diff options
Diffstat (limited to 'net/ipv6/tcp_ipv6.c')
| -rw-r--r-- | net/ipv6/tcp_ipv6.c | 31 |
1 files changed, 3 insertions, 28 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 44a5859535b5..12bdb9af96e5 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
| @@ -531,20 +531,6 @@ static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req, | |||
| 531 | return tcp_v6_send_synack(sk, req, rvp); | 531 | return tcp_v6_send_synack(sk, req, rvp); |
| 532 | } | 532 | } |
| 533 | 533 | ||
| 534 | static inline void syn_flood_warning(struct sk_buff *skb) | ||
| 535 | { | ||
| 536 | #ifdef CONFIG_SYN_COOKIES | ||
| 537 | if (sysctl_tcp_syncookies) | ||
| 538 | printk(KERN_INFO | ||
| 539 | "TCPv6: Possible SYN flooding on port %d. " | ||
| 540 | "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest)); | ||
| 541 | else | ||
| 542 | #endif | ||
| 543 | printk(KERN_INFO | ||
| 544 | "TCPv6: Possible SYN flooding on port %d. " | ||
| 545 | "Dropping request.\n", ntohs(tcp_hdr(skb)->dest)); | ||
| 546 | } | ||
| 547 | |||
| 548 | static void tcp_v6_reqsk_destructor(struct request_sock *req) | 534 | static void tcp_v6_reqsk_destructor(struct request_sock *req) |
| 549 | { | 535 | { |
| 550 | kfree_skb(inet6_rsk(req)->pktopts); | 536 | kfree_skb(inet6_rsk(req)->pktopts); |
| @@ -1179,11 +1165,7 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1179 | struct tcp_sock *tp = tcp_sk(sk); | 1165 | struct tcp_sock *tp = tcp_sk(sk); |
| 1180 | __u32 isn = TCP_SKB_CB(skb)->when; | 1166 | __u32 isn = TCP_SKB_CB(skb)->when; |
| 1181 | struct dst_entry *dst = NULL; | 1167 | struct dst_entry *dst = NULL; |
| 1182 | #ifdef CONFIG_SYN_COOKIES | ||
| 1183 | int want_cookie = 0; | 1168 | int want_cookie = 0; |
| 1184 | #else | ||
| 1185 | #define want_cookie 0 | ||
| 1186 | #endif | ||
| 1187 | 1169 | ||
| 1188 | if (skb->protocol == htons(ETH_P_IP)) | 1170 | if (skb->protocol == htons(ETH_P_IP)) |
| 1189 | return tcp_v4_conn_request(sk, skb); | 1171 | return tcp_v4_conn_request(sk, skb); |
| @@ -1192,14 +1174,9 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1192 | goto drop; | 1174 | goto drop; |
| 1193 | 1175 | ||
| 1194 | if (inet_csk_reqsk_queue_is_full(sk) && !isn) { | 1176 | if (inet_csk_reqsk_queue_is_full(sk) && !isn) { |
| 1195 | if (net_ratelimit()) | 1177 | want_cookie = tcp_syn_flood_action(sk, skb, "TCPv6"); |
| 1196 | syn_flood_warning(skb); | 1178 | if (!want_cookie) |
| 1197 | #ifdef CONFIG_SYN_COOKIES | 1179 | goto drop; |
| 1198 | if (sysctl_tcp_syncookies) | ||
| 1199 | want_cookie = 1; | ||
| 1200 | else | ||
| 1201 | #endif | ||
| 1202 | goto drop; | ||
| 1203 | } | 1180 | } |
| 1204 | 1181 | ||
| 1205 | if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) | 1182 | if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) |
| @@ -1249,9 +1226,7 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1249 | while (l-- > 0) | 1226 | while (l-- > 0) |
| 1250 | *c++ ^= *hash_location++; | 1227 | *c++ ^= *hash_location++; |
| 1251 | 1228 | ||
| 1252 | #ifdef CONFIG_SYN_COOKIES | ||
| 1253 | want_cookie = 0; /* not our kind of cookie */ | 1229 | want_cookie = 0; /* not our kind of cookie */ |
| 1254 | #endif | ||
| 1255 | tmp_ext.cookie_out_never = 0; /* false */ | 1230 | tmp_ext.cookie_out_never = 0; /* false */ |
| 1256 | tmp_ext.cookie_plus = tmp_opt.cookie_plus; | 1231 | tmp_ext.cookie_plus = tmp_opt.cookie_plus; |
| 1257 | } else if (!tp->rx_opt.cookie_in_always) { | 1232 | } else if (!tp->rx_opt.cookie_in_always) { |