From: Jamal Hadi Salim <h...@mojatatu.com>
SYN-ACK responses on a server in response to a SYN from a client
did not get the injected skb mark that was tagged on the SYN packet.
Fixes: 84f39b08d786 ("net: support marking accepting TCP sockets")
Signed-off-by: Jamal Hadi Salim <j...@mojatatu.com>
---
net/ipv4/ip_output.c | 3 ++-
net/ipv4/tcp_output.c | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 7a3fd25..a8fd5f0 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -173,7 +173,8 @@ int ip_build_and_send_pkt(struct sk_buff *skb, const struct
sock *sk,
}
skb->priority = sk->sk_priority;
- skb->mark = sk->sk_mark;
+ if (!skb->mark)
+ skb->mark = sk->sk_mark;
/* Send it out. */
return ip_local_out(net, skb->sk, skb);
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 9a9c395..8c3661a 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -3212,6 +3212,8 @@ struct sk_buff *tcp_make_synack(const struct sock *sk,
struct dst_entry *dst,
tcp_ecn_make_synack(req, th);
th->source = htons(ireq->ir_num);
th->dest = ireq->ir_rmt_port;
+ if (sock_net(sk)->ipv4.sysctl_tcp_fwmark_accept)
+ skb->mark = ireq->ir_mark;
/* Setting of flags are superfluous here for callers (and ECE is
* not even correctly set)
*/
--
1.9.1
