tcp: SYN packets are now simply consumed

We now have proper per-listener but also per network namespace counters for SYN packets that might be dropped. We replace the kfree_skb() by consume_skb() to be drop monitor [1] friendly, and remove an obsolete comment. FastOpen SYN packets can carry payload in them just fine. [1] perf record -a -g -e skb:kfree_skb sleep 1; perf report Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Dumazet <edumazet@google.com> 2016-04-22 01:13:01 -0400
committer: David S. Miller <davem@davemloft.net> 2016-04-25 15:48:10 -0400
commit: 0aea76d35c9651d55bbaf746e7914e5f9ae5a25d (patch)
tree: d0416ab07371c5bb704fd324e117183022b743b8 /net/ipv4/tcp_input.c
parent: 1bc7fe64b60b40d50e42ba4bb870bbfb95d64e21 (diff)
1 files changed, 1 insertions, 18 deletions
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index dcad8f9f96eb..967520dbe0bf 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5815,24 +5815,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb)
                        if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
                                return 1;
-                        /* Now we have several options: In theory there is
+                        consume_skb(skb);
-                         * nothing else in the frame. KA9Q has an option to
-                         * send data with the syn, BSD accepts data with the
-                         * syn up to the [to be] advertised window and
-                         * Solaris 2.1 gives you a protocol error. For now
-                         * we just ignore it, that fits the spec precisely
-                         * and avoids incompatibilities. It would be nice in
-                         * future to drop through and process the data.
-                         *
-                         * Now that TTCP is starting to be used we ought to
-                         * queue this data.
-                         * But, this leaves one open to an easy denial of
-                         * service attack, and SYN cookies can't defend
-                         * against this problem. So, we drop the data
-                         * in the interest of security over speed unless
-                         * it's still in use.
-                         */
-                        kfree_skb(skb);
                        return 0;
                }
                goto discard;
author	Eric Dumazet <edumazet@google.com>	2016-04-22 01:13:01 -0400
committer	David S. Miller <davem@davemloft.net>	2016-04-25 15:48:10 -0400
commit	0aea76d35c9651d55bbaf746e7914e5f9ae5a25d (patch)
tree	d0416ab07371c5bb704fd324e117183022b743b8 /net/ipv4/tcp_input.c
parent	1bc7fe64b60b40d50e42ba4bb870bbfb95d64e21 (diff)

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index dcad8f9f96eb..967520dbe0bf 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c
@@ -5815,24 +5815,7 @@ int tcp_rcv_state_process(struct sock sk, struct sk_buff skb)
5815	if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)	5815	if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
5816	return 1;	5816	return 1;
5817		5817
5818	/* Now we have several options: In theory there is	5818	consume_skb(skb);
5819	* nothing else in the frame. KA9Q has an option to
5820	* send data with the syn, BSD accepts data with the
5821	* syn up to the [to be] advertised window and
5822	* Solaris 2.1 gives you a protocol error. For now
5823	* we just ignore it, that fits the spec precisely
5824	* and avoids incompatibilities. It would be nice in
5825	* future to drop through and process the data.
5826	*
5827	* Now that TTCP is starting to be used we ought to
5828	* queue this data.
5829	* But, this leaves one open to an easy denial of
5830	* service attack, and SYN cookies can't defend
5831	* against this problem. So, we drop the data
5832	* in the interest of security over speed unless
5833	* it's still in use.
5834	*/
5835	kfree_skb(skb);
5836	return 0;	5819	return 0;
5837	}	5820	}
5838	goto discard;	5821	goto discard;