net: syncookies: export cookie_v6_init_sequence/cookie_v6_check

Extract the local TCP stack independant parts of tcp_v6_init_sequence() and cookie_v6_check() and export them for use by the upcoming IPv6 SYNPROXY target. Signed-off-by: Patrick McHardy <kaber@trash.net> Acked-by: David S. Miller <davem@davemloft.net> Tested-by: Martin Topholm <mph@one.com> Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Patrick McHardy <kaber@trash.net> 2013-08-27 02:50:15 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-08-27 18:28:04 -0400
commit: 81eb6a1487718a89621a0e0be7fafd0cd7c429a4 (patch)
tree: 05c8e0e54aa0c9739b5b7cd46d29d5385cb1ede0 /net/ipv6
parent: 48b1de4c110a7afa4b85862f6c75af817db26fad (diff)
1 files changed, 16 insertions, 9 deletions
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
index d5dda20bd717..bf63ac8a49b9 100644
--- a/net/ipv6/syncookies.c
+++ b/net/ipv6/syncookies.c
@@ -112,32 +112,38 @@ static __u32 check_tcp_syn_cookie(__u32 cookie, const struct in6_addr *saddr,
                & COOKIEMASK;
 }
-__u32 cookie_v6_init_sequence(struct sock *sk, const struct sk_buff *skb, __u16 *mssp)
+u32 __cookie_v6_init_sequence(const struct ipv6hdr *iph,
+                              const struct tcphdr *th, __u16 *mssp)
 {
-        const struct ipv6hdr *iph = ipv6_hdr(skb);
-        const struct tcphdr *th = tcp_hdr(skb);
        int mssind;
        const __u16 mss = *mssp;
-        tcp_synq_overflow(sk);
        for (mssind = ARRAY_SIZE(msstab) - 1; mssind ; mssind--)
                if (mss >= msstab[mssind])
                        break;
        *mssp = msstab[mssind];
-        NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESSENT);
        return secure_tcp_syn_cookie(&iph->saddr, &iph->daddr, th->source,
                                     th->dest, ntohl(th->seq),
                                     jiffies / (HZ * 60), mssind);
 }
+EXPORT_SYMBOL_GPL(__cookie_v6_init_sequence);
-static inline int cookie_check(const struct sk_buff *skb, __u32 cookie)
+__u32 cookie_v6_init_sequence(struct sock *sk, const struct sk_buff *skb, __u16 *mssp)
 {
        const struct ipv6hdr *iph = ipv6_hdr(skb);
        const struct tcphdr *th = tcp_hdr(skb);
+        tcp_synq_overflow(sk);
+        NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESSENT);
+        return __cookie_v6_init_sequence(iph, th, mssp);
+}
+int __cookie_v6_check(const struct ipv6hdr *iph, const struct tcphdr *th,
+                      __u32 cookie)
+{
        __u32 seq = ntohl(th->seq) - 1;
        __u32 mssind = check_tcp_syn_cookie(cookie, &iph->saddr, &iph->daddr,
                                            th->source, th->dest, seq,
@@ -145,6 +151,7 @@ static inline int cookie_check(const struct sk_buff *skb, __u32 cookie)
        return mssind < ARRAY_SIZE(msstab) ? msstab[mssind] : 0;
 }
+EXPORT_SYMBOL_GPL(__cookie_v6_check);
 struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
 {
@@ -167,7 +174,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
                goto out;
        if (tcp_synq_no_recent_overflow(sk) ||
-                (mss = cookie_check(skb, cookie)) == 0) {
+                (mss = __cookie_v6_check(ipv6_hdr(skb), th, cookie)) == 0) {
                NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED);
                goto out;
        }
author	Patrick McHardy <kaber@trash.net>	2013-08-27 02:50:15 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-08-27 18:28:04 -0400
commit	81eb6a1487718a89621a0e0be7fafd0cd7c429a4 (patch)
tree	05c8e0e54aa0c9739b5b7cd46d29d5385cb1ede0 /net/ipv6
parent	48b1de4c110a7afa4b85862f6c75af817db26fad (diff)