UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

tcp: Validate route interface in early demux. 

Otherwise we might violate reverse path filtering.

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2012-06-21 14:58:10 -07:00
parent 3e428fe038
commit fd62e09b94
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
net/ipv4/tcp_ipv4.c
View File

@ -1676,6 +1676,7 @@ int tcp_v4_early_demux(struct sk_buff *skb)
struct net *net = dev_net(skb->dev); struct net *net = dev_net(skb->dev);
const struct iphdr *iph; const struct iphdr *iph;
const struct tcphdr *th; const struct tcphdr *th;
struct net_device *dev;
struct sock *sk; struct sock *sk;
int err; int err;
@ -1695,10 +1696,11 @@ int tcp_v4_early_demux(struct sk_buff *skb)
if (!pskb_may_pull(skb, ip_hdrlen(skb) + th->doff * 4)) if (!pskb_may_pull(skb, ip_hdrlen(skb) + th->doff * 4))
goto out_err; goto out_err;
dev = skb->dev;
sk = __inet_lookup_established(net, &tcp_hashinfo, sk = __inet_lookup_established(net, &tcp_hashinfo,
iph->saddr, th->source, iph->saddr, th->source,
iph->daddr, th->dest, iph->daddr, th->dest,
skb->dev->ifindex); dev->ifindex);
if (sk) { if (sk) {
skb->sk = sk; skb->sk = sk;
skb->destructor = sock_edemux; skb->destructor = sock_edemux;
@ -1707,8 +1709,12 @@ int tcp_v4_early_demux(struct sk_buff *skb)
if (dst) if (dst)
dst = dst_check(dst, 0); dst = dst_check(dst, 0);
if (dst) { if (dst) {
skb_dst_set_noref(skb, dst); struct rtable *rt = (struct rtable *) dst;
err = 0;
if (rt->rt_iif == dev->ifindex) {
skb_dst_set_noref(skb, dst);
err = 0;
}
} }
} }
} }