tcp: Add mark for TIMEWAIT sockets

This version has some suggestions by Eric Dumazet:

- Use a local variable for the mark in IPv6 instead of ctl_sk to avoid SMP
races.
- Use the more elegant "IP4_REPLY_MARK(net, skb->mark) ?: sk->sk_mark"
statement.
- Factorize code as sk_fullsock() check is not necessary.

Aidan McGurn from Openwave Mobility systems reported the following bug:

"Marked routing is broken on customer deployment. Its effects are large
increase in Uplink retransmissions caused by the client never receiving
the final ACK to their FINACK - this ACK misses the mark and routes out
of the incorrect route."

Currently marks are added to sk_buffs for replies when the "fwmark_reflect"
sysctl is enabled. But not for TW sockets that had sk->sk_mark set via
setsockopt(SO_MARK..).

Fix this in IPv4/v6 by adding tw->tw_mark for TIME_WAIT sockets. Copy the the
original sk->sk_mark in __inet_twsk_hashdance() to the new tw->tw_mark location.
Then progate this so that the skb gets sent with the correct mark. Do the same
for resets. Give the "fwmark_reflect" sysctl precedence over sk->sk_mark so that
netfilter rules are still honored.

Signed-off-by: Jon Maxwell <jmaxwell37@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 14 insertions, 2 deletions

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index f70586b50838..caf23de88f8a 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -621,6 +621,7 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb)
         struct sock *sk1 = NULL;
 #endif
         struct net *net;
+        struct sock *ctl_sk;
 
         /* Never send a reset in response to a reset. */
         if (th->rst)
@@ -723,11 +724,16 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb)
         arg.tos = ip_hdr(skb)->tos;
         arg.uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
         local_bh_disable();
-        ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
+        ctl_sk = *this_cpu_ptr(net->ipv4.tcp_sk);
+        if (sk)
+                ctl_sk->sk_mark = (sk->sk_state == TCP_TIME_WAIT) ?
+                                   inet_twsk(sk)->tw_mark : sk->sk_mark;
+        ip_send_unicast_reply(ctl_sk,
                               skb, &TCP_SKB_CB(skb)->header.h4.opt,
                               ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
                               &arg, arg.iov[0].iov_len);
 
+        ctl_sk->sk_mark = 0;
         __TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
         __TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
         local_bh_enable();
@@ -759,6 +765,7 @@ static void tcp_v4_send_ack(const struct sock *sk,
         } rep;
         struct net *net = sock_net(sk);
         struct ip_reply_arg arg;
+        struct sock *ctl_sk;
 
         memset(&rep.th, 0, sizeof(struct tcphdr));
         memset(&arg, 0, sizeof(arg));
@@ -809,11 +816,16 @@ static void tcp_v4_send_ack(const struct sock *sk,
         arg.tos = tos;
         arg.uid = sock_net_uid(net, sk_fullsock(sk) ? sk : NULL);
         local_bh_disable();
-        ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
+        ctl_sk = *this_cpu_ptr(net->ipv4.tcp_sk);
+        if (sk)
+                ctl_sk->sk_mark = (sk->sk_state == TCP_TIME_WAIT) ?
+                                   inet_twsk(sk)->tw_mark : sk->sk_mark;
+        ip_send_unicast_reply(ctl_sk,
                               skb, &TCP_SKB_CB(skb)->header.h4.opt,
                               ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
                               &arg, arg.iov[0].iov_len);
 
+        ctl_sk->sk_mark = 0;
         __TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
         local_bh_enable();
 }