• Hannes Frederic Sowa's avatar
    tcp: don't allow syn packets without timestamps to pass tcp_tw_recycle logic · a26552af
    Hannes Frederic Sowa authored
    tcp_tw_recycle heavily relies on tcp timestamps to build a per-host
    ordering of incoming connections and teardowns without the need to
    hold state on a specific quadruple for TCP_TIMEWAIT_LEN, but only for
    the last measured RTO. To do so, we keep the last seen timestamp in a
    per-host indexed data structure and verify if the incoming timestamp
    in a connection request is strictly greater than the saved one during
    last connection teardown. Thus we can verify later on that no old data
    packets will be accepted by the new connection.
    
    During moving a socket to time-wait state we already verify if timestamps
    where seen on a connection. Only if that was the case we let the
    time-wait socket expire after the RTO, otherwise normal TCP_TIMEWAIT_LEN
    will be used. But we don't verify this on incoming SYN packets. If a
    connection teardown was less than TCP_PAWS_MSL seconds in the past we
    cannot guarantee to not accept data packets from an old connection if
    no timestamps are present. We should drop this SYN packet. This patch
    closes this loophole.
    
    Please note, this patch does not make tcp_tw_recycle in any way more
    usable but only adds another safety check:
    Sporadic drops of SYN packets because of reordering in the network or
    in the socket backlog queues can happen. Users behing NAT trying to
    connect to a tcp_tw_recycle enabled server can get caught in blackholes
    and their connection requests may regullary get dropped because hosts
    behind an address translator don't have synchronized tcp timestamp clocks.
    tcp_tw_recycle cannot work if peers don't have tcp timestamps enabled.
    
    In general, use of tcp_tw_recycle is disadvised.
    
    Cc: Eric Dumazet <eric.dumazet@gmail.com>
    Cc: Florian Westphal <fw@strlen.de>
    Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    a26552af
tcp_input.c 170 KB