diff options
| author | Pablo Neira <pablo@netfilter.org> | 2017-01-26 16:56:21 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-02-18 09:11:44 -0500 |
| commit | 0d4c19ee68c91f46905cbd393939d89237e6189c (patch) | |
| tree | e34a87f7f509d7f57ebc163047442ad2452bf7a5 | |
| parent | 0e0751cdfa466923218ff59a8624fa8d1050b6fb (diff) | |
tcp: don't annotate mark on control socket from tcp_v6_send_response()
commit 92e55f412cffd016cc245a74278cb4d7b89bb3bc upstream.
Unlike ipv4, this control socket is shared by all cpus so we cannot use
it as scratchpad area to annotate the mark that we pass to ip6_xmit().
Add a new parameter to ip6_xmit() to indicate the mark. The SCTP socket
family caches the flowi6 structure in the sctp_transport structure, so
we cannot use to carry the mark unless we later on reset it back, which
I discarded since it looks ugly to me.
Fixes: bf99b4ded5f8 ("tcp: fix mark propagation with fwmark_reflect enabled")
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | include/net/ipv6.h | 2 | ||||
| -rw-r--r-- | net/dccp/ipv6.c | 4 | ||||
| -rw-r--r-- | net/ipv6/inet6_connection_sock.c | 2 | ||||
| -rw-r--r-- | net/ipv6/ip6_output.c | 4 | ||||
| -rw-r--r-- | net/ipv6/tcp_ipv6.c | 5 | ||||
| -rw-r--r-- | net/sctp/ipv6.c | 3 |
6 files changed, 10 insertions, 10 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index f11ca837361b..7f15f95625e7 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h | |||
| @@ -871,7 +871,7 @@ int ip6_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb); | |||
| 871 | * upper-layer output functions | 871 | * upper-layer output functions |
| 872 | */ | 872 | */ |
| 873 | int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, | 873 | int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, |
| 874 | struct ipv6_txoptions *opt, int tclass); | 874 | __u32 mark, struct ipv6_txoptions *opt, int tclass); |
| 875 | 875 | ||
| 876 | int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr); | 876 | int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr); |
| 877 | 877 | ||
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c index 715e5d1dc107..7506c03a7db9 100644 --- a/net/dccp/ipv6.c +++ b/net/dccp/ipv6.c | |||
| @@ -227,7 +227,7 @@ static int dccp_v6_send_response(const struct sock *sk, struct request_sock *req | |||
| 227 | opt = ireq->ipv6_opt; | 227 | opt = ireq->ipv6_opt; |
| 228 | if (!opt) | 228 | if (!opt) |
| 229 | opt = rcu_dereference(np->opt); | 229 | opt = rcu_dereference(np->opt); |
| 230 | err = ip6_xmit(sk, skb, &fl6, opt, np->tclass); | 230 | err = ip6_xmit(sk, skb, &fl6, sk->sk_mark, opt, np->tclass); |
| 231 | rcu_read_unlock(); | 231 | rcu_read_unlock(); |
| 232 | err = net_xmit_eval(err); | 232 | err = net_xmit_eval(err); |
| 233 | } | 233 | } |
| @@ -281,7 +281,7 @@ static void dccp_v6_ctl_send_reset(const struct sock *sk, struct sk_buff *rxskb) | |||
| 281 | dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL); | 281 | dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL); |
| 282 | if (!IS_ERR(dst)) { | 282 | if (!IS_ERR(dst)) { |
| 283 | skb_dst_set(skb, dst); | 283 | skb_dst_set(skb, dst); |
| 284 | ip6_xmit(ctl_sk, skb, &fl6, NULL, 0); | 284 | ip6_xmit(ctl_sk, skb, &fl6, 0, NULL, 0); |
| 285 | DCCP_INC_STATS(DCCP_MIB_OUTSEGS); | 285 | DCCP_INC_STATS(DCCP_MIB_OUTSEGS); |
| 286 | DCCP_INC_STATS(DCCP_MIB_OUTRSTS); | 286 | DCCP_INC_STATS(DCCP_MIB_OUTRSTS); |
| 287 | return; | 287 | return; |
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c index 532c3ef282c5..798a0950e9a6 100644 --- a/net/ipv6/inet6_connection_sock.c +++ b/net/ipv6/inet6_connection_sock.c | |||
| @@ -173,7 +173,7 @@ int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl_unused | |||
| 173 | /* Restore final destination back after routing done */ | 173 | /* Restore final destination back after routing done */ |
| 174 | fl6.daddr = sk->sk_v6_daddr; | 174 | fl6.daddr = sk->sk_v6_daddr; |
| 175 | 175 | ||
| 176 | res = ip6_xmit(sk, skb, &fl6, rcu_dereference(np->opt), | 176 | res = ip6_xmit(sk, skb, &fl6, sk->sk_mark, rcu_dereference(np->opt), |
| 177 | np->tclass); | 177 | np->tclass); |
| 178 | rcu_read_unlock(); | 178 | rcu_read_unlock(); |
| 179 | return res; | 179 | return res; |
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 59eb4ed99ce8..9a87bfb2ec16 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
| @@ -163,7 +163,7 @@ int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb) | |||
| 163 | * which are using proper atomic operations or spinlocks. | 163 | * which are using proper atomic operations or spinlocks. |
| 164 | */ | 164 | */ |
| 165 | int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, | 165 | int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, |
| 166 | struct ipv6_txoptions *opt, int tclass) | 166 | __u32 mark, struct ipv6_txoptions *opt, int tclass) |
| 167 | { | 167 | { |
| 168 | struct net *net = sock_net(sk); | 168 | struct net *net = sock_net(sk); |
| 169 | const struct ipv6_pinfo *np = inet6_sk(sk); | 169 | const struct ipv6_pinfo *np = inet6_sk(sk); |
| @@ -230,7 +230,7 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, | |||
| 230 | 230 | ||
| 231 | skb->protocol = htons(ETH_P_IPV6); | 231 | skb->protocol = htons(ETH_P_IPV6); |
| 232 | skb->priority = sk->sk_priority; | 232 | skb->priority = sk->sk_priority; |
| 233 | skb->mark = sk->sk_mark; | 233 | skb->mark = mark; |
| 234 | 234 | ||
| 235 | mtu = dst_mtu(dst); | 235 | mtu = dst_mtu(dst); |
| 236 | if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) { | 236 | if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) { |
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 5200c676fc72..667396536feb 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
| @@ -467,7 +467,7 @@ static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst, | |||
| 467 | opt = ireq->ipv6_opt; | 467 | opt = ireq->ipv6_opt; |
| 468 | if (!opt) | 468 | if (!opt) |
| 469 | opt = rcu_dereference(np->opt); | 469 | opt = rcu_dereference(np->opt); |
| 470 | err = ip6_xmit(sk, skb, fl6, opt, np->tclass); | 470 | err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass); |
| 471 | rcu_read_unlock(); | 471 | rcu_read_unlock(); |
| 472 | err = net_xmit_eval(err); | 472 | err = net_xmit_eval(err); |
| 473 | } | 473 | } |
| @@ -837,8 +837,7 @@ static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 | |||
| 837 | dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL); | 837 | dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL); |
| 838 | if (!IS_ERR(dst)) { | 838 | if (!IS_ERR(dst)) { |
| 839 | skb_dst_set(buff, dst); | 839 | skb_dst_set(buff, dst); |
| 840 | ctl_sk->sk_mark = fl6.flowi6_mark; | 840 | ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass); |
| 841 | ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass); | ||
| 842 | TCP_INC_STATS(net, TCP_MIB_OUTSEGS); | 841 | TCP_INC_STATS(net, TCP_MIB_OUTSEGS); |
| 843 | if (rst) | 842 | if (rst) |
| 844 | TCP_INC_STATS(net, TCP_MIB_OUTRSTS); | 843 | TCP_INC_STATS(net, TCP_MIB_OUTRSTS); |
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 176af3080a2b..6a2532dd31c4 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c | |||
| @@ -222,7 +222,8 @@ static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport) | |||
| 222 | SCTP_INC_STATS(sock_net(sk), SCTP_MIB_OUTSCTPPACKS); | 222 | SCTP_INC_STATS(sock_net(sk), SCTP_MIB_OUTSCTPPACKS); |
| 223 | 223 | ||
| 224 | rcu_read_lock(); | 224 | rcu_read_lock(); |
| 225 | res = ip6_xmit(sk, skb, fl6, rcu_dereference(np->opt), np->tclass); | 225 | res = ip6_xmit(sk, skb, fl6, sk->sk_mark, rcu_dereference(np->opt), |
| 226 | np->tclass); | ||
| 226 | rcu_read_unlock(); | 227 | rcu_read_unlock(); |
| 227 | return res; | 228 | return res; |
| 228 | } | 229 | } |