From patchwork Fri Feb 3 20:16:52 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shawn Lu X-Patchwork-Id: 139450 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40D02104792 for ; Sat, 4 Feb 2012 07:17:12 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756174Ab2BCURJ (ORCPT ); Fri, 3 Feb 2012 15:17:09 -0500 Received: from imr3.ericy.com ([198.24.6.13]:45562 "EHLO imr3.ericy.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755956Ab2BCURI (ORCPT ); Fri, 3 Feb 2012 15:17:08 -0500 Received: from eusaamw0712.eamcs.ericsson.se ([147.117.20.181]) by imr3.ericy.com (8.13.8/8.13.8) with ESMTP id q13KH4ZO019300 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 3 Feb 2012 14:17:05 -0600 Received: from prattle.redback.com (147.117.20.214) by eusaamw0712.eamcs.ericsson.se (147.117.20.182) with Microsoft SMTP Server id 8.3.137.0; Fri, 3 Feb 2012 15:17:04 -0500 Received: from localhost (localhost [127.0.0.1]) by prattle.redback.com (Postfix) with ESMTP id 346421AF7F4A; Fri, 3 Feb 2012 12:17:04 -0800 (PST) Received: from prattle.redback.com ([127.0.0.1]) by localhost (prattle [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30537-04; Fri, 3 Feb 2012 12:17:04 -0800 (PST) Received: from localhost.localdomain (rbos-pc-12.lab.redback.com [10.12.11.132]) by prattle.redback.com (Postfix) with ESMTP id D37391AF7F48; Fri, 3 Feb 2012 12:17:03 -0800 (PST) From: Shawn Lu To: davem@davemloft.net CC: netdev@vger.kernel.org, xiaoclu@gmail.com Subject: [PATCH] tcp: RST: binding oif to iif for tcp v4 Date: Fri, 3 Feb 2012 12:16:52 -0800 Message-ID: <1328300212-18836-1-git-send-email-shawn.lu@ericsson.com> X-Mailer: git-send-email 1.7.0.4 MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Binding RST packet outgoing interface to incomming interface for tcp v4. This has few benefits: 1. tcp_v6_send_reset already did that. 2. This helps tcp connect with SO_BINDTODEVICE set. When connection is lost, we still able to sending out RST using same interface. 3. limit RST traffic in ingress interface reduce the impact of RST attack. Signed-off-by: Shawn Lu --- net/ipv4/tcp_ipv4.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 90e4793..994b1ea 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -676,6 +676,7 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb) arg.iov[0].iov_len, IPPROTO_TCP, 0); arg.csumoffset = offsetof(struct tcphdr, check) / 2; arg.flags = (sk && inet_sk(sk)->transparent) ? IP_REPLY_ARG_NOSRCCHECK : 0; + arg.bound_dev_if = inet_iif(skb); net = dev_net(skb_dst(skb)->dev); arg.tos = ip_hdr(skb)->tos;