diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/syncookies.c | 5 | ||||
| -rw-r--r-- | net/ipv6/syncookies.c | 4 |
2 files changed, 4 insertions, 5 deletions
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index b35a950d2e06..cd2b97f1b6e1 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c | |||
| @@ -161,13 +161,12 @@ static __u16 const msstab[] = { | |||
| 161 | */ | 161 | */ |
| 162 | __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp) | 162 | __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp) |
| 163 | { | 163 | { |
| 164 | struct tcp_sock *tp = tcp_sk(sk); | ||
| 165 | const struct iphdr *iph = ip_hdr(skb); | 164 | const struct iphdr *iph = ip_hdr(skb); |
| 166 | const struct tcphdr *th = tcp_hdr(skb); | 165 | const struct tcphdr *th = tcp_hdr(skb); |
| 167 | int mssind; | 166 | int mssind; |
| 168 | const __u16 mss = *mssp; | 167 | const __u16 mss = *mssp; |
| 169 | 168 | ||
| 170 | tp->last_synq_overflow = jiffies; | 169 | tcp_synq_overflow(sk); |
| 171 | 170 | ||
| 172 | /* XXX sort msstab[] by probability? Binary search? */ | 171 | /* XXX sort msstab[] by probability? Binary search? */ |
| 173 | for (mssind = 0; mss > msstab[mssind + 1]; mssind++) | 172 | for (mssind = 0; mss > msstab[mssind + 1]; mssind++) |
| @@ -268,7 +267,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
| 268 | if (!sysctl_tcp_syncookies || !th->ack) | 267 | if (!sysctl_tcp_syncookies || !th->ack) |
| 269 | goto out; | 268 | goto out; |
| 270 | 269 | ||
| 271 | if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) || | 270 | if (tcp_synq_no_recent_overflow(sk) || |
| 272 | (mss = cookie_check(skb, cookie)) == 0) { | 271 | (mss = cookie_check(skb, cookie)) == 0) { |
| 273 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); | 272 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); |
| 274 | goto out; | 273 | goto out; |
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 711175e0571f..8c2513982b61 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c | |||
| @@ -131,7 +131,7 @@ __u32 cookie_v6_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp) | |||
| 131 | int mssind; | 131 | int mssind; |
| 132 | const __u16 mss = *mssp; | 132 | const __u16 mss = *mssp; |
| 133 | 133 | ||
| 134 | tcp_sk(sk)->last_synq_overflow = jiffies; | 134 | tcp_synq_overflow(sk); |
| 135 | 135 | ||
| 136 | for (mssind = 0; mss > msstab[mssind + 1]; mssind++) | 136 | for (mssind = 0; mss > msstab[mssind + 1]; mssind++) |
| 137 | ; | 137 | ; |
| @@ -175,7 +175,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) | |||
| 175 | if (!sysctl_tcp_syncookies || !th->ack) | 175 | if (!sysctl_tcp_syncookies || !th->ack) |
| 176 | goto out; | 176 | goto out; |
| 177 | 177 | ||
| 178 | if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) || | 178 | if (tcp_synq_no_recent_overflow(sk) || |
| 179 | (mss = cookie_check(skb, cookie)) == 0) { | 179 | (mss = cookie_check(skb, cookie)) == 0) { |
| 180 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); | 180 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); |
| 181 | goto out; | 181 | goto out; |