| syncookies.c (8c27bd75f04fb9cb70c69c3cfe24f4e6d8e15906) | syncookies.c (086293542b991fb88a2e41ae7b4f82ac65a20e1a) |
|---|---|
| 1/* 2 * Syncookies implementation for the Linux kernel 3 * 4 * Copyright (C) 1997 Andi Kleen 5 * Based on ideas by D.J.Bernstein and Eric Schenk. 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License --- 122 unchanged lines hidden (view full) --- 131 return (__u32)-1; 132 133 return (cookie - 134 cookie_hash(saddr, daddr, sport, dport, count - diff, 1)) 135 & COOKIEMASK; /* Leaving the data behind */ 136} 137 138/* | 1/* 2 * Syncookies implementation for the Linux kernel 3 * 4 * Copyright (C) 1997 Andi Kleen 5 * Based on ideas by D.J.Bernstein and Eric Schenk. 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License --- 122 unchanged lines hidden (view full) --- 131 return (__u32)-1; 132 133 return (cookie - 134 cookie_hash(saddr, daddr, sport, dport, count - diff, 1)) 135 & COOKIEMASK; /* Leaving the data behind */ 136} 137 138/* |
| 139 * MSS Values are taken from the 2009 paper 140 * 'Measuring TCP Maximum Segment Size' by S. Alcock and R. Nelson: 141 * - values 1440 to 1460 accounted for 80% of observed mss values 142 * - values outside the 536-1460 range are rare (<0.2%). | 139 * MSS Values are chosen based on the 2011 paper 140 * 'An Analysis of TCP Maximum Segement Sizes' by S. Alcock and R. Nelson. 141 * Values .. 142 * .. lower than 536 are rare (< 0.2%) 143 * .. between 537 and 1299 account for less than < 1.5% of observed values 144 * .. in the 1300-1349 range account for about 15 to 20% of observed mss values 145 * .. exceeding 1460 are very rare (< 0.04%) |
| 143 * | 146 * |
| 144 * Table must be sorted. | 147 * 1460 is the single most frequently announced mss value (30 to 46% depending 148 * on monitor location). Table must be sorted. |
| 145 */ 146static __u16 const msstab[] = { | 149 */ 150static __u16 const msstab[] = { |
| 147 64, 148 512, | |
| 149 536, | 151 536, |
| 150 1024, 151 1440, | 152 1300, 153 1440, /* 1440, 1452: PPPoE */ |
| 152 1460, | 154 1460, |
| 153 4312, 154 8960, | |
| 155}; 156 157/* 158 * Generate a syncookie. mssp points to the mss, which is returned 159 * rounded down to the value encoded in the cookie. 160 */ 161u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th, 162 u16 *mssp) --- 214 unchanged lines hidden --- | 155}; 156 157/* 158 * Generate a syncookie. mssp points to the mss, which is returned 159 * rounded down to the value encoded in the cookie. 160 */ 161u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th, 162 u16 *mssp) --- 214 unchanged lines hidden --- |