diff options
-rw-r--r-- | include/net/tcp.h | 18 | ||||
-rw-r--r-- | net/ipv4/tcp_input.c | 11 | ||||
-rw-r--r-- | net/ipv4/tcp_minisocks.c | 4 |
3 files changed, 21 insertions, 12 deletions
diff --git a/include/net/tcp.h b/include/net/tcp.h index d74ac301e6bc..255ca35bea05 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h | |||
@@ -997,11 +997,21 @@ static inline int tcp_fin_time(const struct sock *sk) | |||
997 | return fin_timeout; | 997 | return fin_timeout; |
998 | } | 998 | } |
999 | 999 | ||
1000 | static inline int tcp_paws_check(const struct tcp_options_received *rx_opt, int rst) | 1000 | static inline int tcp_paws_check(const struct tcp_options_received *rx_opt, |
1001 | int paws_win) | ||
1001 | { | 1002 | { |
1002 | if ((s32)(rx_opt->rcv_tsval - rx_opt->ts_recent) >= 0) | 1003 | if ((s32)(rx_opt->ts_recent - rx_opt->rcv_tsval) <= paws_win) |
1003 | return 0; | 1004 | return 1; |
1004 | if (get_seconds() >= rx_opt->ts_recent_stamp + TCP_PAWS_24DAYS) | 1005 | if (unlikely(get_seconds() >= rx_opt->ts_recent_stamp + TCP_PAWS_24DAYS)) |
1006 | return 1; | ||
1007 | |||
1008 | return 0; | ||
1009 | } | ||
1010 | |||
1011 | static inline int tcp_paws_reject(const struct tcp_options_received *rx_opt, | ||
1012 | int rst) | ||
1013 | { | ||
1014 | if (tcp_paws_check(rx_opt, 0)) | ||
1005 | return 0; | 1015 | return 0; |
1006 | 1016 | ||
1007 | /* RST segments are not recommended to carry timestamp, | 1017 | /* RST segments are not recommended to carry timestamp, |
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index f527a16a7b33..b7d02c5dd6da 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c | |||
@@ -3883,8 +3883,7 @@ static inline void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq) | |||
3883 | * Not only, also it occurs for expired timestamps. | 3883 | * Not only, also it occurs for expired timestamps. |
3884 | */ | 3884 | */ |
3885 | 3885 | ||
3886 | if ((s32)(tp->rx_opt.rcv_tsval - tp->rx_opt.ts_recent) >= 0 || | 3886 | if (tcp_paws_check(&tp->rx_opt, 0)) |
3887 | get_seconds() >= tp->rx_opt.ts_recent_stamp + TCP_PAWS_24DAYS) | ||
3888 | tcp_store_ts_recent(tp); | 3887 | tcp_store_ts_recent(tp); |
3889 | } | 3888 | } |
3890 | } | 3889 | } |
@@ -3936,9 +3935,9 @@ static inline int tcp_paws_discard(const struct sock *sk, | |||
3936 | const struct sk_buff *skb) | 3935 | const struct sk_buff *skb) |
3937 | { | 3936 | { |
3938 | const struct tcp_sock *tp = tcp_sk(sk); | 3937 | const struct tcp_sock *tp = tcp_sk(sk); |
3939 | return ((s32)(tp->rx_opt.ts_recent - tp->rx_opt.rcv_tsval) > TCP_PAWS_WINDOW && | 3938 | |
3940 | get_seconds() < tp->rx_opt.ts_recent_stamp + TCP_PAWS_24DAYS && | 3939 | return !tcp_paws_check(&tp->rx_opt, TCP_PAWS_WINDOW) && |
3941 | !tcp_disordered_ack(sk, skb)); | 3940 | !tcp_disordered_ack(sk, skb); |
3942 | } | 3941 | } |
3943 | 3942 | ||
3944 | /* Check segment sequence number for validity. | 3943 | /* Check segment sequence number for validity. |
@@ -5513,7 +5512,7 @@ discard: | |||
5513 | 5512 | ||
5514 | /* PAWS check. */ | 5513 | /* PAWS check. */ |
5515 | if (tp->rx_opt.ts_recent_stamp && tp->rx_opt.saw_tstamp && | 5514 | if (tp->rx_opt.ts_recent_stamp && tp->rx_opt.saw_tstamp && |
5516 | tcp_paws_check(&tp->rx_opt, 0)) | 5515 | tcp_paws_reject(&tp->rx_opt, 0)) |
5517 | goto discard_and_undo; | 5516 | goto discard_and_undo; |
5518 | 5517 | ||
5519 | if (th->syn) { | 5518 | if (th->syn) { |
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index 4b0df3e6b609..43bbba7926ee 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c | |||
@@ -107,7 +107,7 @@ tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb, | |||
107 | if (tmp_opt.saw_tstamp) { | 107 | if (tmp_opt.saw_tstamp) { |
108 | tmp_opt.ts_recent = tcptw->tw_ts_recent; | 108 | tmp_opt.ts_recent = tcptw->tw_ts_recent; |
109 | tmp_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp; | 109 | tmp_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp; |
110 | paws_reject = tcp_paws_check(&tmp_opt, th->rst); | 110 | paws_reject = tcp_paws_reject(&tmp_opt, th->rst); |
111 | } | 111 | } |
112 | } | 112 | } |
113 | 113 | ||
@@ -511,7 +511,7 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb, | |||
511 | * from another data. | 511 | * from another data. |
512 | */ | 512 | */ |
513 | tmp_opt.ts_recent_stamp = get_seconds() - ((TCP_TIMEOUT_INIT/HZ)<<req->retrans); | 513 | tmp_opt.ts_recent_stamp = get_seconds() - ((TCP_TIMEOUT_INIT/HZ)<<req->retrans); |
514 | paws_reject = tcp_paws_check(&tmp_opt, th->rst); | 514 | paws_reject = tcp_paws_reject(&tmp_opt, th->rst); |
515 | } | 515 | } |
516 | } | 516 | } |
517 | 517 | ||