diff options
| author | Florian Westphal <fw@strlen.de> | 2010-06-21 07:48:45 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2010-06-27 01:00:03 -0400 |
| commit | 172d69e63c7f1e8300d0e1c1bbd8eb0f630faa15 (patch) | |
| tree | c71118ddc86186e235a920b9529c457db5e9aae5 /net/ipv6 | |
| parent | 734f614bc1e7c6bf075d201f6bd9a555b8b4a984 (diff) | |
syncookies: add support for ECN
Allows use of ECN when syncookies are in effect by encoding ecn_ok
into the syn-ack tcp timestamp.
While at it, remove a uneeded #ifdef CONFIG_SYN_COOKIES.
With CONFIG_SYN_COOKIES=nm want_cookie is ifdef'd to 0 and gcc
removes the "if (0)".
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/syncookies.c | 5 | ||||
| -rw-r--r-- | net/ipv6/tcp_ipv6.c | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 84d818cfae17..09fd34f0dbf2 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c | |||
| @@ -164,6 +164,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) | |||
| 164 | int mss; | 164 | int mss; |
| 165 | struct dst_entry *dst; | 165 | struct dst_entry *dst; |
| 166 | __u8 rcv_wscale; | 166 | __u8 rcv_wscale; |
| 167 | bool ecn_ok; | ||
| 167 | 168 | ||
| 168 | if (!sysctl_tcp_syncookies || !th->ack || th->rst) | 169 | if (!sysctl_tcp_syncookies || !th->ack || th->rst) |
| 169 | goto out; | 170 | goto out; |
| @@ -180,7 +181,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) | |||
| 180 | memset(&tcp_opt, 0, sizeof(tcp_opt)); | 181 | memset(&tcp_opt, 0, sizeof(tcp_opt)); |
| 181 | tcp_parse_options(skb, &tcp_opt, &hash_location, 0); | 182 | tcp_parse_options(skb, &tcp_opt, &hash_location, 0); |
| 182 | 183 | ||
| 183 | if (!cookie_check_timestamp(&tcp_opt)) | 184 | if (!cookie_check_timestamp(&tcp_opt, &ecn_ok)) |
| 184 | goto out; | 185 | goto out; |
| 185 | 186 | ||
| 186 | ret = NULL; | 187 | ret = NULL; |
| @@ -215,7 +216,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) | |||
| 215 | 216 | ||
| 216 | req->expires = 0UL; | 217 | req->expires = 0UL; |
| 217 | req->retrans = 0; | 218 | req->retrans = 0; |
| 218 | ireq->ecn_ok = 0; | 219 | ireq->ecn_ok = ecn_ok; |
| 219 | ireq->snd_wscale = tcp_opt.snd_wscale; | 220 | ireq->snd_wscale = tcp_opt.snd_wscale; |
| 220 | ireq->sack_ok = tcp_opt.sack_ok; | 221 | ireq->sack_ok = tcp_opt.sack_ok; |
| 221 | ireq->wscale_ok = tcp_opt.wscale_ok; | 222 | ireq->wscale_ok = tcp_opt.wscale_ok; |
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index f87534569366..5ebc27ecebdc 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
| @@ -1269,7 +1269,7 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1269 | treq = inet6_rsk(req); | 1269 | treq = inet6_rsk(req); |
| 1270 | ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); | 1270 | ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); |
| 1271 | ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); | 1271 | ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); |
| 1272 | if (!want_cookie) | 1272 | if (!want_cookie || tmp_opt.tstamp_ok) |
| 1273 | TCP_ECN_create_request(req, tcp_hdr(skb)); | 1273 | TCP_ECN_create_request(req, tcp_hdr(skb)); |
| 1274 | 1274 | ||
| 1275 | if (!isn) { | 1275 | if (!isn) { |