diff options
author | JP Abgrall | 2013-02-20 18:38:34 -0600 |
---|---|---|
committer | Arve Hjønnevåg | 2013-02-22 17:27:53 -0600 |
commit | e7f415eadf62add0340ba59b4f6fcaa8c126da7f (patch) | |
tree | 30cfa6e4bd6084fa2430362a93ae61b6cad8b1cc | |
parent | 2b9b0b6a95cb7adbdd4fa03bff2c7dec86852aa0 (diff) | |
download | kernel-common-e7f415eadf62add0340ba59b4f6fcaa8c126da7f.tar.gz kernel-common-e7f415eadf62add0340ba59b4f6fcaa8c126da7f.tar.xz kernel-common-e7f415eadf62add0340ba59b4f6fcaa8c126da7f.zip |
netfilter: xt_qtaguid: fix bad tcp_time_wait sock handling
Since (41063e9 ipv4: Early TCP socket demux), skb's can have an sk which
is not a struct sock but the smaller struct inet_timewait_sock without an
sk->sk_socket. Now we bypass sk_state == TCP_TIME_WAIT
Signed-off-by: JP Abgrall <jpa@google.com>
-rw-r--r-- | net/netfilter/xt_qtaguid.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c index 992a6e04490..1b60fdd532d 100644 --- a/net/netfilter/xt_qtaguid.c +++ b/net/netfilter/xt_qtaguid.c | |||
@@ -1693,14 +1693,13 @@ static struct sock *qtaguid_find_sk(const struct sk_buff *skb, | |||
1693 | return NULL; | 1693 | return NULL; |
1694 | } | 1694 | } |
1695 | 1695 | ||
1696 | /* | ||
1697 | * Seems to be issues on the file ptr for TCP_TIME_WAIT SKs. | ||
1698 | * http://kerneltrap.org/mailarchive/linux-netdev/2010/10/21/6287959 | ||
1699 | * Not fixed in 3.0-r3 :( | ||
1700 | */ | ||
1701 | if (sk) { | 1696 | if (sk) { |
1702 | MT_DEBUG("qtaguid: %p->sk_proto=%u " | 1697 | MT_DEBUG("qtaguid: %p->sk_proto=%u " |
1703 | "->sk_state=%d\n", sk, sk->sk_protocol, sk->sk_state); | 1698 | "->sk_state=%d\n", sk, sk->sk_protocol, sk->sk_state); |
1699 | /* | ||
1700 | * When in TCP_TIME_WAIT the sk is not a "struct sock" but | ||
1701 | * "struct inet_timewait_sock" which is missing fields. | ||
1702 | */ | ||
1704 | if (sk->sk_state == TCP_TIME_WAIT) { | 1703 | if (sk->sk_state == TCP_TIME_WAIT) { |
1705 | xt_socket_put_sk(sk); | 1704 | xt_socket_put_sk(sk); |
1706 | sk = NULL; | 1705 | sk = NULL; |
@@ -1784,6 +1783,13 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par) | |||
1784 | } | 1783 | } |
1785 | 1784 | ||
1786 | sk = skb->sk; | 1785 | sk = skb->sk; |
1786 | /* | ||
1787 | * When in TCP_TIME_WAIT the sk is not a "struct sock" but | ||
1788 | * "struct inet_timewait_sock" which is missing fields. | ||
1789 | * So we ignore it. | ||
1790 | */ | ||
1791 | if (sk && sk->sk_state == TCP_TIME_WAIT) | ||
1792 | sk = NULL; | ||
1787 | if (sk == NULL) { | 1793 | if (sk == NULL) { |
1788 | /* | 1794 | /* |
1789 | * A missing sk->sk_socket happens when packets are in-flight | 1795 | * A missing sk->sk_socket happens when packets are in-flight |