lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 02 Oct 2009 10:58:13 -0400
From:	William Allen Simpson <william.allen.simpson@...il.com>
To:	netdev@...r.kernel.org
Subject: [PATCH] TCPCT-1: adding a sysctl

Stephen Hemminger wrote:
> BUT numbered sysctl values are deprecated and should no longer be added.
> The current way is to use CTL_UNNUMBERED instead, if you use CTL_UNNUMBERED
> then the table does not need to be changed.
> 
Thank you, that was immensely helpful.  I was using an old (related) example.

While I've long had credit in BSD-derived systems, this is the first I've
tried to implement for Linux kernel -- although I did give permission 15 or so
years ago for a fair amount of my stuff to be ported here under GPL....

This is a straightforward re-implementation of an earlier patch, that no
longer applies cleanly, that was reviewed:

   http://thread.gmane.org/gmane.linux.network/102586

With the original author's permission:

Adam Langley wrote:
# I'm afraid that my draft is now mostly dead!
#
# Please feel free to use any of the code that you found if it helps you
# and all the best with it,
#

The principle difference is using a TCP option to carry the cookie nonce,
instead of an offset to a random nonce in the data.  This allows several
related concepts to use the same extension option.  This cookie option has
been suggested for many years.

   http://www.merit.net/mail.archives/nanog/1996-09/msg00235.html

Also, as mentioned earlier, I added a sysctl to turn on and off the cookie
feature globally.  The cookies are useful even without SYN data.

Since I'm new around here, this first patch is just the ioctl and sysctl.

Any suggestions for improvement?  Or general approval?


View attachment "tcpct-1.patch" of type "text/plain" (11083 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ