ipv4: Use newinet->inet_opt in inet_csk_route_child_sock() (1a7b27c9) · Commits · e / devices / android_kernel_xiaomi_markw

Since ("ipv4: Use inet_csk_route_child_sock() in DCCP and TCP."), inet_csk_route_child_sock() is called instead of inet_csk_route_req(). However, after creating the child-sock in tcp/dccp_v4_syn_recv_sock(), ireq->opt is set to NULL, before calling inet_csk_route_child_sock(). Thus, inside inet_csk_route_child_sock() opt is always NULL and the SRR-options are not respected anymore. Packets sent by the server won't have the correct destination-IP. This patch fixes it by accessing newinet->inet_opt instead of ireq->opt inside inet_csk_route_child_sock(). Reported-by:

Luca Boccassi <luca.boccassi@gmail.com> Signed-off-by:

Christoph Paasch <christoph.paasch@uclouvain.be> Signed-off-by:

David S. Miller <davem@davemloft.net>

net/ipv4/inet_connection_sock.c

+6 −1

Original line number	Diff line number	Diff line
		@@ -404,12 +404,15 @@ struct dst_entry inet_csk_route_child_sock(struct sock sk,
		{
		const struct inet_request_sock *ireq = inet_rsk(req);
		struct inet_sock *newinet = inet_sk(newsk);
		struct ip_options_rcu *opt = ireq->opt;
		struct ip_options_rcu *opt;
		struct net *net = sock_net(sk);
		struct flowi4 *fl4;
		struct rtable *rt;

		fl4 = &newinet->cork.fl.u.ip4;

		rcu_read_lock();
		opt = rcu_dereference(newinet->inet_opt);
		flowi4_init_output(fl4, sk->sk_bound_dev_if, sk->sk_mark,
		RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
		sk->sk_protocol, inet_sk_flowi_flags(sk),
		@@ -421,11 +424,13 @@ struct dst_entry inet_csk_route_child_sock(struct sock sk,
		goto no_route;
		if (opt && opt->opt.is_strictroute && rt->rt_gateway)
		goto route_err;
		rcu_read_unlock();
		return &rt->dst;

		route_err:
		ip_rt_put(rt);
		no_route:
		rcu_read_unlock();
		IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES);
		return NULL;
		}