tcp: add TCP_MINTTL drop reason

In the unlikely case incoming packets are dropped because
of IP_MINTTL / IPV6_MINHOPCOUNT constraints...

Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20230201174345.2708943-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/include/net/dropreason.h b/include/net/dropreason.h
index 70539288f9958716f9164cac3435cce34bd21f51..94bc3d5d880305a8c968a1801dabef83d995c567 100644 (file)
--- a/include/net/dropreason.h
+++ b/include/net/dropreason.h
@@ -71,6 +71,7 @@
        FN(DUP_FRAG)                    \
        FN(FRAG_REASM_TIMEOUT)          \
        FN(FRAG_TOO_FAR)                \
+       FN(TCP_MINTTL)                  \
        FNe(MAX)
 
 /**
@@ -312,6 +313,11 @@ enum skb_drop_reason {
         * (/proc/sys/net/ipv4/ipfrag_max_dist)
         */
        SKB_DROP_REASON_FRAG_TOO_FAR,
+       /**
+        * @SKB_DROP_REASON_TCP_MINTTL: ipv4 ttl or ipv6 hoplimit below
+        * the threshold (IP_MINTTL or IPV6_MINHOPCOUNT).
+        */
+       SKB_DROP_REASON_TCP_MINTTL,
        /**
         * @SKB_DROP_REASON_MAX: the maximum of drop reason, which shouldn't be
         * used as a real 'reason'

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 8320d0ecb13ae1e3e259f3c13a4c2797fbd984a5..ea370afa70ed979266dbeea474b034e833b15db4 100644 (file)
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2102,6 +2102,7 @@ process:
                /* min_ttl can be changed concurrently from do_ip_setsockopt() */
                if (unlikely(iph->ttl < READ_ONCE(inet_sk(sk)->min_ttl))) {
                        __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
+                       drop_reason = SKB_DROP_REASON_TCP_MINTTL;
                        goto discard_and_relse;
                }
        }

diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 11b736a76bd7e46c8f521d5cfef74be5ae9deee0..543ee216772080d61800436a3eb31fa8d43d16c0 100644 (file)
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1708,8 +1708,9 @@ process:
 
        if (static_branch_unlikely(&ip6_min_hopcount)) {
                /* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */
-               if (hdr->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount)) {
+               if (unlikely(hdr->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount))) {
                        __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
+                       drop_reason = SKB_DROP_REASON_TCP_MINTTL;
                        goto discard_and_relse;
                }
        }