aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/net/tcp.h19
-rw-r--r--net/ipv4/syncookies.c6
-rw-r--r--net/ipv6/syncookies.c5
3 files changed, 12 insertions, 18 deletions
diff --git a/include/net/tcp.h b/include/net/tcp.h
index a1d2f5d6a430..5aa6672c6f5b 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -491,8 +491,9 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb);
491 491
492/* syncookies: remember time of last synqueue overflow 492/* syncookies: remember time of last synqueue overflow
493 * But do not dirty this field too often (once per second is enough) 493 * But do not dirty this field too often (once per second is enough)
494 * It is racy as we do not hold a lock, but race is very minor.
494 */ 495 */
495static inline void tcp_synq_overflow(struct sock *sk) 496static inline void tcp_synq_overflow(const struct sock *sk)
496{ 497{
497 unsigned long last_overflow = tcp_sk(sk)->rx_opt.ts_recent_stamp; 498 unsigned long last_overflow = tcp_sk(sk)->rx_opt.ts_recent_stamp;
498 unsigned long now = jiffies; 499 unsigned long now = jiffies;
@@ -519,8 +520,7 @@ static inline u32 tcp_cookie_time(void)
519 520
520u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th, 521u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th,
521 u16 *mssp); 522 u16 *mssp);
522__u32 cookie_v4_init_sequence(struct sock *sk, const struct sk_buff *skb, 523__u32 cookie_v4_init_sequence(const struct sk_buff *skb, __u16 *mss);
523 __u16 *mss);
524__u32 cookie_init_timestamp(struct request_sock *req); 524__u32 cookie_init_timestamp(struct request_sock *req);
525bool cookie_timestamp_decode(struct tcp_options_received *opt); 525bool cookie_timestamp_decode(struct tcp_options_received *opt);
526bool cookie_ecn_ok(const struct tcp_options_received *opt, 526bool cookie_ecn_ok(const struct tcp_options_received *opt,
@@ -533,8 +533,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb);
533 533
534u32 __cookie_v6_init_sequence(const struct ipv6hdr *iph, 534u32 __cookie_v6_init_sequence(const struct ipv6hdr *iph,
535 const struct tcphdr *th, u16 *mssp); 535 const struct tcphdr *th, u16 *mssp);
536__u32 cookie_v6_init_sequence(struct sock *sk, const struct sk_buff *skb, 536__u32 cookie_v6_init_sequence(const struct sk_buff *skb, __u16 *mss);
537 __u16 *mss);
538#endif 537#endif
539/* tcp_output.c */ 538/* tcp_output.c */
540 539
@@ -1709,7 +1708,7 @@ struct tcp_request_sock_ops {
1709 const struct sock *sk_listener, 1708 const struct sock *sk_listener,
1710 struct sk_buff *skb); 1709 struct sk_buff *skb);
1711#ifdef CONFIG_SYN_COOKIES 1710#ifdef CONFIG_SYN_COOKIES
1712 __u32 (*cookie_init_seq)(struct sock *sk, const struct sk_buff *skb, 1711 __u32 (*cookie_init_seq)(const struct sk_buff *skb,
1713 __u16 *mss); 1712 __u16 *mss);
1714#endif 1713#endif
1715 struct dst_entry *(*route_req)(struct sock *sk, struct flowi *fl, 1714 struct dst_entry *(*route_req)(struct sock *sk, struct flowi *fl,
@@ -1725,14 +1724,16 @@ struct tcp_request_sock_ops {
1725 1724
1726#ifdef CONFIG_SYN_COOKIES 1725#ifdef CONFIG_SYN_COOKIES
1727static inline __u32 cookie_init_sequence(const struct tcp_request_sock_ops *ops, 1726static inline __u32 cookie_init_sequence(const struct tcp_request_sock_ops *ops,
1728 struct sock *sk, struct sk_buff *skb, 1727 const struct sock *sk, struct sk_buff *skb,
1729 __u16 *mss) 1728 __u16 *mss)
1730{ 1729{
1731 return ops->cookie_init_seq(sk, skb, mss); 1730 tcp_synq_overflow(sk);
1731 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESSENT);
1732 return ops->cookie_init_seq(skb, mss);
1732} 1733}
1733#else 1734#else
1734static inline __u32 cookie_init_sequence(const struct tcp_request_sock_ops *ops, 1735static inline __u32 cookie_init_sequence(const struct tcp_request_sock_ops *ops,
1735 struct sock *sk, struct sk_buff *skb, 1736 const struct sock *sk, struct sk_buff *skb,
1736 __u16 *mss) 1737 __u16 *mss)
1737{ 1738{
1738 return 0; 1739 return 0;
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 6595affded20..6b97b5f6457c 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -192,15 +192,11 @@ u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th,
192} 192}
193EXPORT_SYMBOL_GPL(__cookie_v4_init_sequence); 193EXPORT_SYMBOL_GPL(__cookie_v4_init_sequence);
194 194
195__u32 cookie_v4_init_sequence(struct sock *sk, const struct sk_buff *skb, 195__u32 cookie_v4_init_sequence(const struct sk_buff *skb, __u16 *mssp)
196 __u16 *mssp)
197{ 196{
198 const struct iphdr *iph = ip_hdr(skb); 197 const struct iphdr *iph = ip_hdr(skb);
199 const struct tcphdr *th = tcp_hdr(skb); 198 const struct tcphdr *th = tcp_hdr(skb);
200 199
201 tcp_synq_overflow(sk);
202 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESSENT);
203
204 return __cookie_v4_init_sequence(iph, th, mssp); 200 return __cookie_v4_init_sequence(iph, th, mssp);
205} 201}
206 202
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
index 2461b3ff9551..7606eba83e7b 100644
--- a/net/ipv6/syncookies.c
+++ b/net/ipv6/syncookies.c
@@ -114,14 +114,11 @@ u32 __cookie_v6_init_sequence(const struct ipv6hdr *iph,
114} 114}
115EXPORT_SYMBOL_GPL(__cookie_v6_init_sequence); 115EXPORT_SYMBOL_GPL(__cookie_v6_init_sequence);
116 116
117__u32 cookie_v6_init_sequence(struct sock *sk, const struct sk_buff *skb, __u16 *mssp) 117__u32 cookie_v6_init_sequence(const struct sk_buff *skb, __u16 *mssp)
118{ 118{
119 const struct ipv6hdr *iph = ipv6_hdr(skb); 119 const struct ipv6hdr *iph = ipv6_hdr(skb);
120 const struct tcphdr *th = tcp_hdr(skb); 120 const struct tcphdr *th = tcp_hdr(skb);
121 121
122 tcp_synq_overflow(sk);
123 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESSENT);
124
125 return __cookie_v6_init_sequence(iph, th, mssp); 122 return __cookie_v6_init_sequence(iph, th, mssp);
126} 123}
127 124
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-25 04:43:03 -0500