diff options
| author | Soheil Hassas Yeganeh <soheil@google.com> | 2017-03-15 16:30:45 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-03-16 23:33:56 -0400 |
| commit | d82bae12dc38d79a2b77473f5eb0612a3d69c55b (patch) | |
| tree | 677ef02fce0b832e01c02c21f37fa7d653663104 /net/ipv4/tcp_input.c | |
| parent | 8b705f5241adb2d0b5d009abea5a865601666974 (diff) | |
tcp: remove per-destination timestamp cache
Commit 8a5bd45f6616 (tcp: randomize tcp timestamp offsets for each connection)
randomizes TCP timestamps per connection. After this commit,
there is no guarantee that the timestamps received from the
same destination are monotonically increasing. As a result,
the per-destination timestamp cache in TCP metrics (i.e., tcpm_ts
in struct tcp_metrics_block) is broken and cannot be relied upon.
Remove the per-destination timestamp cache and all related code
paths.
Note that this cache was already broken for caching timestamps of
multiple machines behind a NAT sharing the same address.
Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Cc: Lutz Vieweg <lvml@5t9.de>
Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/tcp_input.c')
| -rw-r--r-- | net/ipv4/tcp_input.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 96b67a8b18c3..aafec0676d3e 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c | |||
| @@ -6342,8 +6342,7 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops, | |||
| 6342 | dst = af_ops->route_req(sk, &fl, req, &strict); | 6342 | dst = af_ops->route_req(sk, &fl, req, &strict); |
| 6343 | 6343 | ||
| 6344 | if (dst && strict && | 6344 | if (dst && strict && |
| 6345 | !tcp_peer_is_proven(req, dst, true, | 6345 | !tcp_peer_is_proven(req, dst)) { |
| 6346 | tmp_opt.saw_tstamp)) { | ||
| 6347 | NET_INC_STATS(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED); | 6346 | NET_INC_STATS(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED); |
| 6348 | goto drop_and_release; | 6347 | goto drop_and_release; |
| 6349 | } | 6348 | } |
| @@ -6352,8 +6351,7 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops, | |||
| 6352 | else if (!net->ipv4.sysctl_tcp_syncookies && | 6351 | else if (!net->ipv4.sysctl_tcp_syncookies && |
| 6353 | (net->ipv4.sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) < | 6352 | (net->ipv4.sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) < |
| 6354 | (net->ipv4.sysctl_max_syn_backlog >> 2)) && | 6353 | (net->ipv4.sysctl_max_syn_backlog >> 2)) && |
| 6355 | !tcp_peer_is_proven(req, dst, false, | 6354 | !tcp_peer_is_proven(req, dst)) { |
| 6356 | tmp_opt.saw_tstamp)) { | ||
| 6357 | /* Without syncookies last quarter of | 6355 | /* Without syncookies last quarter of |
| 6358 | * backlog is filled with destinations, | 6356 | * backlog is filled with destinations, |
| 6359 | * proven to be alive. | 6357 | * proven to be alive. |