* [PATCH] tcp: incoming connections might use wrong route under synflood @ 2013-04-10 20:09 Dmitry Popov 2013-04-11 3:26 ` David Miller 0 siblings, 1 reply; 4+ messages in thread From: Dmitry Popov @ 2013-04-10 20:09 UTC (permalink / raw) To: David S. Miller, Alexey Kuznetsov, James Morris, Hideaki YOSHIFUJI, Patrick McHardy Cc: netdev, linux-kernel There is a bug in cookie_v4_check (net/ipv4/syncookies.c): flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, inet_sk_flowi_flags(sk), (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, ireq->loc_addr, th->source, th->dest); Here we do not respect sk->sk_bound_dev_if, therefore wrong dst_entry may be taken. This dst_entry is used in new socket (get_cookie_sock -> tcp_v4_syn_recv_sock), so its packets may take wrong path. There is no such bug in ipv6 code and non-cookie code (usual case). Bugfix below. Signed-off-by: Dmitry Popov <dp@highloadlab.com> --- net/ipv4/syncookies.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index ef54377..397e0f6 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -349,8 +349,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, * hasn't changed since we received the original syn, but I see * no easy way to do this. */ - flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), - RT_SCOPE_UNIVERSE, IPPROTO_TCP, + flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark, + RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, inet_sk_flowi_flags(sk), (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, ireq->loc_addr, th->source, th->dest); ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] tcp: incoming connections might use wrong route under synflood 2013-04-10 20:09 [PATCH] tcp: incoming connections might use wrong route under synflood Dmitry Popov @ 2013-04-11 3:26 ` David Miller 2013-04-11 7:46 ` Dmitry Popov 0 siblings, 1 reply; 4+ messages in thread From: David Miller @ 2013-04-11 3:26 UTC (permalink / raw) To: dp; +Cc: kuznet, jmorris, yoshfuji, kaber, netdev, linux-kernel From: Dmitry Popov <dp@highloadlab.com> Date: Thu, 11 Apr 2013 00:09:09 +0400 > There is a bug in cookie_v4_check (net/ipv4/syncookies.c): > flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), > RT_SCOPE_UNIVERSE, IPPROTO_TCP, > inet_sk_flowi_flags(sk), > (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, > ireq->loc_addr, th->source, th->dest); > > Here we do not respect sk->sk_bound_dev_if, therefore wrong dst_entry may be taken. This dst_entry is used in new socket (get_cookie_sock -> tcp_v4_syn_recv_sock), so its packets may take wrong path. There is no such bug in ipv6 code and non-cookie code (usual case). Bugfix below. > > Signed-off-by: Dmitry Popov <dp@highloadlab.com> Please format your commit messages properly, by not allowing lines of text longer than 80 columns. Thank you. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] tcp: incoming connections might use wrong route under synflood 2013-04-11 3:26 ` David Miller @ 2013-04-11 7:46 ` Dmitry Popov 2013-04-11 17:18 ` David Miller 0 siblings, 1 reply; 4+ messages in thread From: Dmitry Popov @ 2013-04-11 7:46 UTC (permalink / raw) To: David Miller; +Cc: kuznet, jmorris, yoshfuji, kaber, netdev, linux-kernel There is a bug in cookie_v4_check (net/ipv4/syncookies.c): flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, inet_sk_flowi_flags(sk), (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, ireq->loc_addr, th->source, th->dest); Here we do not respect sk->sk_bound_dev_if, therefore wrong dst_entry may be taken. This dst_entry is used by new socket (get_cookie_sock -> tcp_v4_syn_recv_sock), so its packets may take the wrong path. Signed-off-by: Dmitry Popov <dp@highloadlab.com> --- net/ipv4/syncookies.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index ef54377..397e0f6 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -349,8 +349,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, * hasn't changed since we received the original syn, but I see * no easy way to do this. */ - flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), - RT_SCOPE_UNIVERSE, IPPROTO_TCP, + flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark, + RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, inet_sk_flowi_flags(sk), (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, ireq->loc_addr, th->source, th->dest); On Wed, 10 Apr 2013 23:26:12 -0400 (EDT) David Miller <davem@davemloft.net> wrote: > From: Dmitry Popov <dp@highloadlab.com> > Date: Thu, 11 Apr 2013 00:09:09 +0400 > > > There is a bug in cookie_v4_check (net/ipv4/syncookies.c): > > flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), > > RT_SCOPE_UNIVERSE, IPPROTO_TCP, > > inet_sk_flowi_flags(sk), > > (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, > > ireq->loc_addr, th->source, th->dest); > > > > Here we do not respect sk->sk_bound_dev_if, therefore wrong dst_entry may be taken. This dst_entry is used in new socket (get_cookie_sock -> tcp_v4_syn_recv_sock), so its packets may take wrong path. There is no such bug in ipv6 code and non-cookie code (usual case). Bugfix below. > > > > Signed-off-by: Dmitry Popov <dp@highloadlab.com> > > Please format your commit messages properly, by not allowing lines of > text longer than 80 columns. > > Thank you. -- Dmitry Popov <dp@highloadlab.com> ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] tcp: incoming connections might use wrong route under synflood 2013-04-11 7:46 ` Dmitry Popov @ 2013-04-11 17:18 ` David Miller 0 siblings, 0 replies; 4+ messages in thread From: David Miller @ 2013-04-11 17:18 UTC (permalink / raw) To: dp; +Cc: kuznet, jmorris, yoshfuji, kaber, netdev, linux-kernel From: Dmitry Popov <dp@highloadlab.com> Date: Thu, 11 Apr 2013 11:46:00 +0400 > There is a bug in cookie_v4_check (net/ipv4/syncookies.c): > flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), > RT_SCOPE_UNIVERSE, IPPROTO_TCP, > inet_sk_flowi_flags(sk), > (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, > ireq->loc_addr, th->source, th->dest); > > Here we do not respect sk->sk_bound_dev_if, therefore wrong dst_entry may be > taken. This dst_entry is used by new socket (get_cookie_sock -> > tcp_v4_syn_recv_sock), so its packets may take the wrong path. > > Signed-off-by: Dmitry Popov <dp@highloadlab.com> Do not top post, especially with patches! Because you top posted the new version of the patch, my reply to you sits at the end of the new patch. Make a fresh, completely new, mailing list posting to post new versions of patches. Never do so using replies. Thanks. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-04-11 17:18 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-04-10 20:09 [PATCH] tcp: incoming connections might use wrong route under synflood Dmitry Popov 2013-04-11 3:26 ` David Miller 2013-04-11 7:46 ` Dmitry Popov 2013-04-11 17:18 ` David Miller
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).