1 files changed, 24 insertions, 24 deletions

diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 5c24db4a3c91..02bef6aa8b30 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -138,23 +138,23 @@ static __u32 check_tcp_syn_cookie(__u32 cookie, __be32 saddr, __be32 daddr,
 }
 
 /*
- * This table has to be sorted and terminated with (__u16)-1.
- * XXX generate a better table.
- * Unresolved Issues: HIPPI with a 64k MSS is not well supported.
+ * MSS Values are taken from the 2009 paper
+ * 'Measuring TCP Maximum Segment Size' by S. Alcock and R. Nelson:
+ *  - values 1440 to 1460 accounted for 80% of observed mss values
+ *  - values outside the 536-1460 range are rare (<0.2%).
+ *
+ * Table must be sorted.
  */
 static __u16 const msstab[] = {
-        64 - 1,
-        256 - 1,
-        512 - 1,
-        536 - 1,
-        1024 - 1,
-        1440 - 1,
-        1460 - 1,
-        4312 - 1,
-        (__u16)-1
+        64,
+        512,
+        536,
+        1024,
+        1440,
+        1460,
+        4312,
+        8960,
 };
-/* The number doesn't include the -1 terminator */
-#define NUM_MSS (ARRAY_SIZE(msstab) - 1)
 
 /*
  * Generate a syncookie.  mssp points to the mss, which is returned
@@ -169,10 +169,10 @@ __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp)
 
         tcp_synq_overflow(sk);
 
-        /* XXX sort msstab[] by probability?  Binary search? */
-        for (mssind = 0; mss > msstab[mssind + 1]; mssind++)
-                ;
-        *mssp = msstab[mssind] + 1;
+        for (mssind = ARRAY_SIZE(msstab) - 1; mssind ; mssind--)
+                if (mss >= msstab[mssind])
+                        break;
+        *mssp = msstab[mssind];
 
         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESSENT);
 
@@ -202,7 +202,7 @@ static inline int cookie_check(struct sk_buff *skb, __u32 cookie)
                                             jiffies / (HZ * 60),
                                             COUNTER_TRIES);
 
-        return mssind < NUM_MSS ? msstab[mssind] + 1 : 0;
+        return mssind < ARRAY_SIZE(msstab) ? msstab[mssind] : 0;
 }
 
 static inline struct sock *get_cookie_sock(struct sock *sk, struct sk_buff *skb,
@@ -266,7 +266,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
         struct rtable *rt;
         __u8 rcv_wscale;
 
-        if (!sysctl_tcp_syncookies || !th->ack)
+        if (!sysctl_tcp_syncookies || !th->ack || th->rst)
                 goto out;
 
         if (tcp_synq_no_recent_overflow(sk) ||
@@ -347,22 +347,22 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
                                                { .sport = th->dest,
                                                  .dport = th->source } } };
                 security_req_classify_flow(req, &fl);
-                if (ip_route_output_key(&init_net, &rt, &fl)) {
+                if (ip_route_output_key(sock_net(sk), &rt, &fl)) {
                         reqsk_free(req);
                         goto out;
                 }
         }
 
         /* Try to redo what tcp_v4_send_synack did. */
-        req->window_clamp = tp->window_clamp ? :dst_metric(&rt->u.dst, RTAX_WINDOW);
+        req->window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW);
 
         tcp_select_initial_window(tcp_full_space(sk), req->mss,
                                   &req->rcv_wnd, &req->window_clamp,
                                   ireq->wscale_ok, &rcv_wscale,
-                                  dst_metric(&rt->u.dst, RTAX_INITRWND));
+                                  dst_metric(&rt->dst, RTAX_INITRWND));
 
         ireq->rcv_wscale  = rcv_wscale;
 
-        ret = get_cookie_sock(sk, skb, req, &rt->u.dst);
+        ret = get_cookie_sock(sk, skb, req, &rt->dst);
 out:    return ret;
 }