Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 00355fa5 authored by Alexey Kodanev's avatar Alexey Kodanev Committed by David S. Miller
Browse files

tcp: setup timestamp offset when write_seq already set 



Found that when randomized tcp offsets are enabled (by default)
TCP client can still start new connections without them. Later,
if server does active close and re-uses sockets in TIME-WAIT
state, new SYN from client can be rejected on PAWS check inside
tcp_timewait_state_process(), because either tw_ts_recent or
rcv_tsval doesn't really have an offset set.

Here is how to reproduce it with LTP netstress tool:
    netstress -R 1 &
    netstress -H 127.0.0.1 -lr 1000000 -a1

    [...]
    < S  seq 1956977072 win 43690 TS val 295618 ecr 459956970
    > .  ack 1956911535 win 342 TS val 459967184 ecr 1547117608
    < R  seq 1956911535 win 0 length 0
+1. < S  seq 1956977072 win 43690 TS val 296640 ecr 459956970
    > S. seq 657450664 ack 1956977073 win 43690 TS val 459968205 ecr 296640

Fixes: 95a22cae ("tcp: randomize tcp timestamp offsets for each connection")
Signed-off-by: default avatarAlexey Kodanev <alexey.kodanev@oracle.com>
Acked-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent ec7cb62d

net/ipv4/tcp_ipv4.c

+10 −6
Original line number Diff line number Diff line
@@ -145,6 +145,7 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) 
	struct flowi4 *fl4;

	struct rtable *rt;

	int err;

	u32 seq;

	struct ip_options_rcu *inet_opt;

	struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
@@ -234,12 +235,15 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) 
	sk_setup_caps(sk, &rt->dst);

	rt = NULL;



	if (!tp->write_seq && likely(!tp->repair))

		tp->write_seq = secure_tcp_sequence_number(inet->inet_saddr,

	if (likely(!tp->repair)) {

		seq = secure_tcp_sequence_number(inet->inet_saddr,

						 inet->inet_daddr,

						 inet->inet_sport,

						 usin->sin_port,

						 &tp->tsoffset);

		if (!tp->write_seq)

			tp->write_seq = seq;

	}



	inet->inet_id = tp->write_seq ^ jiffies;

net/ipv6/tcp_ipv6.c

+10 −6
Original line number Diff line number Diff line
@@ -122,6 +122,7 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 
	struct flowi6 fl6;

	struct dst_entry *dst;

	int addr_type;

	u32 seq;

	int err;

	struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
@@ -285,12 +286,15 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 


	sk_set_txhash(sk);



	if (!tp->write_seq && likely(!tp->repair))

		tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,

	if (likely(!tp->repair)) {

		seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,

						   sk->sk_v6_daddr.s6_addr32,

						   inet->inet_sport,

						   inet->inet_dport,

						   &tp->tsoffset);

		if (!tp->write_seq)

			tp->write_seq = seq;

	}



	if (tcp_fastopen_defer_connect(sk, &err))

		return err;