Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c6aefafb authored by Glenn Griffin's avatar Glenn Griffin Committed by YOSHIFUJI Hideaki
Browse files

[TCP]: Add IPv6 support to TCP SYN cookies 



Updated to incorporate Eric's suggestion of using a per cpu buffer
rather than allocating on the stack.  Just a two line change, but will
resend in it's entirety.

Signed-off-by: default avatarGlenn Griffin <ggriffin.kernel@gmail.com>
Signed-off-by: default avatarYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
parent 11baab7a

include/net/tcp.h

+8 −0
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ 
#include <linux/skbuff.h>

#include <linux/dmaengine.h>

#include <linux/crypto.h>

#include <linux/cryptohash.h>



#include <net/inet_connection_sock.h>

#include <net/inet_timewait_sock.h>
@@ -434,11 +435,17 @@ extern int tcp_disconnect(struct sock *sk, int flags); 
extern void			tcp_unhash(struct sock *sk);



/* From syncookies.c */

extern __u32 syncookie_secret[2][16-3+SHA_DIGEST_WORDS];

extern struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, 

				    struct ip_options *opt);

extern __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, 

				     __u16 *mss);



/* From net/ipv6/syncookies.c */

extern struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb);

extern __u32 cookie_v6_init_sequence(struct sock *sk, struct sk_buff *skb,

				     __u16 *mss);



/* tcp_output.c */



extern void __tcp_push_pending_frames(struct sock *sk, unsigned int cur_mss,
@@ -1332,6 +1339,7 @@ extern int tcp_proc_register(struct tcp_seq_afinfo *afinfo); 
extern void tcp_proc_unregister(struct tcp_seq_afinfo *afinfo);



extern struct request_sock_ops tcp_request_sock_ops;

extern struct request_sock_ops tcp6_request_sock_ops;



extern int tcp_v4_destroy_sock(struct sock *sk);

net/ipv4/syncookies.c

+3 −4
Original line number Diff line number Diff line
@@ -10,8 +10,6 @@ 
 *      2 of the License, or (at your option) any later version.

 *

 *  $Id: syncookies.c,v 1.18 2002/02/01 22:01:04 davem Exp $

 *

 *  Missing: IPv6 support.

 */



#include <linux/tcp.h>
@@ -23,14 +21,15 @@ 


extern int sysctl_tcp_syncookies;



static __u32 syncookie_secret[2][16-3+SHA_DIGEST_WORDS];

__u32 syncookie_secret[2][16-3+SHA_DIGEST_WORDS];

EXPORT_SYMBOL(syncookie_secret);



static __init int init_syncookies(void)

{

	get_random_bytes(syncookie_secret, sizeof(syncookie_secret));

	return 0;

}

module_init(init_syncookies);

__initcall(init_syncookies);



#define COOKIEBITS 24	/* Upper bits store count */

#define COOKIEMASK (((__u32)1 << COOKIEBITS) - 1)

net/ipv4/tcp_input.c

+1 −0
Original line number Diff line number Diff line
@@ -5326,6 +5326,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, 


EXPORT_SYMBOL(sysctl_tcp_ecn);

EXPORT_SYMBOL(sysctl_tcp_reordering);

EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);

EXPORT_SYMBOL(tcp_parse_options);

EXPORT_SYMBOL(tcp_rcv_established);

EXPORT_SYMBOL(tcp_rcv_state_process);

net/ipv4/tcp_minisocks.c

+2 −0
Original line number Diff line number Diff line
@@ -35,6 +35,8 @@ 
#endif



int sysctl_tcp_syncookies __read_mostly = SYNC_INIT;

EXPORT_SYMBOL(sysctl_tcp_syncookies);



int sysctl_tcp_abort_on_overflow __read_mostly;



struct inet_timewait_death_row tcp_death_row = {

net/ipv4/tcp_output.c

+1 −0
Original line number Diff line number Diff line
@@ -2560,6 +2560,7 @@ void tcp_send_probe0(struct sock *sk) 
	}

}



EXPORT_SYMBOL(tcp_select_initial_window);

EXPORT_SYMBOL(tcp_connect);

EXPORT_SYMBOL(tcp_make_synack);

EXPORT_SYMBOL(tcp_simple_retransmit);