mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-27 04:47:05 +00:00
tcp: use drop reasons in cookie check for ipv4
Now it's time to use the prepared definitions to refine this part. Four reasons used might enough for now, I think. Signed-off-by: Jason Xing <kernelxing@tencent.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Reviewed-by: David Ahern <dsahern@kernel.org> Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
65be4393f3
commit
a4a69a3719
1 changed files with 13 additions and 6 deletions
|
@ -421,8 +421,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
|
|||
if (IS_ERR(req))
|
||||
goto out;
|
||||
}
|
||||
if (!req)
|
||||
if (!req) {
|
||||
SKB_DR_SET(reason, NO_SOCKET);
|
||||
goto out_drop;
|
||||
}
|
||||
|
||||
ireq = inet_rsk(req);
|
||||
|
||||
|
@ -434,8 +436,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
|
|||
*/
|
||||
RCU_INIT_POINTER(ireq->ireq_opt, tcp_v4_save_options(net, skb));
|
||||
|
||||
if (security_inet_conn_request(sk, skb, req))
|
||||
if (security_inet_conn_request(sk, skb, req)) {
|
||||
SKB_DR_SET(reason, SECURITY_HOOK);
|
||||
goto out_free;
|
||||
}
|
||||
|
||||
tcp_ao_syncookie(sk, skb, req, AF_INET);
|
||||
|
||||
|
@ -452,8 +456,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
|
|||
ireq->ir_loc_addr, th->source, th->dest, sk->sk_uid);
|
||||
security_req_classify_flow(req, flowi4_to_flowi_common(&fl4));
|
||||
rt = ip_route_output_key(net, &fl4);
|
||||
if (IS_ERR(rt))
|
||||
if (IS_ERR(rt)) {
|
||||
SKB_DR_SET(reason, IP_OUTNOROUTES);
|
||||
goto out_free;
|
||||
}
|
||||
|
||||
/* Try to redo what tcp_v4_send_synack did. */
|
||||
req->rsk_window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW);
|
||||
|
@ -476,10 +482,11 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
|
|||
/* ip_queue_xmit() depends on our flow being setup
|
||||
* Normal sockets get it right from inet_csk_route_child_sock()
|
||||
*/
|
||||
if (ret)
|
||||
inet_sk(ret)->cork.fl.u.ip4 = fl4;
|
||||
else
|
||||
if (!ret) {
|
||||
SKB_DR_SET(reason, NO_SOCKET);
|
||||
goto out_drop;
|
||||
}
|
||||
inet_sk(ret)->cork.fl.u.ip4 = fl4;
|
||||
out:
|
||||
return ret;
|
||||
out_free:
|
||||
|
|
Loading…
Reference in a new issue