aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/tcp.h
diff options
context:
space:
mode:
authorWilliam Allen Simpson <william.allen.simpson@gmail.com>2009-12-02 13:17:05 -0500
committerDavid S. Miller <davem@davemloft.net>2009-12-03 01:07:25 -0500
commit435cf559f02ea3a3159eb316f97dc88bdebe9432 (patch)
tree0b2a7e9110c46b193176b0a59fe5689eae7c18f3 /include/linux/tcp.h
parent519855c508b9a17878c0977a3cdefc09b59b30df (diff)
TCPCT part 1d: define TCP cookie option, extend existing struct's
Data structures are carefully composed to require minimal additions. For example, the struct tcp_options_received cookie_plus variable fits between existing 16-bit and 8-bit variables, requiring no additional space (taking alignment into consideration). There are no additions to tcp_request_sock, and only 1 pointer in tcp_sock. This is a significantly revised implementation of an earlier (year-old) patch that no longer applies cleanly, with permission of the original author (Adam Langley): http://thread.gmane.org/gmane.linux.network/102586 The principle difference is using a TCP option to carry the cookie nonce, instead of a user configured offset in the data. This is more flexible and less subject to user configuration error. Such a cookie option has been suggested for many years, and is also useful without SYN data, allowing several related concepts to use the same extension option. "Re: SYN floods (was: does history repeat itself?)", September 9, 1996. http://www.merit.net/mail.archives/nanog/1996-09/msg00235.html "Re: what a new TCP header might look like", May 12, 1998. ftp://ftp.isi.edu/end2end/end2end-interest-1998.mail These functions will also be used in subsequent patches that implement additional features. Requires: TCPCT part 1a: add request_values parameter for sending SYNACK TCPCT part 1b: generate Responder Cookie secret TCPCT part 1c: sysctl_tcp_cookie_size, socket option TCP_COOKIE_TRANSACTIONS Signed-off-by: William.Allen.Simpson@gmail.com Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux/tcp.h')
-rw-r--r--include/linux/tcp.h29
1 files changed, 23 insertions, 6 deletions
diff --git a/include/linux/tcp.h b/include/linux/tcp.h
index eaa3113b3786..7fee8a4df931 100644
--- a/include/linux/tcp.h
+++ b/include/linux/tcp.h
@@ -247,31 +247,38 @@ struct tcp_options_received {
247 sack_ok : 4, /* SACK seen on SYN packet */ 247 sack_ok : 4, /* SACK seen on SYN packet */
248 snd_wscale : 4, /* Window scaling received from sender */ 248 snd_wscale : 4, /* Window scaling received from sender */
249 rcv_wscale : 4; /* Window scaling to send to receiver */ 249 rcv_wscale : 4; /* Window scaling to send to receiver */
250/* SACKs data */ 250 u8 cookie_plus:6, /* bytes in authenticator/cookie option */
251 cookie_out_never:1,
252 cookie_in_always:1;
251 u8 num_sacks; /* Number of SACK blocks */ 253 u8 num_sacks; /* Number of SACK blocks */
252 u16 user_mss; /* mss requested by user in ioctl */ 254 u16 user_mss; /* mss requested by user in ioctl */
253 u16 mss_clamp; /* Maximal mss, negotiated at connection setup */ 255 u16 mss_clamp; /* Maximal mss, negotiated at connection setup */
254}; 256};
255 257
256static inline void tcp_clear_options(struct tcp_options_received *rx_opt) 258static inline void tcp_clear_options(struct tcp_options_received *rx_opt)
257{ 259{
258 rx_opt->tstamp_ok = rx_opt->sack_ok = rx_opt->wscale_ok = rx_opt->snd_wscale = 0; 260 rx_opt->tstamp_ok = rx_opt->sack_ok = 0;
261 rx_opt->wscale_ok = rx_opt->snd_wscale = 0;
262 rx_opt->cookie_plus = 0;
259} 263}
260 264
261/* This is the max number of SACKS that we'll generate and process. It's safe 265/* This is the max number of SACKS that we'll generate and process. It's safe
262 * to increse this, although since: 266 * to increase this, although since:
263 * size = TCPOLEN_SACK_BASE_ALIGNED (4) + n * TCPOLEN_SACK_PERBLOCK (8) 267 * size = TCPOLEN_SACK_BASE_ALIGNED (4) + n * TCPOLEN_SACK_PERBLOCK (8)
264 * only four options will fit in a standard TCP header */ 268 * only four options will fit in a standard TCP header */
265#define TCP_NUM_SACKS 4 269#define TCP_NUM_SACKS 4
266 270
271struct tcp_cookie_values;
272struct tcp_request_sock_ops;
273
267struct tcp_request_sock { 274struct tcp_request_sock {
268 struct inet_request_sock req; 275 struct inet_request_sock req;
269#ifdef CONFIG_TCP_MD5SIG 276#ifdef CONFIG_TCP_MD5SIG
270 /* Only used by TCP MD5 Signature so far. */ 277 /* Only used by TCP MD5 Signature so far. */
271 const struct tcp_request_sock_ops *af_specific; 278 const struct tcp_request_sock_ops *af_specific;
272#endif 279#endif
273 u32 rcv_isn; 280 u32 rcv_isn;
274 u32 snt_isn; 281 u32 snt_isn;
275}; 282};
276 283
277static inline struct tcp_request_sock *tcp_rsk(const struct request_sock *req) 284static inline struct tcp_request_sock *tcp_rsk(const struct request_sock *req)
@@ -441,6 +448,12 @@ struct tcp_sock {
441/* TCP MD5 Signature Option information */ 448/* TCP MD5 Signature Option information */
442 struct tcp_md5sig_info *md5sig_info; 449 struct tcp_md5sig_info *md5sig_info;
443#endif 450#endif
451
452 /* When the cookie options are generated and exchanged, then this
453 * object holds a reference to them (cookie_values->kref). Also
454 * contains related tcp_cookie_transactions fields.
455 */
456 struct tcp_cookie_values *cookie_values;
444}; 457};
445 458
446static inline struct tcp_sock *tcp_sk(const struct sock *sk) 459static inline struct tcp_sock *tcp_sk(const struct sock *sk)
@@ -459,6 +472,10 @@ struct tcp_timewait_sock {
459 u16 tw_md5_keylen; 472 u16 tw_md5_keylen;
460 u8 tw_md5_key[TCP_MD5SIG_MAXKEYLEN]; 473 u8 tw_md5_key[TCP_MD5SIG_MAXKEYLEN];
461#endif 474#endif
475 /* Few sockets in timewait have cookies; in that case, then this
476 * object holds a reference to them (tw_cookie_values->kref).
477 */
478 struct tcp_cookie_values *tw_cookie_values;
462}; 479};
463 480
464static inline struct tcp_timewait_sock *tcp_twsk(const struct sock *sk) 481static inline struct tcp_timewait_sock *tcp_twsk(const struct sock *sk)
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-27 22:25:34 -0400