diff options
| -rw-r--r-- | include/linux/tcp.h | 4 | ||||
| -rw-r--r-- | include/net/tcp.h | 13 | ||||
| -rw-r--r-- | net/ipv4/syncookies.c | 5 | ||||
| -rw-r--r-- | net/ipv6/syncookies.c | 4 |
4 files changed, 18 insertions, 8 deletions
diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 9d5078bd23a3..8afac76cd748 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h | |||
| @@ -377,7 +377,7 @@ struct tcp_sock { | |||
| 377 | unsigned int keepalive_time; /* time before keep alive takes place */ | 377 | unsigned int keepalive_time; /* time before keep alive takes place */ |
| 378 | unsigned int keepalive_intvl; /* time interval between keep alive probes */ | 378 | unsigned int keepalive_intvl; /* time interval between keep alive probes */ |
| 379 | 379 | ||
| 380 | unsigned long last_synq_overflow; | 380 | int linger2; |
| 381 | 381 | ||
| 382 | /* Receiver side RTT estimation */ | 382 | /* Receiver side RTT estimation */ |
| 383 | struct { | 383 | struct { |
| @@ -406,8 +406,6 @@ struct tcp_sock { | |||
| 406 | /* TCP MD5 Signagure Option information */ | 406 | /* TCP MD5 Signagure Option information */ |
| 407 | struct tcp_md5sig_info *md5sig_info; | 407 | struct tcp_md5sig_info *md5sig_info; |
| 408 | #endif | 408 | #endif |
| 409 | |||
| 410 | int linger2; | ||
| 411 | }; | 409 | }; |
| 412 | 410 | ||
| 413 | static inline struct tcp_sock *tcp_sk(const struct sock *sk) | 411 | static inline struct tcp_sock *tcp_sk(const struct sock *sk) |
diff --git a/include/net/tcp.h b/include/net/tcp.h index 1b94b9bfe2dc..b55b4891029e 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h | |||
| @@ -265,6 +265,19 @@ static inline int tcp_too_many_orphans(struct sock *sk, int num) | |||
| 265 | atomic_read(&tcp_memory_allocated) > sysctl_tcp_mem[2]); | 265 | atomic_read(&tcp_memory_allocated) > sysctl_tcp_mem[2]); |
| 266 | } | 266 | } |
| 267 | 267 | ||
| 268 | /* syncookies: remember time of last synqueue overflow */ | ||
| 269 | static inline void tcp_synq_overflow(struct sock *sk) | ||
| 270 | { | ||
| 271 | tcp_sk(sk)->rx_opt.ts_recent_stamp = jiffies; | ||
| 272 | } | ||
| 273 | |||
| 274 | /* syncookies: no recent synqueue overflow on this listening socket? */ | ||
| 275 | static inline int tcp_synq_no_recent_overflow(const struct sock *sk) | ||
| 276 | { | ||
| 277 | unsigned long last_overflow = tcp_sk(sk)->rx_opt.ts_recent_stamp; | ||
| 278 | return time_after(jiffies, last_overflow + TCP_TIMEOUT_INIT); | ||
| 279 | } | ||
| 280 | |||
| 268 | extern struct proto tcp_prot; | 281 | extern struct proto tcp_prot; |
| 269 | 282 | ||
| 270 | #define TCP_INC_STATS(net, field) SNMP_INC_STATS((net)->mib.tcp_statistics, field) | 283 | #define TCP_INC_STATS(net, field) SNMP_INC_STATS((net)->mib.tcp_statistics, field) |
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index b35a950d2e06..cd2b97f1b6e1 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c | |||
| @@ -161,13 +161,12 @@ static __u16 const msstab[] = { | |||
| 161 | */ | 161 | */ |
| 162 | __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp) | 162 | __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp) |
| 163 | { | 163 | { |
| 164 | struct tcp_sock *tp = tcp_sk(sk); | ||
| 165 | const struct iphdr *iph = ip_hdr(skb); | 164 | const struct iphdr *iph = ip_hdr(skb); |
| 166 | const struct tcphdr *th = tcp_hdr(skb); | 165 | const struct tcphdr *th = tcp_hdr(skb); |
| 167 | int mssind; | 166 | int mssind; |
| 168 | const __u16 mss = *mssp; | 167 | const __u16 mss = *mssp; |
| 169 | 168 | ||
| 170 | tp->last_synq_overflow = jiffies; | 169 | tcp_synq_overflow(sk); |
| 171 | 170 | ||
| 172 | /* XXX sort msstab[] by probability? Binary search? */ | 171 | /* XXX sort msstab[] by probability? Binary search? */ |
| 173 | for (mssind = 0; mss > msstab[mssind + 1]; mssind++) | 172 | for (mssind = 0; mss > msstab[mssind + 1]; mssind++) |
| @@ -268,7 +267,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
| 268 | if (!sysctl_tcp_syncookies || !th->ack) | 267 | if (!sysctl_tcp_syncookies || !th->ack) |
| 269 | goto out; | 268 | goto out; |
| 270 | 269 | ||
| 271 | if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) || | 270 | if (tcp_synq_no_recent_overflow(sk) || |
| 272 | (mss = cookie_check(skb, cookie)) == 0) { | 271 | (mss = cookie_check(skb, cookie)) == 0) { |
| 273 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); | 272 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); |
| 274 | goto out; | 273 | goto out; |
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 711175e0571f..8c2513982b61 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c | |||
| @@ -131,7 +131,7 @@ __u32 cookie_v6_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp) | |||
| 131 | int mssind; | 131 | int mssind; |
| 132 | const __u16 mss = *mssp; | 132 | const __u16 mss = *mssp; |
| 133 | 133 | ||
| 134 | tcp_sk(sk)->last_synq_overflow = jiffies; | 134 | tcp_synq_overflow(sk); |
| 135 | 135 | ||
| 136 | for (mssind = 0; mss > msstab[mssind + 1]; mssind++) | 136 | for (mssind = 0; mss > msstab[mssind + 1]; mssind++) |
| 137 | ; | 137 | ; |
| @@ -175,7 +175,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) | |||
| 175 | if (!sysctl_tcp_syncookies || !th->ack) | 175 | if (!sysctl_tcp_syncookies || !th->ack) |
| 176 | goto out; | 176 | goto out; |
| 177 | 177 | ||
| 178 | if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) || | 178 | if (tcp_synq_no_recent_overflow(sk) || |
| 179 | (mss = cookie_check(skb, cookie)) == 0) { | 179 | (mss = cookie_check(skb, cookie)) == 0) { |
| 180 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); | 180 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); |
| 181 | goto out; | 181 | goto out; |