| syncookies.c (c44649216522cd607a4027d2ebf4a8147d3fa94c) | syncookies.c (af9b4738574b46025de7ccbe75c7b24fd8914379) |
|---|---|
| 1/* 2 * Syncookies implementation for the Linux kernel 3 * 4 * Copyright (C) 1997 Andi Kleen 5 * Based on ideas by D.J.Bernstein and Eric Schenk. 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License --- 252 unchanged lines hidden (view full) --- 261 const struct tcphdr *th = tcp_hdr(skb); 262 __u32 cookie = ntohl(th->ack_seq) - 1; 263 struct sock *ret = sk; 264 struct request_sock *req; 265 int mss; 266 struct rtable *rt; 267 __u8 rcv_wscale; 268 | 1/* 2 * Syncookies implementation for the Linux kernel 3 * 4 * Copyright (C) 1997 Andi Kleen 5 * Based on ideas by D.J.Bernstein and Eric Schenk. 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License --- 252 unchanged lines hidden (view full) --- 261 const struct tcphdr *th = tcp_hdr(skb); 262 __u32 cookie = ntohl(th->ack_seq) - 1; 263 struct sock *ret = sk; 264 struct request_sock *req; 265 int mss; 266 struct rtable *rt; 267 __u8 rcv_wscale; 268 |
| 269 if (!sysctl_tcp_syncookies || !th->ack) | 269 if (!sysctl_tcp_syncookies || !th->ack || th->rst) |
| 270 goto out; 271 272 if (tcp_synq_no_recent_overflow(sk) || 273 (mss = cookie_check(skb, cookie)) == 0) { 274 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); 275 goto out; 276 } 277 --- 64 unchanged lines hidden (view full) --- 342 .saddr = ireq->loc_addr, 343 .tos = RT_CONN_FLAGS(sk) } }, 344 .proto = IPPROTO_TCP, 345 .flags = inet_sk_flowi_flags(sk), 346 .uli_u = { .ports = 347 { .sport = th->dest, 348 .dport = th->source } } }; 349 security_req_classify_flow(req, &fl); | 270 goto out; 271 272 if (tcp_synq_no_recent_overflow(sk) || 273 (mss = cookie_check(skb, cookie)) == 0) { 274 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); 275 goto out; 276 } 277 --- 64 unchanged lines hidden (view full) --- 342 .saddr = ireq->loc_addr, 343 .tos = RT_CONN_FLAGS(sk) } }, 344 .proto = IPPROTO_TCP, 345 .flags = inet_sk_flowi_flags(sk), 346 .uli_u = { .ports = 347 { .sport = th->dest, 348 .dport = th->source } } }; 349 security_req_classify_flow(req, &fl); |
| 350 if (ip_route_output_key(sock_net(sk), &rt, &fl)) { | 350 if (ip_route_output_key(&init_net, &rt, &fl)) { |
| 351 reqsk_free(req); 352 goto out; 353 } 354 } 355 356 /* Try to redo what tcp_v4_send_synack did. */ 357 req->window_clamp = tp->window_clamp ? :dst_metric(&rt->u.dst, RTAX_WINDOW); 358 359 tcp_select_initial_window(tcp_full_space(sk), req->mss, 360 &req->rcv_wnd, &req->window_clamp, 361 ireq->wscale_ok, &rcv_wscale, 362 dst_metric(&rt->u.dst, RTAX_INITRWND)); 363 364 ireq->rcv_wscale = rcv_wscale; 365 366 ret = get_cookie_sock(sk, skb, req, &rt->u.dst); 367out: return ret; 368} | 351 reqsk_free(req); 352 goto out; 353 } 354 } 355 356 /* Try to redo what tcp_v4_send_synack did. */ 357 req->window_clamp = tp->window_clamp ? :dst_metric(&rt->u.dst, RTAX_WINDOW); 358 359 tcp_select_initial_window(tcp_full_space(sk), req->mss, 360 &req->rcv_wnd, &req->window_clamp, 361 ireq->wscale_ok, &rcv_wscale, 362 dst_metric(&rt->u.dst, RTAX_INITRWND)); 363 364 ireq->rcv_wscale = rcv_wscale; 365 366 ret = get_cookie_sock(sk, skb, req, &rt->u.dst); 367out: return ret; 368} |