3 files changed, 21 insertions, 12 deletions
diff --git a/include/net/tcp.h b/include/net/tcp.h
index d74ac301e6bc..255ca35bea05 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -997,11 +997,21 @@ static inline int tcp_fin_time(const struct sock *sk)
        return fin_timeout;
 }
-static inline int tcp_paws_check(const struct tcp_options_received *rx_opt, int rst)
+static inline int tcp_paws_check(const struct tcp_options_received *rx_opt,
+                                 int paws_win)
 {
-        if ((s32)(rx_opt->rcv_tsval - rx_opt->ts_recent) >= 0)
+        if ((s32)(rx_opt->ts_recent - rx_opt->rcv_tsval) <= paws_win)
-                return 0;
+                return 1;
-        if (get_seconds() >= rx_opt->ts_recent_stamp + TCP_PAWS_24DAYS)
+        if (unlikely(get_seconds() >= rx_opt->ts_recent_stamp + TCP_PAWS_24DAYS))
+                return 1;
+        return 0;
+}
+static inline int tcp_paws_reject(const struct tcp_options_received *rx_opt,
+                                  int rst)
+{
+        if (tcp_paws_check(rx_opt, 0))
                return 0;
        /* RST segments are not recommended to carry timestamp,
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index f527a16a7b33..b7d02c5dd6da 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -3883,8 +3883,7 @@ static inline void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq)
                 * Not only, also it occurs for expired timestamps.
                 */
-                if ((s32)(tp->rx_opt.rcv_tsval - tp->rx_opt.ts_recent) >= 0 ||
+                if (tcp_paws_check(&tp->rx_opt, 0))
-                   get_seconds() >= tp->rx_opt.ts_recent_stamp + TCP_PAWS_24DAYS)
                        tcp_store_ts_recent(tp);
        }
 }
@@ -3936,9 +3935,9 @@ static inline int tcp_paws_discard(const struct sock *sk,
                                   const struct sk_buff *skb)
 {
        const struct tcp_sock *tp = tcp_sk(sk);
-        return ((s32)(tp->rx_opt.ts_recent - tp->rx_opt.rcv_tsval) > TCP_PAWS_WINDOW &&
-                get_seconds() < tp->rx_opt.ts_recent_stamp + TCP_PAWS_24DAYS &&
+        return !tcp_paws_check(&tp->rx_opt, TCP_PAWS_WINDOW) &&
-                !tcp_disordered_ack(sk, skb));
+               !tcp_disordered_ack(sk, skb);
 }
 /* Check segment sequence number for validity.
@@ -5513,7 +5512,7 @@ discard:
        /* PAWS check. */
        if (tp->rx_opt.ts_recent_stamp && tp->rx_opt.saw_tstamp &&
-            tcp_paws_check(&tp->rx_opt, 0))
+            tcp_paws_reject(&tp->rx_opt, 0))
                goto discard_and_undo;
        if (th->syn) {
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 4b0df3e6b609..43bbba7926ee 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -107,7 +107,7 @@ tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb,
                if (tmp_opt.saw_tstamp) {
                        tmp_opt.ts_recent       = tcptw->tw_ts_recent;
                        tmp_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
-                        paws_reject = tcp_paws_check(&tmp_opt, th->rst);
+                        paws_reject = tcp_paws_reject(&tmp_opt, th->rst);
                }
        }
@@ -511,7 +511,7 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
                         * from another data.
                         */
                        tmp_opt.ts_recent_stamp = get_seconds() - ((TCP_TIMEOUT_INIT/HZ)<<req->retrans);
-                        paws_reject = tcp_paws_check(&tmp_opt, th->rst);
+                        paws_reject = tcp_paws_reject(&tmp_opt, th->rst);
                }
        }

diff --git a/include/net/tcp.h b/include/net/tcp.h index d74ac301e6bc..255ca35bea05 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h
@@ -997,11 +997,21 @@ static inline int tcp_fin_time(const struct sock *sk)
997	return fin_timeout;	997	return fin_timeout;
998	}	998	}
999		999
1000	static inline int tcp_paws_check(const struct tcp_options_received *rx_opt, int rst)	1000	static inline int tcp_paws_check(const struct tcp_options_received *rx_opt,
		1001	int paws_win)
1001	{	1002	{
1002	if ((s32)(rx_opt->rcv_tsval - rx_opt->ts_recent) >= 0)	1003	if ((s32)(rx_opt->ts_recent - rx_opt->rcv_tsval) <= paws_win)
1003	return 0;	1004	return 1;
1004	if (get_seconds() >= rx_opt->ts_recent_stamp + TCP_PAWS_24DAYS)	1005	if (unlikely(get_seconds() >= rx_opt->ts_recent_stamp + TCP_PAWS_24DAYS))
		1006	return 1;
		1007
		1008	return 0;
		1009	}
		1010
		1011	static inline int tcp_paws_reject(const struct tcp_options_received *rx_opt,
		1012	int rst)
		1013	{
		1014	if (tcp_paws_check(rx_opt, 0))
1005	return 0;	1015	return 0;
1006		1016
1007	/* RST segments are not recommended to carry timestamp,	1017	/* RST segments are not recommended to carry timestamp,


diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index f527a16a7b33..b7d02c5dd6da 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c
@@ -3883,8 +3883,7 @@ static inline void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq)
3883	* Not only, also it occurs for expired timestamps.	3883	* Not only, also it occurs for expired timestamps.
3884	*/	3884	*/
3885		3885
3886	if ((s32)(tp->rx_opt.rcv_tsval - tp->rx_opt.ts_recent) >= 0 \|\|	3886	if (tcp_paws_check(&tp->rx_opt, 0))
3887	get_seconds() >= tp->rx_opt.ts_recent_stamp + TCP_PAWS_24DAYS)
3888	tcp_store_ts_recent(tp);	3887	tcp_store_ts_recent(tp);
3889	}	3888	}
3890	}	3889	}
@@ -3936,9 +3935,9 @@ static inline int tcp_paws_discard(const struct sock *sk,
3936	const struct sk_buff *skb)	3935	const struct sk_buff *skb)
3937	{	3936	{
3938	const struct tcp_sock *tp = tcp_sk(sk);	3937	const struct tcp_sock *tp = tcp_sk(sk);
3939	return ((s32)(tp->rx_opt.ts_recent - tp->rx_opt.rcv_tsval) > TCP_PAWS_WINDOW &&	3938
3940	get_seconds() < tp->rx_opt.ts_recent_stamp + TCP_PAWS_24DAYS &&	3939	return !tcp_paws_check(&tp->rx_opt, TCP_PAWS_WINDOW) &&
3941	!tcp_disordered_ack(sk, skb));	3940	!tcp_disordered_ack(sk, skb);
3942	}	3941	}
3943		3942
3944	/* Check segment sequence number for validity.	3943	/* Check segment sequence number for validity.
@@ -5513,7 +5512,7 @@ discard:
5513		5512
5514	/* PAWS check. */	5513	/* PAWS check. */
5515	if (tp->rx_opt.ts_recent_stamp && tp->rx_opt.saw_tstamp &&	5514	if (tp->rx_opt.ts_recent_stamp && tp->rx_opt.saw_tstamp &&
5516	tcp_paws_check(&tp->rx_opt, 0))	5515	tcp_paws_reject(&tp->rx_opt, 0))
5517	goto discard_and_undo;	5516	goto discard_and_undo;
5518		5517
5519	if (th->syn) {	5518	if (th->syn) {


diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index 4b0df3e6b609..43bbba7926ee 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c
@@ -107,7 +107,7 @@ tcp_timewait_state_process(struct inet_timewait_sock tw, struct sk_buff skb,
107	if (tmp_opt.saw_tstamp) {	107	if (tmp_opt.saw_tstamp) {
108	tmp_opt.ts_recent = tcptw->tw_ts_recent;	108	tmp_opt.ts_recent = tcptw->tw_ts_recent;
109	tmp_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;	109	tmp_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
110	paws_reject = tcp_paws_check(&tmp_opt, th->rst);	110	paws_reject = tcp_paws_reject(&tmp_opt, th->rst);
111	}	111	}
112	}	112	}
113		113
@@ -511,7 +511,7 @@ struct sock tcp_check_req(struct sock sk, struct sk_buff *skb,
511	* from another data.	511	* from another data.
512	*/	512	*/
513	tmp_opt.ts_recent_stamp = get_seconds() - ((TCP_TIMEOUT_INIT/HZ)<<req->retrans);	513	tmp_opt.ts_recent_stamp = get_seconds() - ((TCP_TIMEOUT_INIT/HZ)<<req->retrans);
514	paws_reject = tcp_paws_check(&tmp_opt, th->rst);	514	paws_reject = tcp_paws_reject(&tmp_opt, th->rst);
515	}	515	}
516	}	516	}
517		517