Commit 795709af authored by David S. Miller's avatar David S. Miller

Merge branch 'tcp_metrics_saddr'

Christoph Paasch says:

====================
Make tcp-metrics source-address aware

Currently tcp-metrics only stores per-destination addresses. This brings
problems, when a host has multiple interfaces (e.g., a smartphone having
WiFi/3G):

For example, a host contacting a server over WiFi will store the tcp-metrics
per destination IP. If then the host contacts the same server over 3G, the
same tcp-metrics will be used, although the path-characteristics are completly
different (e.g., the ssthresh is probably not the same).

In case of TFO this is not a problem, as the server will provide us a new cookie
once he saw our SYN+DATA with an incorrect cookie.
It may be (in case of carrier-grade NAT), that we keep the same public IP but
have a different private IP. Thus, we better reuse the old cookie even if our
source-IP has changed. However, this scenario is probably very uncommon, as
carriers try to provide the same src-IP to the clients behind their CGN.

Patches 1 + 2 add the source-IP to the tcp metrics.

Patches 3 to 5 modify the netlink-api to support the source-IP. From now on,
when using the command "ip tcp_metrics delete address ADDRESS" all entries
which match this destination IP will be deleted.

Today's iproute2 will complain when doing "ip tcp_metrics flush PREFIX" if
several entries are present for the same destination-IP but with different
source-IPs:

root@client:~/test# ip tcp_metrics
10.2.1.2 age 3.640sec rtt 16250us rttvar 15000us cwnd 10
10.2.1.2 age 4.030sec rtt 18750us rttvar 15000us cwnd 10
root@client:~/test# ip tcp_metrics flush 10.2.1.2/16
Failed to send flush request
: No such process

Follow-up patches will modify iproute2 to handle this correctly and allow
specifying the source-IP in the get/del commands.

v2: Added the patch that allows to selectively get/del of tcp-metrics based
    on src-IP and moved the patch that adds the new netlink attribute before
    the other patches.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 1a6c1e5b 3e7013dd
......@@ -35,6 +35,8 @@ enum {
TCP_METRICS_ATTR_FOPEN_SYN_DROPS, /* u16, count of drops */
TCP_METRICS_ATTR_FOPEN_SYN_DROP_TS, /* msecs age */
TCP_METRICS_ATTR_FOPEN_COOKIE, /* binary */
TCP_METRICS_ATTR_SADDR_IPV4, /* u32 */
TCP_METRICS_ATTR_SADDR_IPV6, /* binary */
__TCP_METRICS_ATTR_MAX,
};
......
......@@ -31,7 +31,8 @@ struct tcp_fastopen_metrics {
struct tcp_metrics_block {
struct tcp_metrics_block __rcu *tcpm_next;
struct inetpeer_addr tcpm_addr;
struct inetpeer_addr tcpm_saddr;
struct inetpeer_addr tcpm_daddr;
unsigned long tcpm_stamp;
u32 tcpm_ts;
u32 tcpm_ts_stamp;
......@@ -131,7 +132,8 @@ static void tcpm_suck_dst(struct tcp_metrics_block *tm, struct dst_entry *dst,
}
static struct tcp_metrics_block *tcpm_new(struct dst_entry *dst,
struct inetpeer_addr *addr,
struct inetpeer_addr *saddr,
struct inetpeer_addr *daddr,
unsigned int hash,
bool reclaim)
{
......@@ -155,7 +157,8 @@ static struct tcp_metrics_block *tcpm_new(struct dst_entry *dst,
if (!tm)
goto out_unlock;
}
tm->tcpm_addr = *addr;
tm->tcpm_saddr = *saddr;
tm->tcpm_daddr = *daddr;
tcpm_suck_dst(tm, dst, true);
......@@ -189,7 +192,8 @@ static struct tcp_metrics_block *tcp_get_encode(struct tcp_metrics_block *tm, in
return NULL;
}
static struct tcp_metrics_block *__tcp_get_metrics(const struct inetpeer_addr *addr,
static struct tcp_metrics_block *__tcp_get_metrics(const struct inetpeer_addr *saddr,
const struct inetpeer_addr *daddr,
struct net *net, unsigned int hash)
{
struct tcp_metrics_block *tm;
......@@ -197,7 +201,8 @@ static struct tcp_metrics_block *__tcp_get_metrics(const struct inetpeer_addr *a
for (tm = rcu_dereference(net->ipv4.tcp_metrics_hash[hash].chain); tm;
tm = rcu_dereference(tm->tcpm_next)) {
if (addr_same(&tm->tcpm_addr, addr))
if (addr_same(&tm->tcpm_saddr, saddr) &&
addr_same(&tm->tcpm_daddr, daddr))
break;
depth++;
}
......@@ -208,19 +213,22 @@ static struct tcp_metrics_block *__tcp_get_metrics_req(struct request_sock *req,
struct dst_entry *dst)
{
struct tcp_metrics_block *tm;
struct inetpeer_addr addr;
struct inetpeer_addr saddr, daddr;
unsigned int hash;
struct net *net;
addr.family = req->rsk_ops->family;
switch (addr.family) {
saddr.family = req->rsk_ops->family;
daddr.family = req->rsk_ops->family;
switch (daddr.family) {
case AF_INET:
addr.addr.a4 = inet_rsk(req)->ir_rmt_addr;
hash = (__force unsigned int) addr.addr.a4;
saddr.addr.a4 = inet_rsk(req)->ir_loc_addr;
daddr.addr.a4 = inet_rsk(req)->ir_rmt_addr;
hash = (__force unsigned int) daddr.addr.a4;
break;
#if IS_ENABLED(CONFIG_IPV6)
case AF_INET6:
*(struct in6_addr *)addr.addr.a6 = inet_rsk(req)->ir_v6_rmt_addr;
*(struct in6_addr *)saddr.addr.a6 = inet_rsk(req)->ir_v6_loc_addr;
*(struct in6_addr *)daddr.addr.a6 = inet_rsk(req)->ir_v6_rmt_addr;
hash = ipv6_addr_hash(&inet_rsk(req)->ir_v6_rmt_addr);
break;
#endif
......@@ -233,7 +241,8 @@ static struct tcp_metrics_block *__tcp_get_metrics_req(struct request_sock *req,
for (tm = rcu_dereference(net->ipv4.tcp_metrics_hash[hash].chain); tm;
tm = rcu_dereference(tm->tcpm_next)) {
if (addr_same(&tm->tcpm_addr, &addr))
if (addr_same(&tm->tcpm_saddr, &saddr) &&
addr_same(&tm->tcpm_daddr, &daddr))
break;
}
tcpm_check_stamp(tm, dst);
......@@ -243,19 +252,22 @@ static struct tcp_metrics_block *__tcp_get_metrics_req(struct request_sock *req,
static struct tcp_metrics_block *__tcp_get_metrics_tw(struct inet_timewait_sock *tw)
{
struct tcp_metrics_block *tm;
struct inetpeer_addr addr;
struct inetpeer_addr saddr, daddr;
unsigned int hash;
struct net *net;
addr.family = tw->tw_family;
switch (addr.family) {
saddr.family = tw->tw_family;
daddr.family = tw->tw_family;
switch (daddr.family) {
case AF_INET:
addr.addr.a4 = tw->tw_daddr;
hash = (__force unsigned int) addr.addr.a4;
saddr.addr.a4 = tw->tw_rcv_saddr;
daddr.addr.a4 = tw->tw_daddr;
hash = (__force unsigned int) daddr.addr.a4;
break;
#if IS_ENABLED(CONFIG_IPV6)
case AF_INET6:
*(struct in6_addr *)addr.addr.a6 = tw->tw_v6_daddr;
*(struct in6_addr *)saddr.addr.a6 = tw->tw_v6_rcv_saddr;
*(struct in6_addr *)daddr.addr.a6 = tw->tw_v6_daddr;
hash = ipv6_addr_hash(&tw->tw_v6_daddr);
break;
#endif
......@@ -268,7 +280,8 @@ static struct tcp_metrics_block *__tcp_get_metrics_tw(struct inet_timewait_sock
for (tm = rcu_dereference(net->ipv4.tcp_metrics_hash[hash].chain); tm;
tm = rcu_dereference(tm->tcpm_next)) {
if (addr_same(&tm->tcpm_addr, &addr))
if (addr_same(&tm->tcpm_saddr, &saddr) &&
addr_same(&tm->tcpm_daddr, &daddr))
break;
}
return tm;
......@@ -279,20 +292,23 @@ static struct tcp_metrics_block *tcp_get_metrics(struct sock *sk,
bool create)
{
struct tcp_metrics_block *tm;
struct inetpeer_addr addr;
struct inetpeer_addr saddr, daddr;
unsigned int hash;
struct net *net;
bool reclaim;
addr.family = sk->sk_family;
switch (addr.family) {
saddr.family = sk->sk_family;
daddr.family = sk->sk_family;
switch (daddr.family) {
case AF_INET:
addr.addr.a4 = inet_sk(sk)->inet_daddr;
hash = (__force unsigned int) addr.addr.a4;
saddr.addr.a4 = inet_sk(sk)->inet_saddr;
daddr.addr.a4 = inet_sk(sk)->inet_daddr;
hash = (__force unsigned int) daddr.addr.a4;
break;
#if IS_ENABLED(CONFIG_IPV6)
case AF_INET6:
*(struct in6_addr *)addr.addr.a6 = sk->sk_v6_daddr;
*(struct in6_addr *)saddr.addr.a6 = sk->sk_v6_rcv_saddr;
*(struct in6_addr *)daddr.addr.a6 = sk->sk_v6_daddr;
hash = ipv6_addr_hash(&sk->sk_v6_daddr);
break;
#endif
......@@ -303,14 +319,14 @@ static struct tcp_metrics_block *tcp_get_metrics(struct sock *sk,
net = dev_net(dst->dev);
hash = hash_32(hash, net->ipv4.tcp_metrics_hash_log);
tm = __tcp_get_metrics(&addr, net, hash);
tm = __tcp_get_metrics(&saddr, &daddr, net, hash);
reclaim = false;
if (tm == TCP_METRICS_RECLAIM_PTR) {
reclaim = true;
tm = NULL;
}
if (!tm && create)
tm = tcpm_new(dst, &addr, hash, reclaim);
tm = tcpm_new(dst, &saddr, &daddr, hash, reclaim);
else
tcpm_check_stamp(tm, dst);
......@@ -724,15 +740,21 @@ static int tcp_metrics_fill_info(struct sk_buff *msg,
struct nlattr *nest;
int i;
switch (tm->tcpm_addr.family) {
switch (tm->tcpm_daddr.family) {
case AF_INET:
if (nla_put_be32(msg, TCP_METRICS_ATTR_ADDR_IPV4,
tm->tcpm_addr.addr.a4) < 0)
tm->tcpm_daddr.addr.a4) < 0)
goto nla_put_failure;
if (nla_put_be32(msg, TCP_METRICS_ATTR_SADDR_IPV4,
tm->tcpm_saddr.addr.a4) < 0)
goto nla_put_failure;
break;
case AF_INET6:
if (nla_put(msg, TCP_METRICS_ATTR_ADDR_IPV6, 16,
tm->tcpm_addr.addr.a6) < 0)
tm->tcpm_daddr.addr.a6) < 0)
goto nla_put_failure;
if (nla_put(msg, TCP_METRICS_ATTR_SADDR_IPV6, 16,
tm->tcpm_saddr.addr.a6) < 0)
goto nla_put_failure;
break;
default:
......@@ -855,44 +877,66 @@ static int tcp_metrics_nl_dump(struct sk_buff *skb,
return skb->len;
}
static int parse_nl_addr(struct genl_info *info, struct inetpeer_addr *addr,
unsigned int *hash, int optional)
static int __parse_nl_addr(struct genl_info *info, struct inetpeer_addr *addr,
unsigned int *hash, int optional, int v4, int v6)
{
struct nlattr *a;
a = info->attrs[TCP_METRICS_ATTR_ADDR_IPV4];
a = info->attrs[v4];
if (a) {
addr->family = AF_INET;
addr->addr.a4 = nla_get_be32(a);
*hash = (__force unsigned int) addr->addr.a4;
if (hash)
*hash = (__force unsigned int) addr->addr.a4;
return 0;
}
a = info->attrs[TCP_METRICS_ATTR_ADDR_IPV6];
a = info->attrs[v6];
if (a) {
if (nla_len(a) != sizeof(struct in6_addr))
return -EINVAL;
addr->family = AF_INET6;
memcpy(addr->addr.a6, nla_data(a), sizeof(addr->addr.a6));
*hash = ipv6_addr_hash((struct in6_addr *) addr->addr.a6);
if (hash)
*hash = ipv6_addr_hash((struct in6_addr *) addr->addr.a6);
return 0;
}
return optional ? 1 : -EAFNOSUPPORT;
}
static int parse_nl_addr(struct genl_info *info, struct inetpeer_addr *addr,
unsigned int *hash, int optional)
{
return __parse_nl_addr(info, addr, hash, optional,
TCP_METRICS_ATTR_ADDR_IPV4,
TCP_METRICS_ATTR_ADDR_IPV6);
}
static int parse_nl_saddr(struct genl_info *info, struct inetpeer_addr *addr)
{
return __parse_nl_addr(info, addr, NULL, 0,
TCP_METRICS_ATTR_SADDR_IPV4,
TCP_METRICS_ATTR_SADDR_IPV6);
}
static int tcp_metrics_nl_cmd_get(struct sk_buff *skb, struct genl_info *info)
{
struct tcp_metrics_block *tm;
struct inetpeer_addr addr;
struct inetpeer_addr saddr, daddr;
unsigned int hash;
struct sk_buff *msg;
struct net *net = genl_info_net(info);
void *reply;
int ret;
bool src = true;
ret = parse_nl_addr(info, &addr, &hash, 0);
ret = parse_nl_addr(info, &daddr, &hash, 0);
if (ret < 0)
return ret;
ret = parse_nl_saddr(info, &saddr);
if (ret < 0)
src = false;
msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
if (!msg)
return -ENOMEM;
......@@ -907,7 +951,8 @@ static int tcp_metrics_nl_cmd_get(struct sk_buff *skb, struct genl_info *info)
rcu_read_lock();
for (tm = rcu_dereference(net->ipv4.tcp_metrics_hash[hash].chain); tm;
tm = rcu_dereference(tm->tcpm_next)) {
if (addr_same(&tm->tcpm_addr, &addr)) {
if (addr_same(&tm->tcpm_daddr, &daddr) &&
(!src || addr_same(&tm->tcpm_saddr, &saddr))) {
ret = tcp_metrics_fill_info(msg, tm);
break;
}
......@@ -960,34 +1005,44 @@ static int tcp_metrics_flush_all(struct net *net)
static int tcp_metrics_nl_cmd_del(struct sk_buff *skb, struct genl_info *info)
{
struct tcpm_hash_bucket *hb;
struct tcp_metrics_block *tm;
struct tcp_metrics_block *tm, *tmlist = NULL;
struct tcp_metrics_block __rcu **pp;
struct inetpeer_addr addr;
struct inetpeer_addr saddr, daddr;
unsigned int hash;
struct net *net = genl_info_net(info);
int ret;
bool src = true;
ret = parse_nl_addr(info, &addr, &hash, 1);
ret = parse_nl_addr(info, &daddr, &hash, 1);
if (ret < 0)
return ret;
if (ret > 0)
return tcp_metrics_flush_all(net);
ret = parse_nl_saddr(info, &saddr);
if (ret < 0)
src = false;
hash = hash_32(hash, net->ipv4.tcp_metrics_hash_log);
hb = net->ipv4.tcp_metrics_hash + hash;
pp = &hb->chain;
spin_lock_bh(&tcp_metrics_lock);
for (tm = deref_locked_genl(*pp); tm;
pp = &tm->tcpm_next, tm = deref_locked_genl(*pp)) {
if (addr_same(&tm->tcpm_addr, &addr)) {
for (tm = deref_locked_genl(*pp); tm; tm = deref_locked_genl(*pp)) {
if (addr_same(&tm->tcpm_daddr, &daddr) &&
(!src || addr_same(&tm->tcpm_saddr, &saddr))) {
*pp = tm->tcpm_next;
break;
tm->tcpm_next = tmlist;
tmlist = tm;
} else {
pp = &tm->tcpm_next;
}
}
spin_unlock_bh(&tcp_metrics_lock);
if (!tm)
if (!tmlist)
return -ESRCH;
kfree_rcu(tm, rcu_head);
for (tm = tmlist; tm; tm = tmlist) {
tmlist = tm->tcpm_next;
kfree_rcu(tm, rcu_head);
}
return 0;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment