tcp_ipv6_check_established

tcp_ipv6_check_established

[Mark Huth]

[-- Attachment #1: Type: text/plain, Size: 1449 bytes --]

There appears to be a long-standing bug in tcp_ipv6_check_established 
that results in the return of EADDRNOTAVAILABLE from connect().  It can 
be demonstrated in the following scenario:

The following scenario fails in most known ipv6 linuxes

All within a single node.

Host has two IPv6 addresses:
    dead:dead:dead:dead::1/128
    dead:dead:dead:dead::2/128

Application A creates two listening sockets:
    dead:dead:dead:dead::1 49997
    dead:dead:dead:dead::2 49997

Application B creates a TCP-connection:
    from dead:dead:dead:dead::1 49998 to dead:dead:dead:dead::2 49997

Application C creates a TCP-connection:
    from dead:dead:dead:dead::2 49998 to dead:dead:dead:dead::1 49997

However, the latter operation fails, and connect() returns
EADDRNOTAVAILABLE.  Meaning that the host already has such a connection and
the new one cannot be created.	Clearly there is no identical connection
used (different ports), thus connect() misbehaves.

All sockets use SO_REUSEADDR-option, and all sockets bind() their source
address and source ports before the attempted connect().

While the above may be somewhat contrived, the code is wrong by inspection.
The check for the established connections interates on sk2, while the macro
argument for TCP_IPV6_MATCH is sk.  Thus the check result is invarient over the loop.

A proposed patch for 2.6.6 is attached.  A similar patch is required for 2.4 kernels, and is
also attached.

Mark Huth




[-- Attachment #2: tcp_ipv6_check_est-2.6.6.patch --]
[-- Type: application/octet-stream, Size: 456 bytes --]

diff -ur linux-2.6.6/net/ipv6/tcp_ipv6.c linux-2.6.6-patch/net/ipv6/tcp_ipv6.c
--- linux-2.6.6/net/ipv6/tcp_ipv6.c	2004-05-09 19:32:38.000000000 -0700
+++ linux-2.6.6-patch/net/ipv6/tcp_ipv6.c	2004-05-11 11:19:24.000000000 -0700
@@ -479,7 +479,7 @@
 
 	/* And established part... */
 	sk_for_each(sk2, node, &head->chain) {
-		if(TCP_IPV6_MATCH(sk, saddr, daddr, ports, dif))
+		if(TCP_IPV6_MATCH(sk2, saddr, daddr, ports, dif))
 			goto not_unique;
 	}
 

[-- Attachment #3: tcp_ipv6_check_est-2.4.20.patch --]
[-- Type: application/octet-stream, Size: 450 bytes --]

diff -ur --exclude CVS linux/net/ipv6/tcp_ipv6.c linux_patch/net/ipv6/tcp_ipv6.c
--- linux/net/ipv6/tcp_ipv6.c	2003-10-02 12:03:53.000000000 -0700
+++ linux_patch/net/ipv6/tcp_ipv6.c	2004-05-10 18:00:14.000000000 -0700
@@ -454,7 +454,7 @@
 	tw = NULL;
 
 	for(skp = &head->chain; (sk2=*skp)!=NULL; skp = &sk2->next) {
-		if(TCP_IPV6_MATCH(sk, saddr, daddr, ports, dif))
+		if(TCP_IPV6_MATCH(sk2, saddr, daddr, ports, dif))
 			goto not_unique;
 	}
 

Re: tcp_ipv6_check_established

[YOSHIFUJI Hideaki / 吉藤英明]

In article <40A163A4.8050905@mvista.com> (at Tue, 11 May 2004 16:37:08 -0700), Mark Huth <mhuth@mvista.com> says:

> A proposed patch for 2.6.6 is attached.  A similar patch is required for 2.4 kernels, and is
> also attached.

Correct. David, please apply.

-- 
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@linux-ipv6.org>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA

Re: tcp_ipv6_check_established

[David S. Miller]

On Tue, 18 May 2004 16:22:13 +0900 (JST)
YOSHIFUJI Hideaki / ^[$B5HF#1QL@^[(B <yoshfuji@linux-ipv6.org> wrote:

> Correct. David, please apply.

Done.  Thanks everyone.