Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5d2ed052 authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller
Browse files

tcp: Namespaceify sysctl_tcp_timestamps 



Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9bb37ef0

include/net/netns/ipv4.h

+1 −0
Original line number Diff line number Diff line
@@ -124,6 +124,7 @@ struct netns_ipv4 { 
	int sysctl_tcp_tw_reuse;

	int sysctl_tcp_sack;

	int sysctl_tcp_window_scaling;

	int sysctl_tcp_timestamps;

	struct inet_timewait_death_row tcp_death_row;

	int sysctl_max_syn_backlog;

include/net/secure_seq.h

+3 −2
Original line number Diff line number Diff line
@@ -8,10 +8,11 @@ u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, 
			       __be16 dport);

u32 secure_tcp_seq(__be32 saddr, __be32 daddr,

		   __be16 sport, __be16 dport);

u32 secure_tcp_ts_off(__be32 saddr, __be32 daddr);

u32 secure_tcp_ts_off(const struct net *net, __be32 saddr, __be32 daddr);

u32 secure_tcpv6_seq(const __be32 *saddr, const __be32 *daddr,

		     __be16 sport, __be16 dport);

u32 secure_tcpv6_ts_off(const __be32 *saddr, const __be32 *daddr);

u32 secure_tcpv6_ts_off(const struct net *net,

			const __be32 *saddr, const __be32 *daddr);

u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr,

				__be16 sport, __be16 dport);

u64 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr,

include/net/tcp.h

+1 −2
Original line number Diff line number Diff line
@@ -237,7 +237,6 @@ void tcp_time_wait(struct sock *sk, int state, int timeo); 




/* sysctl variables for tcp */

extern int sysctl_tcp_timestamps;

extern int sysctl_tcp_fastopen;

extern int sysctl_tcp_retrans_collapse;

extern int sysctl_tcp_stdurg;
@@ -1869,7 +1868,7 @@ struct tcp_request_sock_ops { 
	struct dst_entry *(*route_req)(const struct sock *sk, struct flowi *fl,

				       const struct request_sock *req);

	u32 (*init_seq)(const struct sk_buff *skb);

	u32 (*init_ts_off)(const struct sk_buff *skb);

	u32 (*init_ts_off)(const struct net *net, const struct sk_buff *skb);

	int (*send_synack)(const struct sock *sk, struct dst_entry *dst,

			   struct flowi *fl, struct request_sock *req,

			   struct tcp_fastopen_cookie *foc,

net/core/secure_seq.c

+5 −4
Original line number Diff line number Diff line
@@ -51,7 +51,8 @@ static u32 seq_scale(u32 seq) 
#endif



#if IS_ENABLED(CONFIG_IPV6)

u32 secure_tcpv6_ts_off(const __be32 *saddr, const __be32 *daddr)

u32 secure_tcpv6_ts_off(const struct net *net,

			const __be32 *saddr, const __be32 *daddr)

{

	const struct {

		struct in6_addr saddr;
@@ -61,7 +62,7 @@ u32 secure_tcpv6_ts_off(const __be32 *saddr, const __be32 *daddr) 
		.daddr = *(struct in6_addr *)daddr,

	};



	if (sysctl_tcp_timestamps != 1)

	if (net->ipv4.sysctl_tcp_timestamps != 1)

		return 0;



	ts_secret_init();
@@ -113,9 +114,9 @@ EXPORT_SYMBOL(secure_ipv6_port_ephemeral); 
#endif



#ifdef CONFIG_INET

u32 secure_tcp_ts_off(__be32 saddr, __be32 daddr)

u32 secure_tcp_ts_off(const struct net *net, __be32 saddr, __be32 daddr)

{

	if (sysctl_tcp_timestamps != 1)

	if (net->ipv4.sysctl_tcp_timestamps != 1)

		return 0;



	ts_secret_init();

net/ipv4/syncookies.c

+4 −2
Original line number Diff line number Diff line
@@ -243,7 +243,7 @@ bool cookie_timestamp_decode(const struct net *net, 
		return true;

	}



	if (!sysctl_tcp_timestamps)

	if (!net->ipv4.sysctl_tcp_timestamps)

		return false;



	tcp_opt->sack_ok = (options & TS_OPT_SACK) ? TCP_SACK_SEEN : 0;
@@ -316,7 +316,9 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) 
	tcp_parse_options(sock_net(sk), skb, &tcp_opt, 0, NULL);



	if (tcp_opt.saw_tstamp && tcp_opt.rcv_tsecr) {

		tsoff = secure_tcp_ts_off(ip_hdr(skb)->daddr, ip_hdr(skb)->saddr);

		tsoff = secure_tcp_ts_off(sock_net(sk),

					  ip_hdr(skb)->daddr,

					  ip_hdr(skb)->saddr);

		tcp_opt.rcv_tsecr -= tsoff;

	}