diff options
| author | Eric Dumazet <eric.dumazet@gmail.com> | 2011-01-10 20:14:22 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2011-01-11 17:03:07 -0500 |
| commit | c191a836a908d1dd6b40c503741f91b914de3348 (patch) | |
| tree | 98ab4ed7316d55bb014f758e590fec2811694f30 | |
| parent | 42b82dc19dfdcab931fb67175996a881ce254145 (diff) | |
tcp: disallow bind() to reuse addr/port
inet_csk_bind_conflict() logic currently disallows a bind() if
it finds a friend socket (a socket bound on same address/port)
satisfying a set of conditions :
1) Current (to be bound) socket doesnt have sk_reuse set
OR
2) other socket doesnt have sk_reuse set
OR
3) other socket is in LISTEN state
We should add the CLOSE state in the 3) condition, in order to avoid two
REUSEADDR sockets in CLOSE state with same local address/port, since
this can deny further operations.
Note : a prior patch tried to address the problem in a different (and
buggy) way. (commit fda48a0d7a8412ced tcp: bind() fix when many ports
are bound).
Reported-by: Gaspar Chilingarov <gasparch@gmail.com>
Reported-by: Daniel Baluta <daniel.baluta@gmail.com>
Tested-by: Daniel Baluta <daniel.baluta@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/ipv4/inet_connection_sock.c | 5 | ||||
| -rw-r--r-- | net/ipv6/inet6_connection_sock.c | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c index 25e318153f1..97e5fb76526 100644 --- a/net/ipv4/inet_connection_sock.c +++ b/net/ipv4/inet_connection_sock.c | |||
| @@ -73,7 +73,7 @@ int inet_csk_bind_conflict(const struct sock *sk, | |||
| 73 | !sk2->sk_bound_dev_if || | 73 | !sk2->sk_bound_dev_if || |
| 74 | sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) { | 74 | sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) { |
| 75 | if (!reuse || !sk2->sk_reuse || | 75 | if (!reuse || !sk2->sk_reuse || |
| 76 | sk2->sk_state == TCP_LISTEN) { | 76 | ((1 << sk2->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))) { |
| 77 | const __be32 sk2_rcv_saddr = sk_rcv_saddr(sk2); | 77 | const __be32 sk2_rcv_saddr = sk_rcv_saddr(sk2); |
| 78 | if (!sk2_rcv_saddr || !sk_rcv_saddr(sk) || | 78 | if (!sk2_rcv_saddr || !sk_rcv_saddr(sk) || |
| 79 | sk2_rcv_saddr == sk_rcv_saddr(sk)) | 79 | sk2_rcv_saddr == sk_rcv_saddr(sk)) |
| @@ -122,7 +122,8 @@ again: | |||
| 122 | (tb->num_owners < smallest_size || smallest_size == -1)) { | 122 | (tb->num_owners < smallest_size || smallest_size == -1)) { |
| 123 | smallest_size = tb->num_owners; | 123 | smallest_size = tb->num_owners; |
| 124 | smallest_rover = rover; | 124 | smallest_rover = rover; |
| 125 | if (atomic_read(&hashinfo->bsockets) > (high - low) + 1) { | 125 | if (atomic_read(&hashinfo->bsockets) > (high - low) + 1 && |
| 126 | !inet_csk(sk)->icsk_af_ops->bind_conflict(sk, tb)) { | ||
| 126 | spin_unlock(&head->lock); | 127 | spin_unlock(&head->lock); |
| 127 | snum = smallest_rover; | 128 | snum = smallest_rover; |
| 128 | goto have_snum; | 129 | goto have_snum; |
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c index e46305d1815..d144e629d2b 100644 --- a/net/ipv6/inet6_connection_sock.c +++ b/net/ipv6/inet6_connection_sock.c | |||
| @@ -44,7 +44,7 @@ int inet6_csk_bind_conflict(const struct sock *sk, | |||
| 44 | !sk2->sk_bound_dev_if || | 44 | !sk2->sk_bound_dev_if || |
| 45 | sk->sk_bound_dev_if == sk2->sk_bound_dev_if) && | 45 | sk->sk_bound_dev_if == sk2->sk_bound_dev_if) && |
| 46 | (!sk->sk_reuse || !sk2->sk_reuse || | 46 | (!sk->sk_reuse || !sk2->sk_reuse || |
| 47 | sk2->sk_state == TCP_LISTEN) && | 47 | ((1 << sk2->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))) && |
| 48 | ipv6_rcv_saddr_equal(sk, sk2)) | 48 | ipv6_rcv_saddr_equal(sk, sk2)) |
| 49 | break; | 49 | break; |
| 50 | } | 50 | } |