| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Jun 2020 15:18:33 -0700
From: Martin KaFai Lau <kafai@...com>
To: <netdev@...r.kernel.org>
CC: David Miller <davem@...emloft.net>, <kernel-team@...com>,
Willem de Bruijn <willemb@...gle.com>
Subject: [PATCH net] ipv4: tcp: Fix SO_MARK in RST and ACK packet
When testing a recent kernel (5.6 in our case), the skb->mark of the
IPv4 TCP RST pkt does not carry the mark from sk->sk_mark. It is
discovered by the bpf@tc that depends on skb->mark to work properly.
The same bpf prog has been working in the earlier kernel version.
After reverting commit c6af0c227a22 ("ip: support SO_MARK cmsg"),
the skb->mark is set and seen by bpf@tc properly.
We have noticed that in IPv4 TCP RST but it should also
happen to the ACK based on tcp_v4_send_ack() is also depending
on ip_send_unicast_reply().
This patch tries to fix it by initializing the ipc.sockc.mark to
fl4.flowi4_mark.
Fixes: c6af0c227a22 ("ip: support SO_MARK cmsg")
Cc: Willem de Bruijn <willemb@...gle.com>
Signed-off-by: Martin KaFai Lau <kafai@...com>
---
net/ipv4/ip_output.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 090d3097ee15..033512f719ec 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1703,6 +1703,7 @@ void ip_send_unicast_reply(struct sock *sk, struct sk_buff *skb,
sk->sk_bound_dev_if = arg->bound_dev_if;
sk->sk_sndbuf = sysctl_wmem_default;
sk->sk_mark = fl4.flowi4_mark;
+ ipc.sockc.mark = fl4.flowi4_mark;
err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base,
len, 0, &ipc, &rt, MSG_DONTWAIT);
if (unlikely(err)) {
--
2.24.1
Powered by blists - more mailing lists