Message ID | 1604913614-19432-1-git-send-email-wenan.mao@linux.alibaba.com |
---|---|
State | Changes Requested |
Delegated to: | David Miller |
Headers | show |
Series | net: Update window_clamp if SOCK_RCVBUF is set | expand |
Context | Check | Description |
---|---|---|
jkicinski/cover_letter | success | Link |
jkicinski/fixes_present | success | Link |
jkicinski/patch_count | success | Link |
jkicinski/tree_selection | success | Guessed tree name to be net-next |
jkicinski/subject_prefix | warning | Target tree name not specified in the subject |
jkicinski/source_inline | success | Was 0 now: 0 |
jkicinski/verify_signedoff | success | Link |
jkicinski/module_param | success | Was 0 now: 0 |
jkicinski/build_32bit | success | Errors and warnings before: 2 this patch: 2 |
jkicinski/kdoc | success | Errors and warnings before: 0 this patch: 0 |
jkicinski/verify_fixes | success | Link |
jkicinski/checkpatch | warning | WARNING: line length of 87 exceeds 80 columns |
jkicinski/build_allmodconfig_warn | success | Errors and warnings before: 2 this patch: 2 |
jkicinski/header_inline | success | Link |
jkicinski/stable | success | Stable not CCed |
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 6ac473b..57ce317 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -427,6 +427,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) /* Try to redo what tcp_v4_send_synack did. */ req->rsk_window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW); + /* limit the window selection if the user enforce a smaller rx buffer */ + if (sk->sk_userlocks & SOCK_RCVBUF_LOCK && + (req->rsk_window_clamp > tcp_full_space(sk) || req->rsk_window_clamp == 0)) + req->rsk_window_clamp = tcp_full_space(sk); tcp_select_initial_window(sk, tcp_full_space(sk), req->mss, &req->rsk_rcv_wnd, &req->rsk_window_clamp,
When net.ipv4.tcp_syncookies=1 and syn flood is happened, cookie_v4_check tries to redo what tcp_v4_send_synack did, rsk_window_clamp will be changed if SOCK_RCVBUF is set by user, which will make rcv_wscale is different, the client still operates with initial window scale and can overshot granted window, the client use the initial scale but local server use new scale to advertise window value, and session work abnormally. Signed-off-by: Mao Wenan <wenan.mao@linux.alibaba.com> --- net/ipv4/syncookies.c | 4 ++++ 1 file changed, 4 insertions(+)