| syncookies.c (eed29f17f09ad7f400bc245f209acad6a8214fac) | syncookies.c (f930103421f6579719b8252285c94c1195f6e032) |
|---|---|
| 1/* 2 * Syncookies implementation for the Linux kernel 3 * 4 * Copyright (C) 1997 Andi Kleen 5 * Based on ideas by D.J.Bernstein and Eric Schenk. 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License --- 218 unchanged lines hidden (view full) --- 227/* 228 * when syncookies are in effect and tcp timestamps are enabled we stored 229 * additional tcp options in the timestamp. 230 * This extracts these options from the timestamp echo. 231 * 232 * return false if we decode a tcp option that is disabled 233 * on the host. 234 */ | 1/* 2 * Syncookies implementation for the Linux kernel 3 * 4 * Copyright (C) 1997 Andi Kleen 5 * Based on ideas by D.J.Bernstein and Eric Schenk. 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License --- 218 unchanged lines hidden (view full) --- 227/* 228 * when syncookies are in effect and tcp timestamps are enabled we stored 229 * additional tcp options in the timestamp. 230 * This extracts these options from the timestamp echo. 231 * 232 * return false if we decode a tcp option that is disabled 233 * on the host. 234 */ |
| 235bool cookie_timestamp_decode(struct tcp_options_received *tcp_opt) | 235bool cookie_timestamp_decode(const struct net *net, 236 struct tcp_options_received *tcp_opt) |
| 236{ 237 /* echoed timestamp, lowest bits contain options */ 238 u32 options = tcp_opt->rcv_tsecr; 239 240 if (!tcp_opt->saw_tstamp) { 241 tcp_clear_options(tcp_opt); 242 return true; 243 } 244 245 if (!sysctl_tcp_timestamps) 246 return false; 247 248 tcp_opt->sack_ok = (options & TS_OPT_SACK) ? TCP_SACK_SEEN : 0; 249 | 237{ 238 /* echoed timestamp, lowest bits contain options */ 239 u32 options = tcp_opt->rcv_tsecr; 240 241 if (!tcp_opt->saw_tstamp) { 242 tcp_clear_options(tcp_opt); 243 return true; 244 } 245 246 if (!sysctl_tcp_timestamps) 247 return false; 248 249 tcp_opt->sack_ok = (options & TS_OPT_SACK) ? TCP_SACK_SEEN : 0; 250 |
| 250 if (tcp_opt->sack_ok && !sysctl_tcp_sack) | 251 if (tcp_opt->sack_ok && !net->ipv4.sysctl_tcp_sack) |
| 251 return false; 252 253 if ((options & TS_OPT_WSCALE_MASK) == TS_OPT_WSCALE_MASK) 254 return true; /* no window scaling */ 255 256 tcp_opt->wscale_ok = 1; 257 tcp_opt->snd_wscale = options & TS_OPT_WSCALE_MASK; 258 --- 55 unchanged lines hidden (view full) --- 314 memset(&tcp_opt, 0, sizeof(tcp_opt)); 315 tcp_parse_options(sock_net(sk), skb, &tcp_opt, 0, NULL); 316 317 if (tcp_opt.saw_tstamp && tcp_opt.rcv_tsecr) { 318 tsoff = secure_tcp_ts_off(ip_hdr(skb)->daddr, ip_hdr(skb)->saddr); 319 tcp_opt.rcv_tsecr -= tsoff; 320 } 321 | 252 return false; 253 254 if ((options & TS_OPT_WSCALE_MASK) == TS_OPT_WSCALE_MASK) 255 return true; /* no window scaling */ 256 257 tcp_opt->wscale_ok = 1; 258 tcp_opt->snd_wscale = options & TS_OPT_WSCALE_MASK; 259 --- 55 unchanged lines hidden (view full) --- 315 memset(&tcp_opt, 0, sizeof(tcp_opt)); 316 tcp_parse_options(sock_net(sk), skb, &tcp_opt, 0, NULL); 317 318 if (tcp_opt.saw_tstamp && tcp_opt.rcv_tsecr) { 319 tsoff = secure_tcp_ts_off(ip_hdr(skb)->daddr, ip_hdr(skb)->saddr); 320 tcp_opt.rcv_tsecr -= tsoff; 321 } 322 |
| 322 if (!cookie_timestamp_decode(&tcp_opt)) | 323 if (!cookie_timestamp_decode(sock_net(sk), &tcp_opt)) |
| 323 goto out; 324 325 ret = NULL; 326 req = inet_reqsk_alloc(&tcp_request_sock_ops, sk, false); /* for safety */ 327 if (!req) 328 goto out; 329 330 ireq = inet_rsk(req); --- 69 unchanged lines hidden --- | 324 goto out; 325 326 ret = NULL; 327 req = inet_reqsk_alloc(&tcp_request_sock_ops, sk, false); /* for safety */ 328 if (!req) 329 goto out; 330 331 ireq = inet_rsk(req); --- 69 unchanged lines hidden --- |