Home Explore Help
Register Sign In
OpenWrt
/
openwrt
mirror of https://github.com/openwrt/openwrt.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

kernel: ksmbd: add max ip connection parameter

With this patch is set the maximum number of connections per ip address instead of no control.
The default is 8.

Signed-off-by: Andrea Pesaresi <[email protected]>
Link: https://github.com/openwrt/openwrt/pull/20377
(cherry picked from commit e78f000869f1858b9bdf2a72daf2c7e27bfb4b82)
Link: https://github.com/openwrt/openwrt/pull/20442
Signed-off-by: Hauke Mehrtens <[email protected]>
Andrea Pesaresi 1 week ago
parent
225b6724cd
commit
d6f72e0cbb
1 changed files with 119 additions and 0 deletions
Split View Show Diff Stats
  1. 119 0
      target/linux/generic/backport-6.6/541-v6.18-ksmbd-add-max-ip-connections-parameter.patch

+ 119 - 0
target/linux/generic/backport-6.6/541-v6.18-ksmbd-add-max-ip-connections-parameter.patch
View File 

@@ -0,0 +1,119 @@
 
+From d8b6dc9256762293048bf122fc11c4e612d0ef5d Mon Sep 17 00:00:00 2001
 
+From: Namjae Jeon <[email protected]>
 
+Date: Wed, 1 Oct 2025 09:25:35 +0900
 
+Subject: ksmbd: add max ip connections parameter
 
+
 
+This parameter set the maximum number of connections per ip address.
 
+The default is 8.
 
+
 
+Cc: [email protected]
 
+Fixes: c0d41112f1a5 ("ksmbd: extend the connection limiting mechanism to support IPv6")
 
+Signed-off-by: Namjae Jeon <[email protected]>
 
+Signed-off-by: Steve French <[email protected]>
 
+---
 
+ fs/smb/server/ksmbd_netlink.h |  5 +++--
 
+ fs/smb/server/server.h        |  1 +
 
+ fs/smb/server/transport_ipc.c |  3 +++
 
+ fs/smb/server/transport_tcp.c | 27 ++++++++++++++++-----------
 
+ 4 files changed, 23 insertions(+), 13 deletions(-)
 
+
 
+(limited to 'fs/smb')
 
+
 
+--- a/fs/smb/server/ksmbd_netlink.h
 
++++ b/fs/smb/server/ksmbd_netlink.h
 
+@@ -109,10 +109,11 @@ struct ksmbd_startup_request {
 
+ 	__u32	smbd_max_io_size;	/* smbd read write size */
 
+ 	__u32	max_connections;	/* Number of maximum simultaneous connections */
 
+ 	__s8	bind_interfaces_only;
 
+-	__s8	reserved[503];		/* Reserved room */
 
++	__u32	max_ip_connections;	/* Number of maximum connection per ip address */
 
++	__s8	reserved[499];		/* Reserved room */
 
+ 	__u32	ifc_list_sz;		/* interfaces list size */
 
+ 	__s8	____payload[];
 
+-};
 
++} __packed;
 
+ 
+ #define KSMBD_STARTUP_CONFIG_INTERFACES(s)	((s)->____payload)
 
+ 
+--- a/fs/smb/server/server.h
 
++++ b/fs/smb/server/server.h
 
+@@ -43,6 +43,7 @@ struct ksmbd_server_config {
 
+ 	unsigned int		auth_mechs;
 
+ 	unsigned int		max_connections;
 
+ 	unsigned int		max_inflight_req;
 
++	unsigned int		max_ip_connections;
 
+ 
+ 	char			*conf[SERVER_CONF_WORK_GROUP + 1];
 
+ };
 
+--- a/fs/smb/server/transport_ipc.c
 
++++ b/fs/smb/server/transport_ipc.c
 
+@@ -321,6 +321,9 @@ static int ipc_server_config_on_startup(
 
+ 	if (req->max_connections)
 
+ 		server_conf.max_connections = req->max_connections;
 
+ 
++	if (req->max_ip_connections)
 
++		server_conf.max_ip_connections = req->max_ip_connections;
 
++
 
+ 	ret = ksmbd_set_netbios_name(req->netbios_name);
 
+ 	ret |= ksmbd_set_server_string(req->server_string);
 
+ 	ret |= ksmbd_set_work_group(req->work_group);
 
+--- a/fs/smb/server/transport_tcp.c
 
++++ b/fs/smb/server/transport_tcp.c
 
+@@ -240,6 +240,7 @@ static int ksmbd_kthread_fn(void *p)
 
+ 	struct interface *iface = (struct interface *)p;
 
+ 	struct ksmbd_conn *conn;
 
+ 	int ret;
 
++	unsigned int max_ip_conns;
 
+ 
+ 	while (!kthread_should_stop()) {
 
+ 		mutex_lock(&iface->sock_release_lock);
 
+@@ -257,34 +258,38 @@ static int ksmbd_kthread_fn(void *p)
 
+ 			continue;
 
+ 		}
 
+ 
++		if (!server_conf.max_ip_connections)
 
++			goto skip_max_ip_conns_limit;
 
++
 
+ 		/*
 
+ 		 * Limits repeated connections from clients with the same IP.
 
+ 		 */
 
++		max_ip_conns = 0;
 
+ 		down_read(&conn_list_lock);
 
+-		list_for_each_entry(conn, &conn_list, conns_list)
 
++		list_for_each_entry(conn, &conn_list, conns_list) {
 
+ #if IS_ENABLED(CONFIG_IPV6)
 
+ 			if (client_sk->sk->sk_family == AF_INET6) {
 
+ 				if (memcmp(&client_sk->sk->sk_v6_daddr,
 
+-					   &conn->inet6_addr, 16) == 0) {
 
+-					ret = -EAGAIN;
 
+-					break;
 
+-				}
 
++					   &conn->inet6_addr, 16) == 0)
 
++					max_ip_conns++;
 
+ 			} else if (inet_sk(client_sk->sk)->inet_daddr ==
 
+-				 conn->inet_addr) {
 
+-				ret = -EAGAIN;
 
+-				break;
 
+-			}
 
++				 conn->inet_addr)
 
++				max_ip_conns++;
 
+ #else
 
+ 			if (inet_sk(client_sk->sk)->inet_daddr ==
 
+-			    conn->inet_addr) {
 
++			    conn->inet_addr)
 
++				max_ip_conns++;
 
++#endif
 
++			if (server_conf.max_ip_connections <= max_ip_conns) {
 
+ 				ret = -EAGAIN;
 
+ 				break;
 
+ 			}
 
+-#endif
 
++		}
 
+ 		up_read(&conn_list_lock);
 
+ 		if (ret == -EAGAIN)
 
+ 			continue;
 
+ 
++skip_max_ip_conns_limit:
 
+ 		if (server_conf.max_connections &&
 
+ 		    atomic_inc_return(&active_num_conn) >= server_conf.max_connections) {
 
+ 			pr_info_ratelimited("Limit the maximum number of connections(%u)\n",