Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dfd25fff authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller
Browse files

tcp: fix syncookie regression 



commit ea4fc0d6 (ipv4: Don't use rt->rt_{src,dst} in ip_queue_xmit())
added a serious regression on synflood handling.

Simon Kirby discovered a successful connection was delayed by 20 seconds
before being responsive.

In my tests, I discovered that xmit frames were lost, and needed ~4
retransmits and a socket dst rebuild before being really sent.

In case of syncookie initiated connection, we use a different path to
initialize the socket dst, and inet->cork.fl.u.ip4 is left cleared.

As ip_queue_xmit() now depends on inet flow being setup, fix this by
copying the temp flowi4 we use in cookie_v4_check().

Reported-by: default avatarSimon Kirby <sim@netnation.com>
Bisected-by: default avatarSimon Kirby <sim@netnation.com>
Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
Tested-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 4e503919

net/ipv4/syncookies.c

+16 −14
Original line number Original line Diff line number Diff line
@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, 
	struct rtable *rt;

	struct rtable *rt;

	__u8 rcv_wscale;

	__u8 rcv_wscale;

	bool ecn_ok = false;

	bool ecn_ok = false;

	struct flowi4 fl4;





	if (!sysctl_tcp_syncookies || !th->ack || th->rst)

	if (!sysctl_tcp_syncookies || !th->ack || th->rst)

		goto out;

		goto out;
@@ -346,9 +347,6 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, 
	 * hasn't changed since we received the original syn, but I see

	 * hasn't changed since we received the original syn, but I see

	 * no easy way to do this.

	 * no easy way to do this.

	 */

	 */

	{

		struct flowi4 fl4;



	flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),

	flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),

			   RT_SCOPE_UNIVERSE, IPPROTO_TCP,

			   RT_SCOPE_UNIVERSE, IPPROTO_TCP,

			   inet_sk_flowi_flags(sk),

			   inet_sk_flowi_flags(sk),
@@ -360,7 +358,6 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, 
		reqsk_free(req);

		reqsk_free(req);

		goto out;

		goto out;

	}

	}

	}





	/* Try to redo what tcp_v4_send_synack did. */

	/* Try to redo what tcp_v4_send_synack did. */

	req->window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW);

	req->window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW);
@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, 
	ireq->rcv_wscale  = rcv_wscale;

	ireq->rcv_wscale  = rcv_wscale;





	ret = get_cookie_sock(sk, skb, req, &rt->dst);

	ret = get_cookie_sock(sk, skb, req, &rt->dst);

	/* ip_queue_xmit() depends on our flow being setup

	 * Normal sockets get it right from inet_csk_route_child_sock()

	 */

	if (ret)

		inet_sk(ret)->cork.fl.u.ip4 = fl4;

out:	return ret;

out:	return ret;

}
 
}

net/ipv4/tcp_ipv4.c

+7 −3
Original line number Original line Diff line number Diff line
@@ -1466,9 +1466,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb, 
		inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;

		inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;

	newinet->inet_id = newtp->write_seq ^ jiffies;

	newinet->inet_id = newtp->write_seq ^ jiffies;





	if (!dst && (dst = inet_csk_route_child_sock(sk, newsk, req)) == NULL)

	if (!dst) {

		dst = inet_csk_route_child_sock(sk, newsk, req);

		if (!dst)

			goto put_and_exit;

			goto put_and_exit;



	} else {

		/* syncookie case : see end of cookie_v4_check() */

	}

	sk_setup_caps(newsk, dst);

	sk_setup_caps(newsk, dst);





	tcp_mtup_init(newsk);

	tcp_mtup_init(newsk);