| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Nov 2009 07:32:38 +0100 From: Eric Dumazet <eric.dumazet@...il.com> To: William Allen Simpson <william.allen.simpson@...il.com> CC: Linux Kernel Network Developers <netdev@...r.kernel.org> Subject: Re: [net-next-2.6 PATCH v6 4/7 RFC] TCPCT part 1d: define TCP cookie option, extend existing struct's William Allen Simpson a écrit : > Data structures are carefully composed to require minimal additions. > For example, the struct tcp_options_received cookie_plus variable fits > between existing 16-bit and 8-bit variables, requiring no additional > space (taking alignment into consideration). There are no additions to > tcp_request_sock, and only 1 pointer in tcp_sock. > > This is a significantly revised implementation of an earlier (year-old) > patch that no longer applies cleanly, with permission of the original > author (Adam Langley): > > http://thread.gmane.org/gmane.linux.network/102586 > > The principle difference is using a TCP option to carry the cookie nonce, > instead of a user configured offset in the data. This is more flexible and > less subject to user configuration error. Such a cookie option has been > suggested for many years, and is also useful without SYN data, allowing > several related concepts to use the same extension option. > > "Re: SYN floods (was: does history repeat itself?)", September 9, 1996. > http://www.merit.net/mail.archives/nanog/1996-09/msg00235.html > > "Re: what a new TCP header might look like", May 12, 1998. > ftp://ftp.isi.edu/end2end/end2end-interest-1998.mail > > These functions will also be used in subsequent patches that implement > additional features. > > Requires: > TCPCT part 1a: add request_values parameter for sending SYNACK > TCPCT part 1b: generate Responder Cookie > TCPCT part 1c: sysctl_tcp_cookie_size, socket option > TCP_COOKIE_TRANSACTIONS > > Signed-off-by: William.Allen.Simpson@...il.com > --- > include/linux/tcp.h | 29 ++++++++++++++++---- > include/net/tcp.h | 72 > +++++++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 95 insertions(+), 6 deletions(-) > +/** + * A tcp_sock contains a pointer to the current value, and this is cloned to + * the tcp_timewait_sock. + * + * @cookie_pair: variable data from the option exchange. + * + * @cookie_desired: user specified tcpct_cookie_desired. Zero + * indicates default (sysctl_tcp_cookie_size). + * After cookie sent, remembers size of cookie. + * Range 0, TCP_COOKIE_MIN to TCP_COOKIE_MAX. + * + * @s_data_desired: user specified tcpct_s_data_desired. When the + * constant payload is specified (@s_data_constant), + * holds its length instead. + * Range 0 to TCP_MSS_DESIRED. + * + * @s_data_payload: constant data that is to be included in the + * payload of SYN or SYNACK segments when the + * cookie option is present. + */ Thanks for this kerneldoc William ;) But header should be : /** * struct tcp_cookie_values - Some description... -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists