1 files changed, 2 insertions, 30 deletions
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 9fe1d535cd6c..5b29835b81d8 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1216,36 +1216,8 @@ static inline bool tcp_paws_reject(const struct tcp_options_received *rx_opt,
        return true;
 }
-/* Return true if we're currently rate-limiting out-of-window ACKs and
+bool tcp_oow_rate_limited(struct net *net, const struct sk_buff *skb,
- * thus shouldn't send a dupack right now. We rate-limit dupacks in
+                          int mib_idx, u32 *last_oow_ack_time);
- * response to out-of-window SYNs or ACKs to mitigate ACK loops or DoS
- * attacks that send repeated SYNs or ACKs for the same connection. To
- * do this, we do not send a duplicate SYNACK or ACK if the remote
- * endpoint is sending out-of-window SYNs or pure ACKs at a high rate.
- */
-static inline bool tcp_oow_rate_limited(struct net *net,
-                                        const struct sk_buff *skb,
-                                        int mib_idx, u32 *last_oow_ack_time)
-{
-        /* Data packets without SYNs are not likely part of an ACK loop. */
-        if ((TCP_SKB_CB(skb)->seq != TCP_SKB_CB(skb)->end_seq) &&
-            !tcp_hdr(skb)->syn)
-                goto not_rate_limited;
-        if (*last_oow_ack_time) {
-                s32 elapsed = (s32)(tcp_time_stamp - *last_oow_ack_time);
-                if (0 <= elapsed && elapsed < sysctl_tcp_invalid_ratelimit) {
-                        NET_INC_STATS_BH(net, mib_idx);
-                        return true;    /* rate-limited: don't send yet! */
-                }
-        }
-        *last_oow_ack_time = tcp_time_stamp;
-not_rate_limited:
-        return false;   /* not rate-limited: go ahead, send dupack now! */
-}
 static inline void tcp_mib_init(struct net *net)
 {

diff --git a/include/net/tcp.h b/include/net/tcp.h index 9fe1d535cd6c..5b29835b81d8 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h
@@ -1216,36 +1216,8 @@ static inline bool tcp_paws_reject(const struct tcp_options_received *rx_opt,
1216	return true;	1216	return true;
1217	}	1217	}
1218		1218
1219	/* Return true if we're currently rate-limiting out-of-window ACKs and	1219	bool tcp_oow_rate_limited(struct net net, const struct sk_buff skb,
1220	* thus shouldn't send a dupack right now. We rate-limit dupacks in	1220	int mib_idx, u32 *last_oow_ack_time);
1221	* response to out-of-window SYNs or ACKs to mitigate ACK loops or DoS
1222	* attacks that send repeated SYNs or ACKs for the same connection. To
1223	* do this, we do not send a duplicate SYNACK or ACK if the remote
1224	* endpoint is sending out-of-window SYNs or pure ACKs at a high rate.
1225	*/
1226	static inline bool tcp_oow_rate_limited(struct net *net,
1227	const struct sk_buff *skb,
1228	int mib_idx, u32 *last_oow_ack_time)
1229	{
1230	/* Data packets without SYNs are not likely part of an ACK loop. */
1231	if ((TCP_SKB_CB(skb)->seq != TCP_SKB_CB(skb)->end_seq) &&
1232	!tcp_hdr(skb)->syn)
1233	goto not_rate_limited;
1234
1235	if (*last_oow_ack_time) {
1236	s32 elapsed = (s32)(tcp_time_stamp - *last_oow_ack_time);
1237
1238	if (0 <= elapsed && elapsed < sysctl_tcp_invalid_ratelimit) {
1239	NET_INC_STATS_BH(net, mib_idx);
1240	return true; /* rate-limited: don't send yet! */
1241	}
1242	}
1243
1244	*last_oow_ack_time = tcp_time_stamp;
1245
1246	not_rate_limited:
1247	return false; /* not rate-limited: go ahead, send dupack now! */
1248	}
1249		1221
1250	static inline void tcp_mib_init(struct net *net)	1222	static inline void tcp_mib_init(struct net *net)
1251	{	1223	{