On Mon, Jul 31, 2017 at 11:10:38AM -0700, Cong Wang wrote:
> On Mon, Jul 31, 2017 at 10:08 AM, Shaohua Li wrote:
> > +/* Like ip6_make_flowlabel, but already has hash */
> > +static inline __be32 ip6_make_flowlabel_from_hash(struct net *net,
> > + bool autolabel, u32 hash)
> > +{
> > + __be32 flowlabel;
> > +
> > + if (net->ipv6.sysctl.auto_flowlabels == IP6_AUTO_FLOW_LABEL_OFF ||
> > + (!autolabel &&
> > +net->ipv6.sysctl.auto_flowlabels !=
> > IP6_AUTO_FLOW_LABEL_FORCED))
> > + return 0;
> > +
> > + flowlabel = (__force __be32)hash & IPV6_FLOWLABEL_MASK;
> > +
> > + if (net->ipv6.sysctl.flowlabel_state_ranges)
> > + flowlabel |= IPV6_FLOWLABEL_STATELESS_FLAG;
> > +
> > + return flowlabel;
> > +}
>
> I still don't see why you have to duplicate the code,
> for me you can just refactor ip6_make_flowlabel()
> and pass the hash as a parameter and pass
> 'flowlabel' as 0, and no run-time overhead.
Still need extra check. Ok, I updated the patch.
Thanks,
Shaohua
>From 373e23f5295ee4cb725109a9e58152451a9fb4cc Mon Sep 17 00:00:00 2001
Message-Id:
<373e23f5295ee4cb725109a9e58152451a9fb4cc.1501529088.git.s...@fb.com>
From: Shaohua Li
Date: Tue, 11 Jul 2017 21:09:48 -0700
Subject: [PATCH] net: fix tcp reset packet flowlabel for ipv6
Please see below tcpdump output:
21:00:48.109122 IP6 (flowlabel 0x43304, hlim 64, next-header TCP (6) payload
length: 40) fec0::5054:ff:fe12:3456.55804 > fec0::5054:ff:fe12:3456.: Flags
[S], cksum 0x0529 (incorrect -> 0xf56c), seq 3282214508, win 43690, options
[mss 65476,sackOK,TS val 2500903437 ecr 0,nop,wscale 7], length 0
21:00:48.109381 IP6 (flowlabel 0xd827f, hlim 64, next-header TCP (6) payload
length: 40) fec0::5054:ff:fe12:3456. > fec0::5054:ff:fe12:3456.55804: Flags
[S.], cksum 0x0529 (incorrect -> 0x49ad), seq 1923801573, ack 3282214509, win
43690, options [mss 65476,sackOK,TS val 2500903437 ecr 2500903437,nop,wscale
7], length 0
21:00:48.109548 IP6 (flowlabel 0x43304, hlim 64, next-header TCP (6) payload
length: 32) fec0::5054:ff:fe12:3456.55804 > fec0::5054:ff:fe12:3456.: Flags
[.], cksum 0x0521 (incorrect -> 0x1bdf), seq 1, ack 1, win 342, options
[nop,nop,TS val 2500903437 ecr 2500903437], length 0
21:00:48.109823 IP6 (flowlabel 0x43304, hlim 64, next-header TCP (6) payload
length: 62) fec0::5054:ff:fe12:3456.55804 > fec0::5054:ff:fe12:3456.: Flags
[P.], cksum 0x053f (incorrect -> 0xb8b1), seq 1:31, ack 1, win 342, options
[nop,nop,TS val 2500903437 ecr 2500903437], length 30
21:00:48.109910 IP6 (flowlabel 0xd827f, hlim 64, next-header TCP (6) payload
length: 32) fec0::5054:ff:fe12:3456. > fec0::5054:ff:fe12:3456.55804: Flags
[.], cksum 0x0521 (incorrect -> 0x1bc1), seq 1, ack 31, win 342, options
[nop,nop,TS val 2500903437 ecr 2500903437], length 0
21:00:48.110043 IP6 (flowlabel 0xd827f, hlim 64, next-header TCP (6) payload
length: 56) fec0::5054:ff:fe12:3456. > fec0::5054:ff:fe12:3456.55804: Flags
[P.], cksum 0x0539 (incorrect -> 0xb726), seq 1:25, ack 31, win 342, options
[nop,nop,TS val 2500903438 ecr 2500903437], length 24
21:00:48.110173 IP6 (flowlabel 0x43304, hlim 64, next-header TCP (6) payload
length: 32) fec0::5054:ff:fe12:3456.55804 > fec0::5054:ff:fe12:3456.: Flags
[.], cksum 0x0521 (incorrect -> 0x1ba7), seq 31, ack 25, win 342, options
[nop,nop,TS val 2500903438 ecr 2500903438], length 0
21:00:48.110211 IP6 (flowlabel 0xd827f, hlim 64, next-header TCP (6) payload
length: 32) fec0::5054:ff:fe12:3456. > fec0::5054:ff:fe12:3456.55804: Flags
[F.], cksum 0x0521 (incorrect -> 0x1ba7), seq 25, ack 31, win 342, options
[nop,nop,TS val 2500903438 ecr 2500903437], length 0
21:00:48.151099 IP6 (flowlabel 0x43304, hlim 64, next-header TCP (6) payload
length: 32) fec0::5054:ff:fe12:3456.55804 > fec0::5054:ff:fe12:3456.: Flags
[.], cksum 0x0521 (incorrect -> 0x1ba6), seq 31, ack 26, win 342, options
[nop,nop,TS val 2500903438 ecr 2500903438], length 0
21:00:49.110524 IP6 (flowlabel 0x43304, hlim 64, next-header TCP (6) payload
length: 56) fec0::5054:ff:fe12:3456.55804 > fec0::5054:ff:fe12:3456.: Flags
[P.], cksum 0x0539 (incorrect -> 0xb324), seq 31:55, ack 26, win 342, options
[nop,nop,TS val 2500904438 ecr 2500903438], length 24
21:00:49.110637 IP6 (flowlabel 0xb34d5, hlim 64, next-header TCP (6) payload
length: 20) fec0::5054:ff:fe12:3456. > fec0::5054:ff:fe12:3456.55804: Flags
[R], cksum 0x0515 (incorrect -> 0x668c), seq 1923801599, win 0, length 0
The tcp reset packet has a different flowlabel, which causes our router
doesn't correctly close tcp connection. The reason is the normal packet
gets the skb->hash from sk->sk_txhash, which is generated randomly.
ip6_make_flowlabel then uses the hash to create a flowlabel. The reset
packet doesn't get assigned a hash, so the flowlabel is calculated with
flowi6.
Since user can't change timewait sock flowlabel, we