From: David S. Miller Date: Thu, 21 Jun 2012 21:58:10 +0000 (-0700) Subject: tcp: Validate route interface in early demux. X-Git-Tag: firefly_0821_release~3680^2~2381^2~470 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=fd62e09b946522ec3578412826a81bead06fadf7;p=firefly-linux-kernel-4.4.55.git tcp: Validate route interface in early demux. Otherwise we might violate reverse path filtering. Signed-off-by: David S. Miller --- diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 13857df1dae1..21e22a00481a 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1676,6 +1676,7 @@ int tcp_v4_early_demux(struct sk_buff *skb) struct net *net = dev_net(skb->dev); const struct iphdr *iph; const struct tcphdr *th; + struct net_device *dev; struct sock *sk; int err; @@ -1695,10 +1696,11 @@ int tcp_v4_early_demux(struct sk_buff *skb) if (!pskb_may_pull(skb, ip_hdrlen(skb) + th->doff * 4)) goto out_err; + dev = skb->dev; sk = __inet_lookup_established(net, &tcp_hashinfo, iph->saddr, th->source, iph->daddr, th->dest, - skb->dev->ifindex); + dev->ifindex); if (sk) { skb->sk = sk; skb->destructor = sock_edemux; @@ -1707,8 +1709,12 @@ int tcp_v4_early_demux(struct sk_buff *skb) if (dst) dst = dst_check(dst, 0); if (dst) { - skb_dst_set_noref(skb, dst); - err = 0; + struct rtable *rt = (struct rtable *) dst; + + if (rt->rt_iif == dev->ifindex) { + skb_dst_set_noref(skb, dst); + err = 0; + } } } }