diff options
| author | Balazs Scheidler <bazsi@balabit.hu> | 2010-10-21 07:06:43 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-10-21 07:06:43 -0400 |
| commit | 093d282321daeb19c107e5f1f16d7f68484f3ade (patch) | |
| tree | 36e9eed23573068819bf67a91caac6ebf60d0d7c /net/ipv4/tcp_ipv4.c | |
| parent | 6006db84a91838813cdad8a6622a4e39efe9ea47 (diff) | |
tproxy: fix hash locking issue when using port redirection in __inet_inherit_port()
When __inet_inherit_port() is called on a tproxy connection the wrong locks are
held for the inet_bind_bucket it is added to. __inet_inherit_port() made an
implicit assumption that the listener's port number (and thus its bind bucket).
Unfortunately, if you're using the TPROXY target to redirect skbs to a
transparent proxy that assumption is not true anymore and things break.
This patch adds code to __inet_inherit_port() so that it can handle this case
by looking up or creating a new bind bucket for the child socket and updates
callers of __inet_inherit_port() to gracefully handle __inet_inherit_port()
failing.
Reported by and original patch from Stephen Buck <stephen.buck@exinda.com>.
See http://marc.info/?t=128169268200001&r=1&w=2 for the original discussion.
Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4/tcp_ipv4.c')
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index a0232f3a358b..8f8527d41682 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
| @@ -1422,7 +1422,7 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb, | |||
| 1422 | 1422 | ||
| 1423 | newsk = tcp_create_openreq_child(sk, req, skb); | 1423 | newsk = tcp_create_openreq_child(sk, req, skb); |
| 1424 | if (!newsk) | 1424 | if (!newsk) |
| 1425 | goto exit; | 1425 | goto exit_nonewsk; |
| 1426 | 1426 | ||
| 1427 | newsk->sk_gso_type = SKB_GSO_TCPV4; | 1427 | newsk->sk_gso_type = SKB_GSO_TCPV4; |
| 1428 | sk_setup_caps(newsk, dst); | 1428 | sk_setup_caps(newsk, dst); |
| @@ -1469,16 +1469,20 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb, | |||
| 1469 | } | 1469 | } |
| 1470 | #endif | 1470 | #endif |
| 1471 | 1471 | ||
| 1472 | if (__inet_inherit_port(sk, newsk) < 0) { | ||
| 1473 | sock_put(newsk); | ||
| 1474 | goto exit; | ||
| 1475 | } | ||
| 1472 | __inet_hash_nolisten(newsk, NULL); | 1476 | __inet_hash_nolisten(newsk, NULL); |
| 1473 | __inet_inherit_port(sk, newsk); | ||
| 1474 | 1477 | ||
| 1475 | return newsk; | 1478 | return newsk; |
| 1476 | 1479 | ||
| 1477 | exit_overflow: | 1480 | exit_overflow: |
| 1478 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); | 1481 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); |
| 1482 | exit_nonewsk: | ||
| 1483 | dst_release(dst); | ||
| 1479 | exit: | 1484 | exit: |
| 1480 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); | 1485 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); |
| 1481 | dst_release(dst); | ||
| 1482 | return NULL; | 1486 | return NULL; |
| 1483 | } | 1487 | } |
| 1484 | EXPORT_SYMBOL(tcp_v4_syn_recv_sock); | 1488 | EXPORT_SYMBOL(tcp_v4_syn_recv_sock); |