Commit dfd25fff authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller

tcp: fix syncookie regression

commit ea4fc0d6 (ipv4: Don't use rt->rt_{src,dst} in ip_queue_xmit())
added a serious regression on synflood handling.

Simon Kirby discovered a successful connection was delayed by 20 seconds
before being responsive.

In my tests, I discovered that xmit frames were lost, and needed ~4
retransmits and a socket dst rebuild before being really sent.

In case of syncookie initiated connection, we use a different path to
initialize the socket dst, and inet->cork.fl.u.ip4 is left cleared.

As ip_queue_xmit() now depends on inet flow being setup, fix this by
copying the temp flowi4 we use in cookie_v4_check().
Reported-by: default avatarSimon Kirby <sim@netnation.com>
Bisected-by: default avatarSimon Kirby <sim@netnation.com>
Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
Tested-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 4e503919
...@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, ...@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
struct rtable *rt; struct rtable *rt;
__u8 rcv_wscale; __u8 rcv_wscale;
bool ecn_ok = false; bool ecn_ok = false;
struct flowi4 fl4;
if (!sysctl_tcp_syncookies || !th->ack || th->rst) if (!sysctl_tcp_syncookies || !th->ack || th->rst)
goto out; goto out;
...@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, ...@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
* hasn't changed since we received the original syn, but I see * hasn't changed since we received the original syn, but I see
* no easy way to do this. * no easy way to do this.
*/ */
{ flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
struct flowi4 fl4; RT_SCOPE_UNIVERSE, IPPROTO_TCP,
inet_sk_flowi_flags(sk),
flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
RT_SCOPE_UNIVERSE, IPPROTO_TCP, ireq->loc_addr, th->source, th->dest);
inet_sk_flowi_flags(sk), security_req_classify_flow(req, flowi4_to_flowi(&fl4));
(opt && opt->srr) ? opt->faddr : ireq->rmt_addr, rt = ip_route_output_key(sock_net(sk), &fl4);
ireq->loc_addr, th->source, th->dest); if (IS_ERR(rt)) {
security_req_classify_flow(req, flowi4_to_flowi(&fl4)); reqsk_free(req);
rt = ip_route_output_key(sock_net(sk), &fl4); goto out;
if (IS_ERR(rt)) {
reqsk_free(req);
goto out;
}
} }
/* Try to redo what tcp_v4_send_synack did. */ /* Try to redo what tcp_v4_send_synack did. */
...@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, ...@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
ireq->rcv_wscale = rcv_wscale; ireq->rcv_wscale = rcv_wscale;
ret = get_cookie_sock(sk, skb, req, &rt->dst); ret = get_cookie_sock(sk, skb, req, &rt->dst);
/* ip_queue_xmit() depends on our flow being setup
* Normal sockets get it right from inet_csk_route_child_sock()
*/
if (ret)
inet_sk(ret)->cork.fl.u.ip4 = fl4;
out: return ret; out: return ret;
} }
...@@ -1466,9 +1466,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb, ...@@ -1466,9 +1466,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen; inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
newinet->inet_id = newtp->write_seq ^ jiffies; newinet->inet_id = newtp->write_seq ^ jiffies;
if (!dst && (dst = inet_csk_route_child_sock(sk, newsk, req)) == NULL) if (!dst) {
goto put_and_exit; dst = inet_csk_route_child_sock(sk, newsk, req);
if (!dst)
goto put_and_exit;
} else {
/* syncookie case : see end of cookie_v4_check() */
}
sk_setup_caps(newsk, dst); sk_setup_caps(newsk, dst);
tcp_mtup_init(newsk); tcp_mtup_init(newsk);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment