Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dcbe3590 authored by Eric Dumazet's avatar Eric Dumazet Committed by Pablo Neira Ayuso
Browse files

netfilter: tproxy: properly refcount tcp listeners 



inet_lookup_listener() and inet6_lookup_listener() no longer
take a reference on the found listener.

This minimal patch adds back the refcounting, but we might do
this differently in net-next later.

Fixes: 3b24d854 ("tcp/dccp: do not touch listener sk_refcnt under synflood")
Reported-and-tested-by: default avatarDenys Fedoryshchenko <nuclearcat@nuclearcat.com>
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent aca30018

net/netfilter/xt_TPROXY.c

+4 −0
Original line number Original line Diff line number Diff line
@@ -127,6 +127,8 @@ nf_tproxy_get_sock_v4(struct net *net, struct sk_buff *skb, void *hp, 
						    daddr, dport,

						    daddr, dport,

						    in->ifindex);

						    in->ifindex);





			if (sk && !atomic_inc_not_zero(&sk->sk_refcnt))

				sk = NULL;

			/* NOTE: we return listeners even if bound to

			/* NOTE: we return listeners even if bound to

			 * 0.0.0.0, those are filtered out in

			 * 0.0.0.0, those are filtered out in

			 * xt_socket, since xt_TPROXY needs 0 bound

			 * xt_socket, since xt_TPROXY needs 0 bound
@@ -195,6 +197,8 @@ nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff, void *hp, 
						   daddr, ntohs(dport),

						   daddr, ntohs(dport),

						   in->ifindex);

						   in->ifindex);





			if (sk && !atomic_inc_not_zero(&sk->sk_refcnt))

				sk = NULL;

			/* NOTE: we return listeners even if bound to

			/* NOTE: we return listeners even if bound to

			 * 0.0.0.0, those are filtered out in

			 * 0.0.0.0, those are filtered out in

			 * xt_socket, since xt_TPROXY needs 0 bound

			 * xt_socket, since xt_TPROXY needs 0 bound