tcp: Clean up goto labels in cookie_v[46]_check().

We will support arbitrary SYN Cookie with BPF, and then reqsk
will be preallocated before cookie_v[46]_check().

Depending on how validation fails, we send RST or just drop skb.

To make the error handling easier, let's clean up goto labels.

Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20231129022924.96156-4-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index fb41bb18fe6b76d75bcd2574b29758b993baba3d..8b7d7d7788afa30fafd63629145b943648781d09 100644 (file)
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -376,11 +376,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
        if (!cookie_timestamp_decode(net, &tcp_opt))
                goto out;
 
-       ret = NULL;
        req = cookie_tcp_reqsk_alloc(&tcp_request_sock_ops,
                                     &tcp_request_sock_ipv4_ops, sk, skb);
        if (!req)
-               goto out;
+               goto out_drop;
 
        ireq = inet_rsk(req);
        treq = tcp_rsk(req);
@@ -415,10 +414,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
         */
        RCU_INIT_POINTER(ireq->ireq_opt, tcp_v4_save_options(net, skb));
 
-       if (security_inet_conn_request(sk, skb, req)) {
-               reqsk_free(req);
-               goto out;
-       }
+       if (security_inet_conn_request(sk, skb, req))
+               goto out_free;
 
        req->num_retrans = 0;
 
@@ -435,10 +432,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
                           ireq->ir_loc_addr, th->source, th->dest, sk->sk_uid);
        security_req_classify_flow(req, flowi4_to_flowi_common(&fl4));
        rt = ip_route_output_key(net, &fl4);
-       if (IS_ERR(rt)) {
-               reqsk_free(req);
-               goto out;
-       }
+       if (IS_ERR(rt))
+               goto out_free;
 
        /* Try to redo what tcp_v4_send_synack did. */
        req->rsk_window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW);
@@ -462,5 +457,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
         */
        if (ret)
                inet_sk(ret)->cork.fl.u.ip4 = fl4;
-out:   return ret;
+out:
+       return ret;
+out_free:
+       reqsk_free(req);
+out_drop:
+       return NULL;
 }

diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
index ba394fa73f41f89d20fe6ab772612efd20863bc2..106376cbc9de5fb01c1bb0ab893e8d857bb3a86e 100644 (file)
--- a/net/ipv6/syncookies.c
+++ b/net/ipv6/syncookies.c
@@ -172,11 +172,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
        if (!cookie_timestamp_decode(net, &tcp_opt))
                goto out;
 
-       ret = NULL;
        req = cookie_tcp_reqsk_alloc(&tcp6_request_sock_ops,
                                     &tcp_request_sock_ipv6_ops, sk, skb);
        if (!req)
-               goto out;
+               goto out_drop;
 
        ireq = inet_rsk(req);
        treq = tcp_rsk(req);
@@ -269,5 +268,6 @@ out:
        return ret;
 out_free:
        reqsk_free(req);
+out_drop:
        return NULL;
 }