diff options
| author | William Allen Simpson <william.allen.simpson@gmail.com> | 2009-12-02 13:17:05 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2009-12-03 01:07:25 -0500 |
| commit | 435cf559f02ea3a3159eb316f97dc88bdebe9432 (patch) | |
| tree | 0b2a7e9110c46b193176b0a59fe5689eae7c18f3 /net/ipv4/tcp_ipv4.c | |
| parent | 519855c508b9a17878c0977a3cdefc09b59b30df (diff) | |
TCPCT part 1d: define TCP cookie option, extend existing struct's
Data structures are carefully composed to require minimal additions.
For example, the struct tcp_options_received cookie_plus variable fits
between existing 16-bit and 8-bit variables, requiring no additional
space (taking alignment into consideration). There are no additions to
tcp_request_sock, and only 1 pointer in tcp_sock.
This is a significantly revised implementation of an earlier (year-old)
patch that no longer applies cleanly, with permission of the original
author (Adam Langley):
http://thread.gmane.org/gmane.linux.network/102586
The principle difference is using a TCP option to carry the cookie nonce,
instead of a user configured offset in the data. This is more flexible and
less subject to user configuration error. Such a cookie option has been
suggested for many years, and is also useful without SYN data, allowing
several related concepts to use the same extension option.
"Re: SYN floods (was: does history repeat itself?)", September 9, 1996.
http://www.merit.net/mail.archives/nanog/1996-09/msg00235.html
"Re: what a new TCP header might look like", May 12, 1998.
ftp://ftp.isi.edu/end2end/end2end-interest-1998.mail
These functions will also be used in subsequent patches that implement
additional features.
Requires:
TCPCT part 1a: add request_values parameter for sending SYNACK
TCPCT part 1b: generate Responder Cookie secret
TCPCT part 1c: sysctl_tcp_cookie_size, socket option TCP_COOKIE_TRANSACTIONS
Signed-off-by: William.Allen.Simpson@gmail.com
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/tcp_ipv4.c')
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 649a36d99c73..a2bcac9b388e 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
| @@ -1833,6 +1833,19 @@ static int tcp_v4_init_sock(struct sock *sk) | |||
| 1833 | tp->af_specific = &tcp_sock_ipv4_specific; | 1833 | tp->af_specific = &tcp_sock_ipv4_specific; |
| 1834 | #endif | 1834 | #endif |
| 1835 | 1835 | ||
| 1836 | /* TCP Cookie Transactions */ | ||
| 1837 | if (sysctl_tcp_cookie_size > 0) { | ||
| 1838 | /* Default, cookies without s_data_payload. */ | ||
| 1839 | tp->cookie_values = | ||
| 1840 | kzalloc(sizeof(*tp->cookie_values), | ||
| 1841 | sk->sk_allocation); | ||
| 1842 | if (tp->cookie_values != NULL) | ||
| 1843 | kref_init(&tp->cookie_values->kref); | ||
| 1844 | } | ||
| 1845 | /* Presumed zeroed, in order of appearance: | ||
| 1846 | * cookie_in_always, cookie_out_never, | ||
| 1847 | * s_data_constant, s_data_in, s_data_out | ||
| 1848 | */ | ||
| 1836 | sk->sk_sndbuf = sysctl_tcp_wmem[1]; | 1849 | sk->sk_sndbuf = sysctl_tcp_wmem[1]; |
| 1837 | sk->sk_rcvbuf = sysctl_tcp_rmem[1]; | 1850 | sk->sk_rcvbuf = sysctl_tcp_rmem[1]; |
| 1838 | 1851 | ||
| @@ -1886,6 +1899,13 @@ void tcp_v4_destroy_sock(struct sock *sk) | |||
| 1886 | sk->sk_sndmsg_page = NULL; | 1899 | sk->sk_sndmsg_page = NULL; |
| 1887 | } | 1900 | } |
| 1888 | 1901 | ||
| 1902 | /* TCP Cookie Transactions */ | ||
| 1903 | if (tp->cookie_values != NULL) { | ||
| 1904 | kref_put(&tp->cookie_values->kref, | ||
| 1905 | tcp_cookie_values_release); | ||
| 1906 | tp->cookie_values = NULL; | ||
| 1907 | } | ||
| 1908 | |||
| 1889 | percpu_counter_dec(&tcp_sockets_allocated); | 1909 | percpu_counter_dec(&tcp_sockets_allocated); |
| 1890 | } | 1910 | } |
| 1891 | 1911 | ||