Commit 50468cdd authored by Kuniyuki Iwashima's avatar Kuniyuki Iwashima Committed by Jakub Kicinski
Browse files

tcp: Clean up goto labels in cookie_v[46]_check(). 



We will support arbitrary SYN Cookie with BPF, and then reqsk
will be preallocated before cookie_v[46]_check().

Depending on how validation fails, we send RST or just drop skb.

To make the error handling easier, let's clean up goto labels.

Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: default avatarSimon Horman <horms@kernel.org>
Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20231129022924.96156-4-kuniyu@amazon.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 45c28509

net/ipv4/syncookies.c

+11 −11
Original line number Diff line number Diff line
@@ -376,11 +376,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) 
	if (!cookie_timestamp_decode(net, &tcp_opt))

		goto out;



	ret = NULL;

	req = cookie_tcp_reqsk_alloc(&tcp_request_sock_ops,

				     &tcp_request_sock_ipv4_ops, sk, skb);

	if (!req)

		goto out;

		goto out_drop;



	ireq = inet_rsk(req);

	treq = tcp_rsk(req);
@@ -415,10 +414,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) 
	 */

	RCU_INIT_POINTER(ireq->ireq_opt, tcp_v4_save_options(net, skb));



	if (security_inet_conn_request(sk, skb, req)) {

		reqsk_free(req);

		goto out;

	}

	if (security_inet_conn_request(sk, skb, req))

		goto out_free;



	req->num_retrans = 0;
@@ -435,10 +432,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) 
			   ireq->ir_loc_addr, th->source, th->dest, sk->sk_uid);

	security_req_classify_flow(req, flowi4_to_flowi_common(&fl4));

	rt = ip_route_output_key(net, &fl4);

	if (IS_ERR(rt)) {

		reqsk_free(req);

		goto out;

	}

	if (IS_ERR(rt))

		goto out_free;



	/* Try to redo what tcp_v4_send_synack did. */

	req->rsk_window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW);
@@ -462,5 +457,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) 
	 */

	if (ret)

		inet_sk(ret)->cork.fl.u.ip4 = fl4;

out:	return ret;

out:

	return ret;

out_free:

	reqsk_free(req);

out_drop:

	return NULL;

}

net/ipv6/syncookies.c

+2 −2
Original line number Diff line number Diff line
@@ -172,11 +172,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) 
	if (!cookie_timestamp_decode(net, &tcp_opt))

		goto out;



	ret = NULL;

	req = cookie_tcp_reqsk_alloc(&tcp6_request_sock_ops,

				     &tcp_request_sock_ipv6_ops, sk, skb);

	if (!req)

		goto out;

		goto out_drop;



	ireq = inet_rsk(req);

	treq = tcp_rsk(req);
@@ -269,5 +268,6 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) 
	return ret;

out_free:

	reqsk_free(req);

out_drop:

	return NULL;

}