netfilter: tproxy: properly refcount tcp listeners

inet_lookup_listener() and inet6_lookup_listener() no longer take a reference on the found listener. This minimal patch adds back the refcounting, but we might do this differently in net-next later. Fixes: 3b24d854 ("tcp/dccp: do not touch listener sk_refcnt under synflood") Reported-and-tested-by: N Denys Fedoryshchenko <nuclearcat@nuclearcat.com> Signed-off-by: N Eric Dumazet <edumazet@google.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: tproxy: properly refcount tcp listeners
inet_lookup_listener() and inet6_lookup_listener() no longer take a reference on the found listener. This minimal patch adds back the refcounting, but we might do this differently in net-next later. Fixes: 3b24d854 ("tcp/dccp: do not touch listener sk_refcnt under synflood") Reported-and-tested-by: N Denys Fedoryshchenko <nuclearcat@nuclearcat.com> Signed-off-by: N Eric Dumazet <edumazet@google.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>
dcbe3590 · Eric Dumazet · Pablo Neira Ayuso · aca30018 · dcbe3590
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

net/netfilter/xt_TPROXY.c net/netfilter/xt_TPROXY.c +4 -0

未找到文件。
--- a/net/netfilter/xt_TPROXY.c
+++ b/net/netfilter/xt_TPROXY.c
@@ -127,6 +127,8 @@ nf_tproxy_get_sock_v4(struct net *net, struct sk_buff *skb, void *hp,
 						    daddr, dport,
 						    in->ifindex);

+			if (sk && !atomic_inc_not_zero(&sk->sk_refcnt))
+				sk = NULL;
 			/* NOTE: we return listeners even if bound to
 			 * 0.0.0.0, those are filtered out in
 			 * xt_socket, since xt_TPROXY needs 0 bound
@@ -195,6 +197,8 @@ nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff, void *hp,
 						   daddr, ntohs(dport),
 						   in->ifindex);

+			if (sk && !atomic_inc_not_zero(&sk->sk_refcnt))
+				sk = NULL;
 			/* NOTE: we return listeners even if bound to
 			 * 0.0.0.0, those are filtered out in
 			 * xt_socket, since xt_TPROXY needs 0 bound