From nobody Thu Feb 03 19:11:23 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 161BA19AAB54; Thu, 3 Feb 2022 19:11:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JqSvH6rwNz4lMN; Thu, 3 Feb 2022 19:11:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643915484; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5pbqQNV84IXso6wXRZYJ+uc0Xf8FClUzYDwOeb5jB70=; b=EqMkXsJ4nuIuaVpyI3R/DsWE8uWaIA3eXc+0j1NYtCBg0SRNXh5oqBwpbXLNMq1VeAEB9X M8fdl1Nx8YpSbgPs2GATo7QLpAm8kuP6oysak8jYPiH34qu8wfIczrY/n2gkS93CL4vu+D ANl+xiiG84GzW8tkEBZBt43+Y/Y7RydFX5jxJIgA6CN+z+Qia7ssxX40b6vXWxXS0VyqKR mWxoVF9t5Qmy3WLrsVF+g1LHJL23KMIuwJZGq5Cln7hkUU7L2KEFyDHdJ1Ner7amCvnB4T QHF7HyF/4FPLtLqZ7Im49piX5LWeG/I+n9VBbaSg1iQCapk/+X41pV0P4I1AlA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CA49B1D7A7; Thu, 3 Feb 2022 19:11:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 213JBN3s010307; Thu, 3 Feb 2022 19:11:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 213JBN25010306; Thu, 3 Feb 2022 19:11:23 GMT (envelope-from git) Date: Thu, 3 Feb 2022 19:11:23 GMT Message-Id: <202202031911.213JBN25010306@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Richard Scheffenegger Subject: git: 3b0ee680507a - main - tcp: Prevent setting of ECN bits with setsockopt() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rscheff X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3b0ee680507ab4cfe4d493bc1487305666d9437c Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643915484; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5pbqQNV84IXso6wXRZYJ+uc0Xf8FClUzYDwOeb5jB70=; b=tycDG73lpguxx+BHMhka8p7HzSLm6KEDmVxzzM33XtwYV+qzcFhHOVCFEyFNClbs1rXpcu dTO+FKTW4OUFoJtjZpZgjVXNVFXLXRTelH4FChr4hhQ1cENqefUIoIlwlt0nGhzRHXTdh7 Tkzve77/8u0nEHw/GtL+mYYt3lkWbkf1t9osvI1tiXw9CC/pLVB9pP5dH3RPpAiafYMnOX vblSZA0LDN+K2sOYNaWMDUXTs1qe0fkgHQOkjp7umBJC/PYGPEqfAU0dshP1DdBxB7LCg3 zdHlKIw19YV8IaoaAt89r95VRkBOUaI17pKIub55jFBtIzxqWZQyn5Q/E9Dfjw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643915484; a=rsa-sha256; cv=none; b=SC10dXkUwPhP3m//gpBHWeEk7AK+kIranaBvzvjyzbaj0JK8njWat1EjkTBfKgiYFivSFz hHy2f6xS+DYTrROJ0FYTp1MuCHAjRZSWJPJQlLZqR7yBm8oMNywKfwpyPy7qI63H33qDYr 06QwH2MO8ggCPwujJh12+t8tjbCeFu0isb7xGU3wNICFlZuqmUkMKZO+Gm5rQDpHfWtDlo FPInpe+QPTJ9sMSDGfxD6ooqm8i8LaeZstTHyNhnWbJ0zwCmPEp2+/c6i9JSnJ2wxago/2 DHlxPZKFZJ7B6NYGFAU7SQGQUoI6U87ADnhwTx+Q5U60EXwAHNWqOPfZ+5oppA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rscheff: URL: https://cgit.FreeBSD.org/src/commit/?id=3b0ee680507ab4cfe4d493bc1487305666d9437c commit 3b0ee680507ab4cfe4d493bc1487305666d9437c Author: Richard Scheffenegger AuthorDate: 2022-02-03 18:50:56 +0000 Commit: Richard Scheffenegger CommitDate: 2022-02-03 19:06:42 +0000 tcp: Prevent setting of ECN bits with setsockopt() setsockopt() grants full access to the deprecated TOS byte. For TCP, mask out the ECN codepoint, so that only the DSCP portion can be adjusted. Reviewed By: tuexen, hselasky, #manpages, #transport, debdrup Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D34154 --- share/man/man4/ip.4 | 11 +++++++---- sys/netinet/ip.h | 2 +- sys/netinet/tcp_usrreq.c | 3 +++ 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/share/man/man4/ip.4 b/share/man/man4/ip.4 index 24b06846e66f..d1c3b34b51a6 100644 --- a/share/man/man4/ip.4 +++ b/share/man/man4/ip.4 @@ -90,10 +90,13 @@ setsockopt(s, IPPROTO_IP, IP_OPTIONS, NULL, 0); .Ed .Pp .Dv IP_TOS -and +may be used to set the differential service codepoint (DSCP) and the +explicit congestion notfication (ECN) codepoint. +Setting the ECN codepoint - the two least significant bits - on a +socket using a transport protocol implementing ECN has no effect. +.Pp .Dv IP_TTL -may be used to set the type-of-service and time-to-live -fields in the +configures the time-to-live (TTL) field in the .Tn IP header for .Dv SOCK_STREAM , SOCK_DGRAM , @@ -102,7 +105,7 @@ and certain types of sockets. For example, .Bd -literal -int tos = IPTOS_LOWDELAY; /* see */ +int tos = IPTOS_DSCP_EF; /* see */ setsockopt(s, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)); int ttl = 60; /* max = 255 */ diff --git a/sys/netinet/ip.h b/sys/netinet/ip.h index 934bd812a495..81e46a778d2c 100644 --- a/sys/netinet/ip.h +++ b/sys/netinet/ip.h @@ -79,7 +79,7 @@ struct ip { #define IPTOS_LOWDELAY 0x10 #define IPTOS_THROUGHPUT 0x08 #define IPTOS_RELIABILITY 0x04 -#define IPTOS_MINCOST 0x02 +#define IPTOS_MINCOST IPTOS_DSCP_CS0 /* * Definitions for IP precedence (also in ip_tos) (deprecated). diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index f2652811b86a..13e48eef459b 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -82,6 +82,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #ifdef INET6 #include @@ -1759,6 +1760,8 @@ tcp_ctloutput_set(struct inpcb *inp, struct sockopt *sopt) case IPPROTO_IP: switch (sopt->sopt_name) { case IP_TOS: + inp->inp_ip_tos &= ~IPTOS_ECN_MASK; + break; case IP_TTL: /* Notify tcp stacks that care (e.g. RACK). */ break;