From nobody Sun May 5 10:20:06 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:a05:6638:bd2:0:0:0:0 with SMTP id g18csp413128jad; Wed, 23 Feb 2022 03:08:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJyq0nCjiZXZDu6PsnA0aqCjWCi4tbHr2oWTZubmSNVw72PARXQdUettAQB0k+ni4lG+fg7b X-Received: by 2002:a05:6402:35d1:b0:412:b3df:a6d3 with SMTP id z17-20020a05640235d100b00412b3dfa6d3mr27302712edc.151.1645614533443; Wed, 23 Feb 2022 03:08:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645614533; cv=none; d=google.com; s=arc-20160816; b=gITLkAM0/YSaaMdTKK5P1wqMPK4fzvKZyYaupHdbVNduz4nbT3KYlDrUJWa6DYfMvf jQf0xFOXlS4isVeTynRtKJY4PYMh779meX0jww9+5I8qY3UeoNRLSkA2+PeAM6ipmmir cOM8ocETd4CZmjEeYVYSuzsD/sDHlkrs+GXtK/mngogxIM1OA/uLGxRuUJ3LVLLYzE1z gwGJMKmkS/aCGPZk0UWclDRtqnYgN3b6CaKCIAClyKgLdS6zsKij1z2hWSnp/LKb31+T bUIiL5vR9qfNuq/cMmKWwB9j3p8dkzQdnJ0ibf7ADSIfd6gKNozmnRpSccRXCNjqx3Y7 ljmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=zUAXTQ80hF7hsUtliWTpTzaZlqZu8LEw1gg87yAaKfE=; b=ua7P3elDqivvbPsvRlZBO8lfTtA73ci1D4s7r7d1zQ+kpe7y3VrSdcZ2hgUYwUHvy9 nqYNXgIR7EkLmUGP2PhhxBspVi6nkBCzrDjeWOaln3Ma3QWWbEUCWo3Fg80+fJulJbK5 av7BWZBvxtI4NRee6uAyrjwexu7ATkglaEm1Y1ad9ZYia0T22YynqbPthvMKYLYWbPme IWmx73hAvNj5dxr6fXXPpXK/I4U4bUWvqsKSdz3h9apc2pHUntOn7hIyrBqwNuD8/XEk 3rIVb8LpRg4vqmtJb7sPK5M3NvcG6xfHlZSf7znxHQyin6jyQKZKdKOY+tEsW0H6Y4Vg Okpw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of mptcp+bounces-3957-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1:3600::1 as permitted sender) smtp.mailfrom="mptcp+bounces-3957-wpasupplicant.patchew=gmail.com@lists.linux.dev" Return-Path: Received: from ewr.edge.kernel.org (ewr.edge.kernel.org. [2604:1380:1:3600::1]) by mx.google.com with ESMTPS id qw32si13754683ejc.717.2022.02.23.03.08.53 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Feb 2022 03:08:53 -0800 (PST) Received-SPF: pass (google.com: domain of mptcp+bounces-3957-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1:3600::1 as permitted sender) client-ip=2604:1380:1:3600::1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mptcp+bounces-3957-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1:3600::1 as permitted sender) smtp.mailfrom="mptcp+bounces-3957-wpasupplicant.patchew=gmail.com@lists.linux.dev" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ewr.edge.kernel.org (Postfix) with ESMTPS id E9BCB1C0A03 for ; Wed, 23 Feb 2022 11:08:52 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 23FC2A56; Wed, 23 Feb 2022 11:08:52 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [193.142.43.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A9EAAA57 for ; Wed, 23 Feb 2022 11:08:50 +0000 (UTC) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1nMpVi-0005hk-Tj; Wed, 23 Feb 2022 12:08:42 +0100 From: Florian Westphal To: Cc: Florian Westphal Subject: [PATCH 1/4] mptcp: prefer ip address in syn skb instead of listen sk bound address Date: Wed, 23 Feb 2022 12:08:29 +0100 Message-Id: <20220223110832.29357-2-fw@strlen.de> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220223110832.29357-1-fw@strlen.de> References: <20220223110832.29357-1-fw@strlen.de> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Once we change mptcp to use tproxy-like scheme to steer mptcp join requests to a special pernet socket, the 'sk bound address' becomes meaningless because it will never be identical to the tcp dport/ip daddr of the on-wire packet. Prepare for this: pass the skbuff and use the packet data instead of the address the listener socket is bound to. Signed-off-by: Florian Westphal --- net/mptcp/pm_netlink.c | 17 +++++++++++++++-- net/mptcp/protocol.h | 2 +- net/mptcp/subflow.c | 5 +++-- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index a0e7d5b7e22f..ed923b573c1c 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -269,13 +269,26 @@ mptcp_lookup_anno_list_by_saddr(const struct mptcp_so= ck *msk, return NULL; } =20 -bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock= *sk) +static void skb_fetch_src_address(const struct sk_buff *skb, + struct mptcp_addr_info *addr) +{ + addr->port =3D tcp_hdr(skb)->dest; + if (addr->family =3D=3D AF_INET) + addr->addr.s_addr =3D ip_hdr(skb)->daddr; +#if IS_ENABLED(CONFIG_MPTCP_IPV6) + else if (addr->family =3D=3D AF_INET6) + addr->addr6 =3D ipv6_hdr(skb)->daddr; +#endif +} + +bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, int af, const str= uct sk_buff *skb) { struct mptcp_pm_add_entry *entry; struct mptcp_addr_info saddr; bool ret =3D false; =20 - local_address((struct sock_common *)sk, &saddr); + saddr.family =3D af; + skb_fetch_src_address(skb, &saddr); =20 spin_lock_bh(&msk->pm.lock); list_for_each_entry(entry, &msk->pm.anno_list, list) { diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index c8bada4537e2..6b2d7f60c8ad 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -761,7 +761,7 @@ void mptcp_pm_rm_addr_received(struct mptcp_sock *msk, void mptcp_pm_mp_prio_received(struct sock *sk, u8 bkup); void mptcp_pm_mp_fail_received(struct sock *sk, u64 fail_seq); void mptcp_pm_free_anno_list(struct mptcp_sock *msk); -bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock= *sk); +bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, int af, const str= uct sk_buff *skb); struct mptcp_pm_add_entry * mptcp_pm_del_add_timer(struct mptcp_sock *msk, const struct mptcp_addr_info *addr, bool check_id); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index c05c19f92532..1fa096086f82 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -216,7 +216,8 @@ static int subflow_check_req(struct request_sock *req, pr_debug("syn inet_sport=3D%d %d", ntohs(inet_sk(sk_listener)->inet_sport), ntohs(inet_sk((struct sock *)subflow_req->msk)->inet_sport)); - if (!mptcp_pm_sport_in_anno_list(subflow_req->msk, sk_listener)) { + if (!mptcp_pm_sport_in_anno_list(subflow_req->msk, + sk_listener->sk_family, skb)) { SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MISMATCHPORTSYNRX); return -EPERM; } @@ -793,7 +794,7 @@ static struct sock *subflow_syn_recv_sock(const struct = sock *sk, pr_debug("ack inet_sport=3D%d %d", ntohs(inet_sk(sk)->inet_sport), ntohs(inet_sk((struct sock *)owner)->inet_sport)); - if (!mptcp_pm_sport_in_anno_list(owner, sk)) { + if (!mptcp_pm_sport_in_anno_list(owner, sk->sk_family, skb)) { SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MISMATCHPORTACKRX); goto dispose_child; } --=20 2.34.1 From nobody Sun May 5 10:20:06 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:a05:6638:bd2:0:0:0:0 with SMTP id g18csp413118jad; Wed, 23 Feb 2022 03:08:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJxApOmWr6G1xmk7X3CI7FCXWeOsXBcH9gIlMdyHFob2VeFLiUwIiVObqNMGVFGcMj+6kw/j X-Received: by 2002:a05:6402:511:b0:40d:e8eb:1dbb with SMTP id m17-20020a056402051100b0040de8eb1dbbmr29808498edv.418.1645614532909; Wed, 23 Feb 2022 03:08:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645614532; cv=none; d=google.com; s=arc-20160816; b=MslDFyiM5EtCnG+zFpHBt3IXDpETx9oYAD1Dcur0Zav5RabJzoZgE1kzSn1vLuvyIZ jdIidVBm7esWl6x4vRSe24X+6n0Cita0JAOFC3f/76AdRWDhkEYyj5zMoF/Gufa4tCpc QsWBbpPcKKWWcjiSOmedhEecPSZxKULdHeD+8mSDT2GNG8I+9zODankru1JPxwWBGyQK iLtiWtfn55tuwupsBY4ltRORWT+TFbtkO2qpo7GV/o+tf5NB2HqrSwlaoilBo64pY9hY YTn9OLLPzPNWHD7nzujcXdffgb7pjWQXTODNqi45hJu9iHXbIFqybbhJlOFaTkcYmpL2 kEFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=oe9U5aLYp8bBrs68q8/y/RSSc8fm1QjR9AQ5Il+9/iw=; b=HzhY1SqU9VTkvk0qIvx0dHlyBdOIu0elNKMQzvVZtI3Jr7YDCyUMZ4Bf6wGlEWSoNk owIASVHQv+1Q++/iqsrm3vs4ZaZ1BWR5CnJ1NYS2b91BWu7Zwl63ZuWsP1nKDOpH0PwF upvE6zSjKX4wM9vCWb8IFoXNDIOcL1Gjoo70Djqlcx9MCGuWvboJurhHG0iOYJFGWKXI cEg7/6HU7pcSuBr4MbwEgAE9XLuqImrkCltuKc8nsGGBM54BHx7vllhpiO/xxLHfx3PQ MuF2RZP7KAmNd/0tJy1yiw/UTgn9sGfPdJqRmeBA0TD9Q53u8Oif5TzMWvzz7gw6vOYm EPtQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of mptcp+bounces-3956-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1:3600::1 as permitted sender) smtp.mailfrom="mptcp+bounces-3956-wpasupplicant.patchew=gmail.com@lists.linux.dev" Return-Path: Received: from ewr.edge.kernel.org (ewr.edge.kernel.org. [2604:1380:1:3600::1]) by mx.google.com with ESMTPS id d15si16222683edm.562.2022.02.23.03.08.52 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Feb 2022 03:08:52 -0800 (PST) Received-SPF: pass (google.com: domain of mptcp+bounces-3956-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1:3600::1 as permitted sender) client-ip=2604:1380:1:3600::1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mptcp+bounces-3956-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1:3600::1 as permitted sender) smtp.mailfrom="mptcp+bounces-3956-wpasupplicant.patchew=gmail.com@lists.linux.dev" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ewr.edge.kernel.org (Postfix) with ESMTPS id E146D1C06FB for ; Wed, 23 Feb 2022 11:08:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A4533642; Wed, 23 Feb 2022 11:08:50 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [193.142.43.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 61B22A57 for ; Wed, 23 Feb 2022 11:08:49 +0000 (UTC) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1nMpVn-0005hz-9S; Wed, 23 Feb 2022 12:08:47 +0100 From: Florian Westphal To: Cc: Florian Westphal Subject: [PATCH 2/4] tcp: add mptcp join demultiplex hooks Date: Wed, 23 Feb 2022 12:08:30 +0100 Message-Id: <20220223110832.29357-3-fw@strlen.de> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220223110832.29357-1-fw@strlen.de> References: <20220223110832.29357-1-fw@strlen.de> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Split from the next patch to make core tcp changes more obvious: add a dummy function that gets called after tcp socket demux came up empty. This will be used by mptcp to check if a tcp syn contains an mptcp join option with a valid token (connection id). If so, a hidden pernet mptcp listener socket is returned and packet resumes normally. Signed-off-by: Florian Westphal --- include/net/mptcp.h | 5 +++++ net/ipv4/tcp_ipv4.c | 7 +++++++ net/ipv6/tcp_ipv6.c | 7 +++++++ 3 files changed, 19 insertions(+) diff --git a/include/net/mptcp.h b/include/net/mptcp.h index 8b1afd6f5cc4..5ee422b56902 100644 --- a/include/net/mptcp.h +++ b/include/net/mptcp.h @@ -197,6 +197,10 @@ static inline __be32 mptcp_reset_option(const struct s= k_buff *skb) =20 return htonl(0u); } +static inline struct sock *mptcp_handle_join(int af, struct sk_buff *skb) +{ + return NULL; +} #else =20 static inline void mptcp_init(void) @@ -274,6 +278,7 @@ static inline int mptcp_subflow_init_cookie_req(struct = request_sock *req, } =20 static inline __be32 mptcp_reset_option(const struct sk_buff *skb) { retu= rn htonl(0u); } +static inline struct sock *mptcp_handle_join(int af, struct sk_buff *skb) = { return NULL; } #endif /* CONFIG_MPTCP */ =20 #if IS_ENABLED(CONFIG_MPTCP_IPV6) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index d42824aedc36..06e5bdf53278 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -2155,6 +2155,10 @@ int tcp_v4_rcv(struct sk_buff *skb) if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) goto discard_it; =20 + sk =3D mptcp_handle_join(AF_INET, skb); + if (sk) + goto process; + tcp_v4_fill_cb(skb, iph, th); =20 if (tcp_checksum_complete(skb)) { @@ -2201,6 +2205,9 @@ int tcp_v4_rcv(struct sk_buff *skb) iph->daddr, th->dest, inet_iif(skb), sdif); + if (!sk2) + sk2 =3D mptcp_handle_join(AF_INET, skb); + if (sk2) { inet_twsk_deschedule_put(inet_twsk(sk)); sk =3D sk2; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 749de8529c83..8ae0db599f56 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1800,6 +1800,10 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buf= f *skb) if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) goto discard_it; =20 + sk =3D mptcp_handle_join(AF_INET6, skb); + if (sk) + goto process; + tcp_v6_fill_cb(skb, hdr, th); =20 if (tcp_checksum_complete(skb)) { @@ -1849,6 +1853,9 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff= *skb) ntohs(th->dest), tcp_v6_iif_l3_slave(skb), sdif); + if (!sk2) + sk2 =3D mptcp_handle_join(AF_INET6, skb); + if (sk2) { struct inet_timewait_sock *tw =3D inet_twsk(sk); inet_twsk_deschedule_put(tw); --=20 2.34.1 From nobody Sun May 5 10:20:06 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:a05:6638:bd2:0:0:0:0 with SMTP id g18csp413186jad; Wed, 23 Feb 2022 03:08:58 -0800 (PST) X-Google-Smtp-Source: ABdhPJyMCK93JDzA87jw1AA8BTgIguS82UEjVJx9CVJe5rKC7Hpg+9jRecMjOx/Cdycb9BOUHCAE X-Received: by 2002:a05:6402:2074:b0:410:81bf:ff3b with SMTP id bd20-20020a056402207400b0041081bfff3bmr30960972edb.326.1645614537908; Wed, 23 Feb 2022 03:08:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645614537; cv=none; d=google.com; s=arc-20160816; b=cAytZ4u5Da0+edh6AzqjsGfFywEvYNP4HhN0qaXM1f3XuuiEeTwF6JkZJKLIFMdkNo 2SO4YOou4OUGOpvy6cMa7wmc58zzDDV0Sv5ZYx1wd9fkW6EX+NAhWsyMp2kbDDEgwT8h IJCWNNYT8TeD01wxJo9oQEDf/VaUmcNqGdH1B+2E+gO44ddsXkne5mBaBm7OnnbQoURe BZl3nyjhwX+djR/EApThAugGtskWUYVd5xf/PaCbxoejaDSBCoo67+CiuVulp+b/fwLw hCLLXTdD6CoyALnjsesfIWWQjPwXplVOk3JZf8citV+UbmPWMW5qJzDdWV6nvnsApjrn e4QQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=pDAzfzweoaNgFt+6tW6iMvpszVfgSRX4Bq94etrUP9E=; b=nEP+dkCw1zfQcs10/Wz3o+v3VsEotDrPiAA3gZOgDt06Rhx5rlMgmGAZqDfIVU6yFc wChmPU/alqiWcVOudlXxjNyaEhxDgJwsofItNi90sfgVu3z7x9ZYtfeHsdPh6L3bZcC1 L84Z5CBN/fW7e1mWgSUiBK558qm7Lf5tMehwMTc7rIRF2YPMPPZMySreZ3izq7B0v9zM zcnKAP4ee5VE1NJSlCRfbogfDboDbYJeqf9fCIUTJPUcMYbqbkSRkGIIWm1K3ryg+0b3 57Ic2QdSiS5yQMY1coTfSj63qgvtM79W6vTuoI+Yov8HtDLT2izCBQN1j+TEhQinHL5S ZQtg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of mptcp+bounces-3958-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1:3600::1 as permitted sender) smtp.mailfrom="mptcp+bounces-3958-wpasupplicant.patchew=gmail.com@lists.linux.dev" Return-Path: Received: from ewr.edge.kernel.org (ewr.edge.kernel.org. [2604:1380:1:3600::1]) by mx.google.com with ESMTPS id nd23si13352494ejc.729.2022.02.23.03.08.57 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Feb 2022 03:08:57 -0800 (PST) Received-SPF: pass (google.com: domain of mptcp+bounces-3958-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1:3600::1 as permitted sender) client-ip=2604:1380:1:3600::1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mptcp+bounces-3958-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:1:3600::1 as permitted sender) smtp.mailfrom="mptcp+bounces-3958-wpasupplicant.patchew=gmail.com@lists.linux.dev" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ewr.edge.kernel.org (Postfix) with ESMTPS id 637221C0A03 for ; Wed, 23 Feb 2022 11:08:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1A0FD642; Wed, 23 Feb 2022 11:08:55 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [193.142.43.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68AE6A57 for ; Wed, 23 Feb 2022 11:08:53 +0000 (UTC) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1nMpVr-0005iG-Kr; Wed, 23 Feb 2022 12:08:51 +0100 From: Florian Westphal To: Cc: Florian Westphal Subject: [PATCH 3/4] mptcp: handle join requests via pernet listen socket Date: Wed, 23 Feb 2022 12:08:31 +0100 Message-Id: <20220223110832.29357-4-fw@strlen.de> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220223110832.29357-1-fw@strlen.de> References: <20220223110832.29357-1-fw@strlen.de> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Currently mptcp adds kernel-based listener socket for all netlink-configured mptcp address endpoints. This has caveats because kernel may interfere with unrelated programs that use same address/port pairs. RFC 8684 says: Demultiplexing subflow SYNs MUST be done using the token; this is unlike traditional TCP, where the destination port is used for demultiplexing SYN packets. Once a subflow is set up, demultiplexing packets is done using the 5-tuple, as in traditional TCP. This patch deviates from this in that it retains the existing checks of verifying the incoming requests destination vs. the list of announced addresses. If the request is to an address that was not assigned, its treated like an invalid token, i.e. we send a tcp reset with mptcp error specific code is returned. The checks that do this are moved from subflow specific code to the new hook, this allows us to perform the check at an earlier stage. Furthermore, TCP-only listeners take precedence: An MPTCP peer MUST NOT announce addr:port pairs that are already in use by a non-mptcp listener. This could be changed, but it requires move of mptcp_handle_join() hook *before* the tcp port demux, i.e. an additional conditional in hotpath. As-is, the additional conditional (syn && !rst && ...) is placed in the 'no socket found' path. The pernet "listening" socket is hidden from userspace, its not part of any hashes and not bound to any address/port. TPROXY-like semantics apply: If tcp demux cannot find a port for a given packet, check if the packet is a syn packet with a valid join token. If so, the pernet listener is returned and tcp processing resumes. Otherwise, handling is identical. Signed-off-by: Florian Westphal Reported-by: kernel test robot --- include/net/mptcp.h | 10 ++ net/ipv6/tcp_ipv6.c | 19 ++-- net/mptcp/ctrl.c | 229 ++++++++++++++++++++++++++++++++++++++++++- net/mptcp/protocol.c | 2 +- net/mptcp/protocol.h | 2 +- net/mptcp/subflow.c | 8 +- 6 files changed, 251 insertions(+), 19 deletions(-) diff --git a/include/net/mptcp.h b/include/net/mptcp.h index 5ee422b56902..49c188b978e1 100644 --- a/include/net/mptcp.h +++ b/include/net/mptcp.h @@ -189,6 +189,7 @@ int mptcp_subflow_init_cookie_req(struct request_sock *= req, struct sk_buff *skb); =20 __be32 mptcp_get_reset_option(const struct sk_buff *skb); +struct sock *__mptcp_handle_join(int af, struct sk_buff *skb); =20 static inline __be32 mptcp_reset_option(const struct sk_buff *skb) { @@ -199,6 +200,11 @@ static inline __be32 mptcp_reset_option(const struct s= k_buff *skb) } static inline struct sock *mptcp_handle_join(int af, struct sk_buff *skb) { + const struct tcphdr *th =3D tcp_hdr(skb); + + if (th->syn && !th->ack && !th->rst && !th->fin) + return __mptcp_handle_join(af, skb); + return NULL; } #else @@ -283,9 +289,13 @@ static inline struct sock *mptcp_handle_join(int af, s= truct sk_buff *skb) { retu =20 #if IS_ENABLED(CONFIG_MPTCP_IPV6) int mptcpv6_init(void); +int mptcpv6_init_net(struct net *net); +void mptcpv6_exit_net(struct net *net); void mptcpv6_handle_mapped(struct sock *sk, bool mapped); #elif IS_ENABLED(CONFIG_IPV6) static inline int mptcpv6_init(void) { return 0; } +static inline int mptcpv6_init_net(struct net *net) { return 0; } +static inline void mptcpv6_exit_net(struct net *net) { } static inline void mptcpv6_handle_mapped(struct sock *sk, bool mapped) { } #endif =20 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 8ae0db599f56..ddc27be0e566 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -2256,13 +2256,22 @@ static struct inet_protosw tcpv6_protosw =3D { =20 static int __net_init tcpv6_net_init(struct net *net) { - return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, - SOCK_RAW, IPPROTO_TCP, net); + int err =3D inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, + SOCK_RAW, IPPROTO_TCP, net); + if (err) + return err; + + err =3D mptcpv6_init_net(net); + if (err) + inet_ctl_sock_destroy(net->ipv6.tcp_sk); + + return err; } =20 static void __net_exit tcpv6_net_exit(struct net *net) { inet_ctl_sock_destroy(net->ipv6.tcp_sk); + mptcpv6_exit_net(net); } =20 static struct pernet_operations tcpv6_net_ops =3D { @@ -2287,15 +2296,9 @@ int __init tcpv6_init(void) if (ret) goto out_tcpv6_protosw; =20 - ret =3D mptcpv6_init(); - if (ret) - goto out_tcpv6_pernet_subsys; - out: return ret; =20 -out_tcpv6_pernet_subsys: - unregister_pernet_subsys(&tcpv6_net_ops); out_tcpv6_protosw: inet6_unregister_protosw(&tcpv6_protosw); out_tcpv6_protocol: diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index ae20b7d92e28..c7370c5147df 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -12,6 +12,7 @@ #include =20 #include "protocol.h" +#include "mib.h" =20 #define MPTCP_SYSCTL_PATH "net/mptcp" =20 @@ -21,6 +22,12 @@ static int mptcp_pernet_id; static int mptcp_pm_type_max =3D __MPTCP_PM_TYPE_MAX; #endif =20 +struct mptcp_join_sk { + struct sock *sk; + struct inet_bind_bucket *tb; + struct inet_bind_hashbucket head; +}; + struct mptcp_pernet { #ifdef CONFIG_SYSCTL struct ctl_table_header *ctl_table_hdr; @@ -32,6 +39,18 @@ struct mptcp_pernet { u8 checksum_enabled; u8 allow_join_initial_addr_port; u8 pm_type; + + /* pernet listener to handle mptcp join requests + * based on the mptcp token. + * + * Has to be pernet because tcp uses + * sock_net(sk_listener) to obtain the net namespace for + * the syn/ack route lookup. + */ + struct mptcp_join_sk join4; +#if IS_ENABLED(CONFIG_MPTCP_IPV6) + struct mptcp_join_sk join6; +#endif }; =20 static struct mptcp_pernet *mptcp_get_pernet(const struct net *net) @@ -185,13 +204,190 @@ static void mptcp_pernet_del_table(struct mptcp_pern= et *pernet) {} =20 #endif /* CONFIG_SYSCTL */ =20 +static void add_mptcp_rst(struct sk_buff *skb) +{ + struct mptcp_ext *ext =3D skb_ext_add(skb, SKB_EXT_MPTCP); + + if (ext) { + memset(ext, 0, sizeof(*ext)); + ext->reset_reason =3D MPTCP_RST_EMPTCP; + } +} + +struct sock *__mptcp_handle_join(int af, struct sk_buff *skb) +{ + struct mptcp_options_received mp_opt; + struct mptcp_pernet *pernet; + struct mptcp_sock *msk; + struct socket *ssock; + struct sock *lsk; + struct net *net; + + /* paranoia check: don't allow 0 destination port, + * else __inet_inherit_port will insert the child socket + * into the phony hash slot of the pernet listener. + */ + if (tcp_hdr(skb)->dest =3D=3D 0) + return NULL; + + mptcp_get_options(skb, &mp_opt); + + if (!(mp_opt.suboptions & OPTIONS_MPTCP_MPJ)) + return NULL; + + net =3D dev_net(skb_dst(skb)->dev); + if (!mptcp_is_enabled(net)) + return NULL; + + /* RFC8684: If the token is unknown [..], the receiver will send + * back a reset (RST) signal, analogous to an unknown port in TCP, + * containing an MP_TCPRST option (Section 3.6) [..] + */ + msk =3D mptcp_token_get_sock(net, mp_opt.token); + if (!msk) { + add_mptcp_rst(skb); + return NULL; + } + + if (!mptcp_pm_sport_in_anno_list(msk, af, skb)) { + sock_put((struct sock *)msk); + MPTCP_INC_STATS(net, MPTCP_MIB_MISMATCHPORTSYNRX); + add_mptcp_rst(skb); + return NULL; + } + + sock_put((struct sock *)msk); + pernet =3D mptcp_get_pernet(net); + + switch (af) { + case AF_INET: + lsk =3D pernet->join4.sk; + break; +#if IS_ENABLED(CONFIG_MPTCP_IPV6) + case AF_INET6: + lsk =3D pernet->join6.sk; + break; +#endif + default: + WARN_ON_ONCE(1); + return NULL; + } + + ssock =3D __mptcp_nmpc_socket(mptcp_sk(lsk)); + if (WARN_ON(!ssock)) + return NULL; + + return ssock->sk; +} + +static struct socket *mptcp_create_join_listen_socket(struct net *net, int= af) +{ + struct socket *s, *ssock; + int err; + + err =3D sock_create_kern(net, af, SOCK_STREAM, IPPROTO_MPTCP, &s); + if (err) + return ERR_PTR(err); + + ssock =3D __mptcp_nmpc_socket(mptcp_sk(s->sk)); + if (!ssock) { + err =3D -EINVAL; + goto out; + } + + ssock->sk->sk_max_ack_backlog =3D SOMAXCONN; + inet_sk_state_store(ssock->sk, TCP_LISTEN); + + s->sk->sk_max_ack_backlog =3D SOMAXCONN; + inet_sk_state_store(s->sk, TCP_LISTEN); + + s->sk->sk_net_refcnt =3D 1; + get_net_track(net, &s->sk->ns_tracker, GFP_KERNEL); + sock_inuse_add(net, 1); + + return s; +out: + sock_release(s); + return ERR_PTR(err); +} + +static int mptcp_init_join_sk(struct net *net, struct sock *sk, struct mpt= cp_join_sk *join_sk) +{ + struct socket *ssock =3D __mptcp_nmpc_socket(mptcp_sk(sk)); + struct inet_hashinfo *table =3D ssock->sk->sk_prot->h.hashinfo; + struct inet_bind_bucket *tb; + + spin_lock_init(&join_sk->head.lock); + INIT_HLIST_HEAD(&join_sk->head.chain); + + /* Our "listen socket" isn't bound to any address or port. + * Conceptually, SYN packet with mptcp join request are steered to + * this pernet socket just like TPROXY steals arbitrary connection + * requests to assign them to listening socket with different + * address or port. + * + * The bind_bucket is needed for sake of __inet_inherit_port(), + * so it can place the new child socket in the correct + * bind_bucket slot. + * + * A phony head is used to hide this socket from normal sk loookup. + */ + tb =3D inet_bind_bucket_create(table->bind_bucket_cachep, + net, &join_sk->head, 0, 0); + if (!tb) + return -ENOMEM; + + inet_csk(ssock->sk)->icsk_bind_hash =3D tb; + return 0; +} + static int __net_init mptcp_net_init(struct net *net) { struct mptcp_pernet *pernet =3D mptcp_get_pernet(net); + struct socket *sock; + int err; =20 mptcp_pernet_set_defaults(pernet); =20 - return mptcp_pernet_new_table(net, pernet); + err =3D mptcp_pernet_new_table(net, pernet); + if (err) + return err; + + sock =3D mptcp_create_join_listen_socket(net, AF_INET); + if (IS_ERR(sock)) { + err =3D PTR_ERR(sock); + goto out_table; + } + + err =3D mptcp_init_join_sk(net, sock->sk, &pernet->join4); + if (err) { + sock_release(sock); + goto out_table; + } + + /* struct sock is still reachable via sock->sk_socket backpointer */ + pernet->join4.sk =3D sock->sk; + return err; + +out_table: + if (!net_eq(net, &init_net)) + mptcp_pernet_del_table(pernet); + return err; +} + +static void __net_exit mptcp_exit_join_sk(struct mptcp_join_sk *jsk) +{ + struct socket *ssock =3D __mptcp_nmpc_socket(mptcp_sk(jsk->sk)); + struct inet_bind_bucket *tb; + struct inet_hashinfo *table; + + table =3D ssock->sk->sk_prot->h.hashinfo; + + tb =3D inet_csk(ssock->sk)->icsk_bind_hash; + inet_bind_bucket_destroy(table->bind_bucket_cachep, tb); + + ssock =3D jsk->sk->sk_socket; + sock_release(ssock); } =20 /* Note: the callback will only be called per extra netns */ @@ -200,6 +396,7 @@ static void __net_exit mptcp_net_exit(struct net *net) struct mptcp_pernet *pernet =3D mptcp_get_pernet(net); =20 mptcp_pernet_del_table(pernet); + mptcp_exit_join_sk(&pernet->join4); } =20 static struct pernet_operations mptcp_pernet_ops =3D { @@ -219,12 +416,36 @@ void __init mptcp_init(void) } =20 #if IS_ENABLED(CONFIG_MPTCP_IPV6) -int __init mptcpv6_init(void) +int __net_init mptcpv6_init_net(struct net *net) { + struct mptcp_pernet *pernet =3D mptcp_get_pernet(net); + struct socket *sock; int err; =20 - err =3D mptcp_proto_v6_init(); + if (net_eq(net, &init_net)) { + err =3D mptcp_proto_v6_init(); + if (err) + return err; + } + + sock =3D mptcp_create_join_listen_socket(net, AF_INET6); + if (IS_ERR(sock)) + return PTR_ERR(sock); =20 - return err; + err =3D mptcp_init_join_sk(net, sock->sk, &pernet->join6); + if (err) { + sock_release(sock); + return err; + } + + pernet->join6.sk =3D sock->sk; + return 0; +} + +void __net_exit mptcpv6_exit_net(struct net *net) +{ + struct mptcp_pernet *pernet =3D mptcp_get_pernet(net); + + mptcp_exit_join_sk(&pernet->join6); } #endif diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 3cb975227d12..bc7108ed453c 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3794,7 +3794,7 @@ static struct inet_protosw mptcp_v6_protosw =3D { .flags =3D INET_PROTOSW_ICSK, }; =20 -int __init mptcp_proto_v6_init(void) +int __net_init mptcp_proto_v6_init(void) { int err; =20 diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 6b2d7f60c8ad..7ec2513e1c2f 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -648,7 +648,7 @@ static inline bool mptcp_has_another_subflow(struct soc= k *ssk) =20 void __init mptcp_proto_init(void); #if IS_ENABLED(CONFIG_MPTCP_IPV6) -int __init mptcp_proto_v6_init(void); +int __net_init mptcp_proto_v6_init(void); #endif =20 struct sock *mptcp_sk_clone(const struct sock *sk, diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1fa096086f82..99c28aea011d 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -116,6 +116,9 @@ static void subflow_init_req(struct request_sock *req, = const struct sock *sk_lis =20 static bool subflow_use_different_sport(struct mptcp_sock *msk, const stru= ct sock *sk) { + if (inet_sk(sk)->inet_sport =3D=3D 0) + return true; + return inet_sk(sk)->inet_sport !=3D inet_sk((struct sock *)msk)->inet_spo= rt; } =20 @@ -216,11 +219,6 @@ static int subflow_check_req(struct request_sock *req, pr_debug("syn inet_sport=3D%d %d", ntohs(inet_sk(sk_listener)->inet_sport), ntohs(inet_sk((struct sock *)subflow_req->msk)->inet_sport)); - if (!mptcp_pm_sport_in_anno_list(subflow_req->msk, - sk_listener->sk_family, skb)) { - SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MISMATCHPORTSYNRX); - return -EPERM; - } SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINPORTSYNRX); } =20 --=20 2.34.1 From nobody Sun May 5 10:20:06 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:a05:6638:bd2:0:0:0:0 with SMTP id g18csp413231jad; Wed, 23 Feb 2022 03:09:00 -0800 (PST) X-Google-Smtp-Source: ABdhPJxL6oyXCzwjU/hdxZIUBv2RZborQ35Xt3pl3BdHx+IDcGmWiLxPlEBXFaJmcd6/oV8pg7rA X-Received: by 2002:a63:141d:0:b0:342:585e:a519 with SMTP id u29-20020a63141d000000b00342585ea519mr23418920pgl.257.1645614540388; Wed, 23 Feb 2022 03:09:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645614540; cv=none; d=google.com; s=arc-20160816; b=aeDXZScT/gg76XbapPzd8ghAQ3fYZdCmgmY30LWEWdo47+HzDrhhDoaiXwIko+qPyO NkCyesn5AEBqkgYRiOgwVIMLGnw8ztWGLMJnVqGKM1oo0E65UraMz7P6nRciiOX00NvQ LM6jHo6CSvOJfuerjT2MLc1sX3Z4NoEA75WzbiDqVbVj/zJG4seEmbo8jaFcCA0Dl9l/ K9XK05ube3bdQMG5MZy2JXsw9Qpn7KxfLk4Unsh3/TGzAH+HPCTXGwKvlCfQNDm0iTgi 4sgxcTats1eDOpm5xCsIqWtI97UDQPOw3wN7B6ZzDVU6qWT3EJW/7D1oQp/g25S/X3Fr zTEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=8YSChZQikFNa8K/GU2deBBoTBvIMvmCIDhCGH8F/cKA=; b=C/h9GRVvbC4OchUkceac7lTTn3Cbn53lHV2zS+E15WEbEKeuJ7oTCMCop+TkuutUi4 Im7W/F32Zhn9zxD0CWBDKB/oUWsUYI+om5v6Y9mnmnTg9tXqCiyuMdH5MUU6g0Au5LCd /nmG+iukq3e03n4aPueG6JkLEBXg9ZeR1Y3/LbL03vDlbkD8zk8z4r8iB1o0mjigPLK3 Oi8ZjeXM9K9/XI17t/Yfk+e7T0c/hLmZF/ZT5d0+FoStPpvKv9EDU+269lRV/5zQm7JX sy7SlO/MGDhU3vnjKhkBz2ykL/z+kOetyjtBAH94yPL8Dr3eAkFaqqcqwO5GZIM/o3bf ujCQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of mptcp+bounces-3959-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.69.165 as permitted sender) smtp.mailfrom="mptcp+bounces-3959-wpasupplicant.patchew=gmail.com@lists.linux.dev" Return-Path: Received: from sjc.edge.kernel.org (sjc.edge.kernel.org. [147.75.69.165]) by mx.google.com with ESMTPS id b24si21983355plz.367.2022.02.23.03.09.00 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Feb 2022 03:09:00 -0800 (PST) Received-SPF: pass (google.com: domain of mptcp+bounces-3959-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.69.165 as permitted sender) client-ip=147.75.69.165; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mptcp+bounces-3959-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.69.165 as permitted sender) smtp.mailfrom="mptcp+bounces-3959-wpasupplicant.patchew=gmail.com@lists.linux.dev" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sjc.edge.kernel.org (Postfix) with ESMTPS id 1314E3E0EC0 for ; Wed, 23 Feb 2022 11:09:00 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 23BADA56; Wed, 23 Feb 2022 11:08:59 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [193.142.43.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A1533642 for ; Wed, 23 Feb 2022 11:08:57 +0000 (UTC) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1nMpVv-0005iq-WB; Wed, 23 Feb 2022 12:08:56 +0100 From: Florian Westphal To: Cc: Florian Westphal Subject: [PATCH 4/4] mptcp: remove per-address listening sockets Date: Wed, 23 Feb 2022 12:08:32 +0100 Message-Id: <20220223110832.29357-5-fw@strlen.de> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220223110832.29357-1-fw@strlen.de> References: <20220223110832.29357-1-fw@strlen.de> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Not required anymore, syn packets with a join requests are redirected to pernet mptcp pseudo-listening socket. Signed-off-by: Florian Westphal --- net/mptcp/pm_netlink.c | 65 ------------------------------------------ 1 file changed, 65 deletions(-) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index ed923b573c1c..baf6fabcfe1d 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -27,7 +27,6 @@ struct mptcp_pm_addr_entry { struct mptcp_addr_info addr; u8 flags; int ifindex; - struct socket *lsk; }; =20 struct mptcp_pm_add_entry { @@ -883,8 +882,6 @@ static bool address_use_port(struct mptcp_pm_addr_entry= *entry) /* caller must ensure the RCU grace period is already elapsed */ static void __mptcp_pm_release_addr_entry(struct mptcp_pm_addr_entry *entr= y) { - if (entry->lsk) - sock_release(entry->lsk); kfree(entry); } =20 @@ -972,57 +969,6 @@ static int mptcp_pm_nl_append_new_local_addr(struct pm= _nl_pernet *pernet, return ret; } =20 -static int mptcp_pm_nl_create_listen_socket(struct sock *sk, - struct mptcp_pm_addr_entry *entry) -{ - int addrlen =3D sizeof(struct sockaddr_in); - struct sockaddr_storage addr; - struct mptcp_sock *msk; - struct socket *ssock; - int backlog =3D 1024; - int err; - - err =3D sock_create_kern(sock_net(sk), entry->addr.family, - SOCK_STREAM, IPPROTO_MPTCP, &entry->lsk); - if (err) - return err; - - msk =3D mptcp_sk(entry->lsk->sk); - if (!msk) { - err =3D -EINVAL; - goto out; - } - - ssock =3D __mptcp_nmpc_socket(msk); - if (!ssock) { - err =3D -EINVAL; - goto out; - } - - mptcp_info2sockaddr(&entry->addr, &addr, entry->addr.family); -#if IS_ENABLED(CONFIG_MPTCP_IPV6) - if (entry->addr.family =3D=3D AF_INET6) - addrlen =3D sizeof(struct sockaddr_in6); -#endif - err =3D kernel_bind(ssock, (struct sockaddr *)&addr, addrlen); - if (err) { - pr_warn("kernel_bind error, err=3D%d", err); - goto out; - } - - err =3D kernel_listen(ssock, backlog); - if (err) { - pr_warn("kernel_listen error, err=3D%d", err); - goto out; - } - - return 0; - -out: - sock_release(entry->lsk); - return err; -} - int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct sock_common *s= kc) { struct mptcp_pm_addr_entry *entry; @@ -1065,7 +1011,6 @@ int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, = struct sock_common *skc) entry->addr.port =3D 0; entry->ifindex =3D 0; entry->flags =3D MPTCP_PM_ADDR_FLAG_IMPLICIT; - entry->lsk =3D NULL; ret =3D mptcp_pm_nl_append_new_local_addr(pernet, entry); if (ret < 0) kfree(entry); @@ -1278,19 +1223,9 @@ static int mptcp_nl_cmd_add_addr(struct sk_buff *skb= , struct genl_info *info) } =20 *entry =3D addr; - if (entry->addr.port) { - ret =3D mptcp_pm_nl_create_listen_socket(skb->sk, entry); - if (ret) { - GENL_SET_ERR_MSG(info, "create listen socket error"); - kfree(entry); - return ret; - } - } ret =3D mptcp_pm_nl_append_new_local_addr(pernet, entry); if (ret < 0) { GENL_SET_ERR_MSG(info, "too many addresses or duplicate one"); - if (entry->lsk) - sock_release(entry->lsk); kfree(entry); return ret; } --=20 2.34.1