tcp: fix syncookie regression

commit ea4fc0d619 (ipv4: Don't use rt->rt_{src,dst} in ip_queue_xmit()) added a serious regression on synflood handling. Simon Kirby discovered a successful connection was delayed by 20 seconds before being responsive. In my tests, I discovered that xmit frames were lost, and needed ~4 retransmits and a socket dst rebuild before being really sent. In case of syncookie initiated connection, we use a different path to initialize the socket dst, and inet->cork.fl.u.ip4 is left cleared. As ip_queue_xmit() now depends on inet flow being setup, fix this by copying the temp flowi4 we use in cookie_v4_check(). Reported-by: Simon Kirby <sim@netnation.com> Bisected-by: Simon Kirby <sim@netnation.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Tested-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Dumazet <eric.dumazet@gmail.com> 2012-03-10 04:20:21 -0500
committer: David S. Miller <davem@davemloft.net> 2012-03-11 18:52:12 -0400
commit: dfd25ffffc132c00070eed64200e8950da5d7e9d (patch)
tree: fbce07add57f0ab7a16792b4af461d2f9e265fb6
parent: 4e50391968849860dff1aacde358b4eb14aa5127 (diff)
2 files changed, 23 insertions, 17 deletions
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 51fdbb490437..eab2a7fb15d1 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
        struct rtable *rt;
        __u8 rcv_wscale;
        bool ecn_ok = false;
+        struct flowi4 fl4;
        if (!sysctl_tcp_syncookies || !th->ack || th->rst)
                goto out;
@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
         * hasn't changed since we received the original syn, but I see
         * no easy way to do this.
         */
-        {
+        flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
-                struct flowi4 fl4;
+                           RT_SCOPE_UNIVERSE, IPPROTO_TCP,
+                           inet_sk_flowi_flags(sk),
-                flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
+                           (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
-                                   RT_SCOPE_UNIVERSE, IPPROTO_TCP,
+                           ireq->loc_addr, th->source, th->dest);
-                                   inet_sk_flowi_flags(sk),
+        security_req_classify_flow(req, flowi4_to_flowi(&fl4));
-                                   (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
+        rt = ip_route_output_key(sock_net(sk), &fl4);
-                                   ireq->loc_addr, th->source, th->dest);
+        if (IS_ERR(rt)) {
-                security_req_classify_flow(req, flowi4_to_flowi(&fl4));
+                reqsk_free(req);
-                rt = ip_route_output_key(sock_net(sk), &fl4);
+                goto out;
-                if (IS_ERR(rt)) {
-                        reqsk_free(req);
-                        goto out;
-                }
        }
        /* Try to redo what tcp_v4_send_synack did. */
@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
        ireq->rcv_wscale  = rcv_wscale;
        ret = get_cookie_sock(sk, skb, req, &rt->dst);
+        /* ip_queue_xmit() depends on our flow being setup
+         * Normal sockets get it right from inet_csk_route_child_sock()
+         */
+        if (ret)
+                inet_sk(ret)->cork.fl.u.ip4 = fl4;
 out:    return ret;
 }
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 94d683a61cba..fd54c5f8a255 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1466,9 +1466,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
                inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
        newinet->inet_id = newtp->write_seq ^ jiffies;
-        if (!dst && (dst = inet_csk_route_child_sock(sk, newsk, req)) == NULL)
+        if (!dst) {
-                goto put_and_exit;
+                dst = inet_csk_route_child_sock(sk, newsk, req);
+                if (!dst)
+                        goto put_and_exit;
+        } else {
+                /* syncookie case : see end of cookie_v4_check() */
+        }
        sk_setup_caps(newsk, dst);
        tcp_mtup_init(newsk);
author	Eric Dumazet <eric.dumazet@gmail.com>	2012-03-10 04:20:21 -0500
committer	David S. Miller <davem@davemloft.net>	2012-03-11 18:52:12 -0400
commit	dfd25ffffc132c00070eed64200e8950da5d7e9d (patch)
tree	fbce07add57f0ab7a16792b4af461d2f9e265fb6
parent	4e50391968849860dff1aacde358b4eb14aa5127 (diff)

diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 51fdbb490437..eab2a7fb15d1 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c
@@ -278,6 +278,7 @@ struct sock cookie_v4_check(struct sock sk, struct sk_buff *skb,
278	struct rtable *rt;	278	struct rtable *rt;
279	__u8 rcv_wscale;	279	__u8 rcv_wscale;
280	bool ecn_ok = false;	280	bool ecn_ok = false;
		281	struct flowi4 fl4;
281		282
282	if (!sysctl_tcp_syncookies \|\| !th->ack \|\| th->rst)	283	if (!sysctl_tcp_syncookies \|\| !th->ack \|\| th->rst)
283	goto out;	284	goto out;
@@ -346,20 +347,16 @@ struct sock cookie_v4_check(struct sock sk, struct sk_buff *skb,
346	* hasn't changed since we received the original syn, but I see	347	* hasn't changed since we received the original syn, but I see
347	* no easy way to do this.	348	* no easy way to do this.
348	*/	349	*/
349	{	350	flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
350	struct flowi4 fl4;	351	RT_SCOPE_UNIVERSE, IPPROTO_TCP,
351		352	inet_sk_flowi_flags(sk),
352	flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),	353	(opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
353	RT_SCOPE_UNIVERSE, IPPROTO_TCP,	354	ireq->loc_addr, th->source, th->dest);
354	inet_sk_flowi_flags(sk),	355	security_req_classify_flow(req, flowi4_to_flowi(&fl4));
355	(opt && opt->srr) ? opt->faddr : ireq->rmt_addr,	356	rt = ip_route_output_key(sock_net(sk), &fl4);
356	ireq->loc_addr, th->source, th->dest);	357	if (IS_ERR(rt)) {
357	security_req_classify_flow(req, flowi4_to_flowi(&fl4));	358	reqsk_free(req);
358	rt = ip_route_output_key(sock_net(sk), &fl4);	359	goto out;
359	if (IS_ERR(rt)) {
360	reqsk_free(req);
361	goto out;
362	}
363	}	360	}
364		361
365	/* Try to redo what tcp_v4_send_synack did. */	362	/* Try to redo what tcp_v4_send_synack did. */
@@ -373,5 +370,10 @@ struct sock cookie_v4_check(struct sock sk, struct sk_buff *skb,
373	ireq->rcv_wscale = rcv_wscale;	370	ireq->rcv_wscale = rcv_wscale;
374		371
375	ret = get_cookie_sock(sk, skb, req, &rt->dst);	372	ret = get_cookie_sock(sk, skb, req, &rt->dst);
		373	/* ip_queue_xmit() depends on our flow being setup
		374	* Normal sockets get it right from inet_csk_route_child_sock()
		375	*/
		376	if (ret)
		377	inet_sk(ret)->cork.fl.u.ip4 = fl4;
376	out: return ret;	378	out: return ret;
377	}	379	}


diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 94d683a61cba..fd54c5f8a255 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c
@@ -1466,9 +1466,13 @@ struct sock tcp_v4_syn_recv_sock(struct sock sk, struct sk_buff *skb,
1466	inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;	1466	inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
1467	newinet->inet_id = newtp->write_seq ^ jiffies;	1467	newinet->inet_id = newtp->write_seq ^ jiffies;
1468		1468
1469	if (!dst && (dst = inet_csk_route_child_sock(sk, newsk, req)) == NULL)	1469	if (!dst) {
1470	goto put_and_exit;	1470	dst = inet_csk_route_child_sock(sk, newsk, req);
1471		1471	if (!dst)
		1472	goto put_and_exit;
		1473	} else {
		1474	/* syncookie case : see end of cookie_v4_check() */
		1475	}
1472	sk_setup_caps(newsk, dst);	1476	sk_setup_caps(newsk, dst);
1473		1477
1474	tcp_mtup_init(newsk);	1478	tcp_mtup_init(newsk);