| syncookies.c (b44084c2c822f99dd3f2334b288b7e463d222662) | syncookies.c (b23a002fc6f0c19846ee0382f019429af54a27e9) |
|---|---|
| 1/* 2 * IPv6 Syncookies implementation for the Linux kernel 3 * 4 * Authors: 5 * Glenn Griffin <ggriffin.kernel@gmail.com> 6 * 7 * Based on IPv4 implementation by Andi Kleen 8 * linux/net/ipv4/syncookies.c --- 10 unchanged lines hidden (view full) --- 19#include <linux/cryptohash.h> 20#include <linux/kernel.h> 21#include <net/ipv6.h> 22#include <net/tcp.h> 23 24#define COOKIEBITS 24 /* Upper bits store count */ 25#define COOKIEMASK (((__u32)1 << COOKIEBITS) - 1) 26 | 1/* 2 * IPv6 Syncookies implementation for the Linux kernel 3 * 4 * Authors: 5 * Glenn Griffin <ggriffin.kernel@gmail.com> 6 * 7 * Based on IPv4 implementation by Andi Kleen 8 * linux/net/ipv4/syncookies.c --- 10 unchanged lines hidden (view full) --- 19#include <linux/cryptohash.h> 20#include <linux/kernel.h> 21#include <net/ipv6.h> 22#include <net/tcp.h> 23 24#define COOKIEBITS 24 /* Upper bits store count */ 25#define COOKIEMASK (((__u32)1 << COOKIEBITS) - 1) 26 |
| 27static u32 syncookie6_secret[2][16-4+SHA_DIGEST_WORDS]; 28 |
|
| 27/* RFC 2460, Section 8.3: 28 * [ipv6 tcp] MSS must be computed as the maximum packet size minus 60 [..] 29 * 30 * Due to IPV6_MIN_MTU=1280 the lowest possible MSS is 1220, which allows 31 * using higher values than ipv4 tcp syncookies. 32 * The other values are chosen based on ethernet (1500 and 9k MTU), plus 33 * one that accounts for common encap (PPPoe) overhead. Table must be sorted. 34 */ --- 21 unchanged lines hidden (view full) --- 56} 57 58static DEFINE_PER_CPU(__u32 [16 + 5 + SHA_WORKSPACE_WORDS], 59 ipv6_cookie_scratch); 60 61static u32 cookie_hash(const struct in6_addr *saddr, const struct in6_addr *daddr, 62 __be16 sport, __be16 dport, u32 count, int c) 63{ | 29/* RFC 2460, Section 8.3: 30 * [ipv6 tcp] MSS must be computed as the maximum packet size minus 60 [..] 31 * 32 * Due to IPV6_MIN_MTU=1280 the lowest possible MSS is 1220, which allows 33 * using higher values than ipv4 tcp syncookies. 34 * The other values are chosen based on ethernet (1500 and 9k MTU), plus 35 * one that accounts for common encap (PPPoe) overhead. Table must be sorted. 36 */ --- 21 unchanged lines hidden (view full) --- 58} 59 60static DEFINE_PER_CPU(__u32 [16 + 5 + SHA_WORKSPACE_WORDS], 61 ipv6_cookie_scratch); 62 63static u32 cookie_hash(const struct in6_addr *saddr, const struct in6_addr *daddr, 64 __be16 sport, __be16 dport, u32 count, int c) 65{ |
| 64 __u32 *tmp = __get_cpu_var(ipv6_cookie_scratch); | 66 __u32 *tmp; |
| 65 | 67 |
| 68 net_get_random_once(syncookie6_secret, sizeof(syncookie6_secret)); 69 70 tmp = __get_cpu_var(ipv6_cookie_scratch); 71 |
|
| 66 /* 67 * we have 320 bits of information to hash, copy in the remaining | 72 /* 73 * we have 320 bits of information to hash, copy in the remaining |
| 68 * 192 bits required for sha_transform, from the syncookie_secret | 74 * 192 bits required for sha_transform, from the syncookie6_secret |
| 69 * and overwrite the digest with the secret 70 */ | 75 * and overwrite the digest with the secret 76 */ |
| 71 memcpy(tmp + 10, syncookie_secret[c], 44); | 77 memcpy(tmp + 10, syncookie6_secret[c], 44); |
| 72 memcpy(tmp, saddr, 16); 73 memcpy(tmp + 4, daddr, 16); 74 tmp[8] = ((__force u32)sport << 16) + (__force u32)dport; 75 tmp[9] = count; 76 sha_transform(tmp + 16, (__u8 *)tmp, tmp + 16 + 5); 77 78 return tmp[17]; 79} --- 185 unchanged lines hidden --- | 78 memcpy(tmp, saddr, 16); 79 memcpy(tmp + 4, daddr, 16); 80 tmp[8] = ((__force u32)sport << 16) + (__force u32)dport; 81 tmp[9] = count; 82 sha_transform(tmp + 16, (__u8 *)tmp, tmp + 16 + 5); 83 84 return tmp[17]; 85} --- 185 unchanged lines hidden --- |