[v2,net-next,0/5] tcp: add skb->sk to more control packets

Message ID	20241006203224.1404384-1-edumazet@google.com (mailing list archive)
Headers	show Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2509C1537CE for <netdev@vger.kernel.org>; Sun, 6 Oct 2024 20:32:28 +0000 (UTC) Date: Sun, 6 Oct 2024 20:32:19 +0000 Precedence: bulk Mime-Version: 1.0 Message-ID: <20241006203224.1404384-1-edumazet@google.com> Subject: [PATCH v2 net-next 0/5] tcp: add skb->sk to more control packets From: Eric Dumazet <edumazet@google.com> To: "David S . Miller" <davem@davemloft.net>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Martin KaFai Lau <martin.lau@linux.dev> Cc: netdev@vger.kernel.org, eric.dumazet@gmail.com, Eric Dumazet <edumazet@google.com> Content-Type: text/plain; charset="UTF-8"
Series	tcp: add skb->sk to more control packets \| expand [v2,net-next,0/5] tcp: add skb->sk to more control packets [v2,net-next,1/5] net: add TIME_WAIT logic to sk_to_full_sk() [v2,net-next,2/5] net_sched: sch_fq: prepare for TIME_WAIT sockets [v2,net-next,3/5] net: add skb_set_owner_edemux() helper [v2,net-next,4/5] ipv6: tcp: give socket pointer to control skbs [v2,net-next,5/5] ipv4: tcp: give socket pointer to control skbs

Message ID

20241006203224.1404384-1-edumazet@google.com (mailing list archive)

Headers

Date: Sun,  6 Oct 2024 20:32:19 +0000
Precedence: bulk
Mime-Version: 1.0
Message-ID: <20241006203224.1404384-1-edumazet@google.com>
Subject: [PATCH v2 net-next 0/5] tcp: add skb->sk to more control packets
From: Eric Dumazet <edumazet@google.com>
To: "David S . Miller" <davem@davemloft.net>,
 Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>, Martin KaFai Lau <martin.lau@linux.dev>
Cc: netdev@vger.kernel.org, eric.dumazet@gmail.com,
	Eric Dumazet <edumazet@google.com>
Content-Type: text/plain; charset="UTF-8"

Series

tcp: add skb->sk to more control packets | expand

Message

Eric Dumazet Oct. 6, 2024, 8:32 p.m. UTC

Currently, TCP can set skb->sk for a variety of transmit packets.

However, packets sent on behalf of a TIME_WAIT sockets do not
have an attached socket.

Same issue for RST packets.

We want to change this, in order to increase eBPF program
capabilities.

This is slightly risky, because various layers could
be confused by TIME_WAIT sockets showing up in skb->sk.

v2: audited all sk_to_full_sk() users and addressed Martin feedback.

Eric Dumazet (5):
  net: add TIME_WAIT logic to sk_to_full_sk()
  net_sched: sch_fq: prepare for TIME_WAIT sockets
  net: add skb_set_owner_edemux() helper
  ipv6: tcp: give socket pointer to control skbs
  ipv4: tcp: give socket pointer to control skbs

 include/linux/bpf-cgroup.h |  2 +-
 include/net/inet_sock.h    |  4 +++-
 include/net/ip.h           |  3 ++-
 include/net/sock.h         | 19 +++++++++++++++++++
 net/core/filter.c          |  6 +-----
 net/core/sock.c            |  9 +++------
 net/ipv4/ip_output.c       |  5 ++++-
 net/ipv4/tcp_ipv4.c        |  4 ++--
 net/ipv4/tcp_output.c      |  2 +-
 net/ipv6/tcp_ipv6.c        |  3 +++
 net/sched/sch_fq.c         |  3 ++-
 11 files changed, 41 insertions(+), 19 deletions(-)

Comments

Jakub Kicinski Oct. 7, 2024, 11:28 p.m. UTC | #1

On Sun,  6 Oct 2024 20:32:19 +0000 Eric Dumazet wrote:
> Currently, TCP can set skb->sk for a variety of transmit packets.
> 
> However, packets sent on behalf of a TIME_WAIT sockets do not
> have an attached socket.
> 
> Same issue for RST packets.
> 
> We want to change this, in order to increase eBPF program
> capabilities.
> 
> This is slightly risky, because various layers could
> be confused by TIME_WAIT sockets showing up in skb->sk.
> 
> v2: audited all sk_to_full_sk() users and addressed Martin feedback.

I think this patch set is causing crashes like:

https://netdev-3.bots.linux.dev/vmksft-nf-dbg/results/804862/2-conntrack-vrf-sh/stderr

I haven't had the time to investigate in depth and before the next run
someone else posted a broken change, sigh.