lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20091121.112249.67550818.davem@davemloft.net>
Date:	Sat, 21 Nov 2009 11:22:49 -0800 (PST)
From:	David Miller <davem@...emloft.net>
To:	william.allen.simpson@...il.com
Cc:	netdev@...r.kernel.org, joe@...ches.com
Subject: Re: [net-next-2.6 PATCH v7 3/7 RFC] TCPCT part 1c:
 sysctl_tcp_cookie_size, socket option TCP_COOKIE_TRANSACTIONS

From: David Miller <davem@...emloft.net>
Date: Sat, 21 Nov 2009 11:18:44 -0800 (PST)

> From: William Allen Simpson <william.allen.simpson@...il.com>
> Date: Sat, 21 Nov 2009 11:51:13 -0500
> 
>> This code was based on net/ipv4/tcp_minisocks.c for syncookies.
>> Apparently, default for syncookies has been controversial.
> 
> I'll have to change that, it doesn't make any sense.  Thanks
> for pointing it out.

Ok, here's what I'll push out to net-next-2.6, thanks again.

tcp: Don't make syn cookies initial setting depend on CONFIG_SYSCTL

That's extremely non-intuitive, noticed by William Allen Simpson.

And let's make the default be on, it's been suggested by a lot of
people so we'll give it a try.

Signed-off-by: David S. Miller <davem@...emloft.net>
---
 net/ipv4/tcp_minisocks.c |    8 +-------
 1 files changed, 1 insertions(+), 7 deletions(-)

diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 4be2228..ab32c18 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -26,13 +26,7 @@
 #include <net/inet_common.h>
 #include <net/xfrm.h>
 
-#ifdef CONFIG_SYSCTL
-#define SYNC_INIT 0 /* let the user enable it */
-#else
-#define SYNC_INIT 1
-#endif
-
-int sysctl_tcp_syncookies __read_mostly = SYNC_INIT;
+int sysctl_tcp_syncookies __read_mostly = 1;
 EXPORT_SYMBOL(sysctl_tcp_syncookies);
 
 int sysctl_tcp_abort_on_overflow __read_mostly;
-- 
1.6.5.3

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ