HEAD(&join_sk->head.chain);
+
+	/* Our "listen socket" isn't bound to any address or port.
+	 * Conceptually, SYN packet with mptcp join request are steered to
+	 * this pernet socket just like TPROXY steals arbitrary connection
+	 * requests to assign them to listening socket with different
+	 * address or port.
+	 *
+	 * The bind_bucket is needed for sake of __inet_inherit_port(),
+	 * so it can place the new child socket in the correct
+	 * bind_bucket slot.
+	 *
+	 * A phony head is used to hide this socket from normal sk loookup.
+	 */
+	tb =3D inet_bind_bucket_create(table->bind_bucket_cachep,
+				     net, &join_sk->head, 0, 0);
+	if (!tb)
+		return -ENOMEM;
+
+	inet_csk(ssock->sk)->icsk_bind_hash =3D tb;
+	return 0;
+}
+
 static int __net_init mptcp_net_init(struct net *net)
 {
 	struct mptcp_pernet *pernet =3D mptcp_get_pernet(net);
+	struct socket *sock;
+	int err;
=20
 	mptcp_pernet_set_defaults(pernet);
=20
-	return mptcp_pernet_new_table(net, pernet);
+	err =3D mptcp_pernet_new_table(net, pernet);
+	if (err)
+		return err;
+
+	sock =3D mptcp_create_join_listen_socket(net, AF_INET);
+	if (IS_ERR(sock)) {
+		err =3D PTR_ERR(sock);
+		goto out_table;
+	}
+
+	err =3D mptcp_init_join_sk(net, sock->sk, &pernet->join4);
+	if (err) {
+		sock_release(sock);
+		goto out_table;
+	}
+
+	/* struct sock is still reachable via sock->sk_socket backpointer */
+	pernet->join4.sk =3D sock->sk;
+	return err;
+
+out_table:
+	if (!net_eq(net, &init_net))
+		mptcp_pernet_del_table(pernet);
+	return err;
+}
+
+static void __net_exit mptcp_exit_join_sk(struct mptcp_join_sk *jsk)
+{
+	struct socket *ssock =3D __mptcp_nmpc_socket(mptcp_sk(jsk->sk));
+	struct inet_bind_bucket *tb;
+	struct inet_hashinfo *table;
+
+	table =3D ssock->sk->sk_prot->h.hashinfo;
+
+	tb =3D inet_csk(ssock->sk)->icsk_bind_hash;
+	inet_bind_bucket_destroy(table->bind_bucket_cachep, tb);
+
+	ssock =3D jsk->sk->sk_socket;
+	sock_release(ssock);
 }
=20
 /* Note: the callback will only be called per extra netns */
@@ -200,6 +378,7 @@ static void __net_exit mptcp_net_exit(struct net *net)
 	struct mptcp_pernet *pernet =3D mptcp_get_pernet(net);
=20
 	mptcp_pernet_del_table(pernet);
+	mptcp_exit_join_sk(&pernet->join4);
 }
=20
 static struct pernet_operations mptcp_pernet_ops =3D {
@@ -219,12 +398,36 @@ void __init mptcp_init(void)
 }
=20
 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
-int __init mptcpv6_init(void)
+int __net_init mptcpv6_init_net(struct net *net)
 {
+	struct mptcp_pernet *pernet =3D mptcp_get_pernet(net);
+	struct socket *sock;
 	int err;
=20
-	err =3D mptcp_proto_v6_init();
+	if (net_eq(net, &init_net)) {
+		err =3D mptcp_proto_v6_init();
+		if (err)
+			return err;
+	}
=20
-	return err;
+	sock =3D mptcp_create_join_listen_socket(net, AF_INET6);
+	if (IS_ERR(sock))
+		return PTR_ERR(sock);
+
+	err =3D mptcp_init_join_sk(net, sock->sk, &pernet->join6);
+	if (err) {
+		sock_release(sock);
+		return err;
+	}
+
+	pernet->join6.sk =3D sock->sk;
+	return 0;
+}
+
+void __net_exit mptcpv6_exit_net(struct net *net)
+{
+	struct mptcp_pernet *pernet =3D mptcp_get_pernet(net);
+
+	mptcp_exit_join_sk(&pernet->join6);
 }
 #endif
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 4599bde215b2..5b54e3c8efea 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -3777,7 +3777,7 @@ static struct inet_protosw mptcp_v6_protosw =3D {
 	.flags		=3D INET_PROTOSW_ICSK,
 };
=20
-int __init mptcp_proto_v6_init(void)
+int __net_init mptcp_proto_v6_init(void)
 {
 	int err;
=20
diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index 7bd064b68b51..6a81e2a21301 100644
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -647,7 +647,7 @@ static inline bool mptcp_has_another_subflow(struct soc=
k *ssk)
=20
 void __init mptcp_proto_init(void);
 #if IS_ENABLED(CONFIG_MPTCP_IPV6)
-int __init mptcp_proto_v6_init(void);
+int __net_init mptcp_proto_v6_init(void);
 #endif
=20
 struct sock *mptcp_sk_clone(const struct sock *sk,
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index 8be20f7b76df..4696d27a8994 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -116,6 +116,9 @@ static void subflow_init_req(struct request_sock *req, =
const struct sock *sk_lis
=20
 static bool subflow_use_different_sport(struct mptcp_sock *msk, const stru=
ct sock *sk)
 {
+	if (inet_sk(sk)->inet_sport =3D=3D 0)
+		return true;
+
 	return inet_sk(sk)->inet_sport !=3D inet_sk((struct sock *)msk)->inet_spo=
rt;
 }
=20
--=20
2.34.1


From nobody Tue Apr 30 03:06:41 2024
Delivered-To: wpasupplicant.patchew@gmail.com
Received: by 2002:a05:6638:bd2:0:0:0:0 with SMTP id g18csp482538jad;
        Thu, 17 Feb 2022 06:26:09 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJx66i1ZooYL3T0IluKbh19QytpCkGQAQK4XendmPuZzwGFPiblDC7whstya+7SfF6BySVRa
X-Received: by 2002:a62:e813:0:b0:4e1:922a:2a6d with SMTP id
 c19-20020a62e813000000b004e1922a2a6dmr3420559pfi.50.1645107968853;
        Thu, 17 Feb 2022 06:26:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645107968; cv=none;
        d=google.com; s=arc-20160816;
        b=xbcoq/s2TXKHeQn/MJb+0CBggnbfX2RXwIUp1dbj36iJS1Rp09aKmoa0ZdNvfPSB1D
         HhrmqcNOgvpI9wPPN9rR+E2R6i1UVEFk7o9Z71oj63OuZE6EzUd2awCt5nbHo5t8sYpX
         RBVF5yVorTxk7NqOrtvmDiGJBN592vGkitqzJpSDSUgfi8ySGTT93IjrTFHM0Qk9hS95
         oqsRZjS7PV7pppqc6JR6Nd/uqDCXrnaCT+SLqq3bTmITY9z+huLgsF7p03fxMkFh1lTs
         7nZBNBRFmaEsatUnqM7ZPeVrlYFPxkB20sAe7p+X8jIRzqj8Myr+z5gIoRhhL4hOp3yo
         i7NQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=eRmSdWoJi0AgDXBQuEDNRQ/JscsSDS60UY4WVYtKjrk=;
        b=aPFG7U0d5i6KldbZsAN6X4P610NZPic4Lhg2Ljpgu4/TnhJv40f5IPJIIcYrqYzZ+1
         rBb+V/HqhkLtFqipHUEpswSFdNaUeFNMoCn5JXuJNnIOKfS0dYeeEOFW3d8mQ8woMJNb
         QRJc5dEFPNmPkPl5sm3BTtLhu3jnACjtFhNBqhLx5DNQyVDNEWRWn9UzilomebrCTNqv
         8KqwRwfVUuk86t+I6INDxy8pVxQ532rjevF33uU7B2f01tlVMIv3o+jgaYNMZhhIZERL
         WezR8og04efb56AinSz4jhSUq6I2oLVhox2yIQmKO2MA2DjKxiA/MA17Ed7OuoIJ9DXf
         VIbg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-3804-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 2604:1380:1000:8100::1 as permitted sender)
 smtp.mailfrom="mptcp+bounces-3804-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Return-Path: 
 <mptcp+bounces-3804-wpasupplicant.patchew=gmail.com@lists.linux.dev>
Received: from sjc.edge.kernel.org (sjc.edge.kernel.org.
 [2604:1380:1000:8100::1])
        by mx.google.com with ESMTPS id kt10si872526pjb.27.2022.02.17.06.26.08
        for <wpasupplicant.patchew@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 17 Feb 2022 06:26:08 -0800 (PST)
Received-SPF: pass (google.com: domain of
 mptcp+bounces-3804-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 2604:1380:1000:8100::1 as permitted sender) client-ip=2604:1380:1000:8100::1;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of
 mptcp+bounces-3804-wpasupplicant.patchew=gmail.com@lists.linux.dev designates
 2604:1380:1000:8100::1 as permitted sender)
 smtp.mailfrom="mptcp+bounces-3804-wpasupplicant.patchew=gmail.com@lists.linux.dev"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sjc.edge.kernel.org (Postfix) with ESMTPS id 1EBBF3E0F4F
	for <wpasupplicant.patchew@gmail.com>; Thu, 17 Feb 2022 14:26:08 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 209583D9E;
	Thu, 17 Feb 2022 14:26:07 +0000 (UTC)
X-Original-To: mptcp@lists.linux.dev
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc
 [193.142.43.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14C7C291C
	for <mptcp@lists.linux.dev>; Thu, 17 Feb 2022 14:26:06 +0000 (UTC)
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
	(envelope-from <fw@breakpoint.cc>)
	id 1nKhjQ-0004Eb-D6; Thu, 17 Feb 2022 15:26:04 +0100
From: Florian Westphal <fw@strlen.de>
To: <mptcp@lists.linux.dev>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH mptcp-next v2 5/5] mptcp: remove per-address listening sockets
Date: Thu, 17 Feb 2022 15:25:38 +0100
Message-Id: <20220217142538.7849-6-fw@strlen.de>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220217142538.7849-1-fw@strlen.de>
References: <20220217142538.7849-1-fw@strlen.de>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Not required anymore, syn packets with a join requests are redirected
to pernet mptcp pseudo-listening socket.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/mptcp/pm_netlink.c | 65 ------------------------------------------
 1 file changed, 65 deletions(-)

diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c
index 614b5d05aa62..8a26c7177054 100644
--- a/net/mptcp/pm_netlink.c
+++ b/net/mptcp/pm_netlink.c
@@ -27,7 +27,6 @@ struct mptcp_pm_addr_entry {
 	struct mptcp_addr_info	addr;
 	u8			flags;
 	int			ifindex;
-	struct socket		*lsk;
 };
=20
 struct mptcp_pm_add_entry {
@@ -954,57 +953,6 @@ static int mptcp_pm_nl_append_new_local_addr(struct pm=
_nl_pernet *pernet,
 	return ret;
 }
=20
-static int mptcp_pm_nl_create_listen_socket(struct sock *sk,
-					    struct mptcp_pm_addr_entry *entry)
-{
-	int addrlen =3D sizeof(struct sockaddr_in);
-	struct sockaddr_storage addr;
-	struct mptcp_sock *msk;
-	struct socket *ssock;
-	int backlog =3D 1024;
-	int err;
-
-	err =3D sock_create_kern(sock_net(sk), entry->addr.family,
-			       SOCK_STREAM, IPPROTO_MPTCP, &entry->lsk);
-	if (err)
-		return err;
-
-	msk =3D mptcp_sk(entry->lsk->sk);
-	if (!msk) {
-		err =3D -EINVAL;
-		goto out;
-	}
-
-	ssock =3D __mptcp_nmpc_socket(msk);
-	if (!ssock) {
-		err =3D -EINVAL;
-		goto out;
-	}
-
-	mptcp_info2sockaddr(&entry->addr, &addr, entry->addr.family);
-#if IS_ENABLED(CONFIG_MPTCP_IPV6)
-	if (entry->addr.family =3D=3D AF_INET6)
-		addrlen =3D sizeof(struct sockaddr_in6);
-#endif
-	err =3D kernel_bind(ssock, (struct sockaddr *)&addr, addrlen);
-	if (err) {
-		pr_warn("kernel_bind error, err=3D%d", err);
-		goto out;
-	}
-
-	err =3D kernel_listen(ssock, backlog);
-	if (err) {
-		pr_warn("kernel_listen error, err=3D%d", err);
-		goto out;
-	}
-
-	return 0;
-
-out:
-	sock_release(entry->lsk);
-	return err;
-}
-
 int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct sock_common *s=
kc)
 {
 	struct mptcp_pm_addr_entry *entry;
@@ -1050,7 +998,6 @@ int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, s=
truct sock_common *skc)
 	entry->addr.port =3D 0;
 	entry->ifindex =3D 0;
 	entry->flags =3D 0;
-	entry->lsk =3D NULL;
 	ret =3D mptcp_pm_nl_append_new_local_addr(pernet, entry);
 	if (ret < 0)
 		kfree(entry);
@@ -1258,19 +1205,9 @@ static int mptcp_nl_cmd_add_addr(struct sk_buff *skb=
, struct genl_info *info)
 	}
=20
 	*entry =3D addr;
-	if (entry->addr.port) {
-		ret =3D mptcp_pm_nl_create_listen_socket(skb->sk, entry);
-		if (ret) {
-			GENL_SET_ERR_MSG(info, "create listen socket error");
-			kfree(entry);
-			return ret;
-		}
-	}
 	ret =3D mptcp_pm_nl_append_new_local_addr(pernet, entry);
 	if (ret < 0) {
 		GENL_SET_ERR_MSG(info, "too many addresses or duplicate one");
-		if (entry->lsk)
-			sock_release(entry->lsk);
 		kfree(entry);
 		return ret;
 	}
@@ -1375,8 +1312,6 @@ static int mptcp_nl_remove_subflow_and_signal_addr(st=
ruct net *net,
 /* caller must ensure the RCU grace period is already elapsed */
 static void __mptcp_pm_release_addr_entry(struct mptcp_pm_addr_entry *entr=
y)
 {
-	if (entry->lsk)
-		sock_release(entry->lsk);
 	kfree(entry);
 }
=20
--=20
2.34.1