git://git.onelab.eu
/
linux-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fedora core 6 1.2949 + vserver 2.2.0
[linux-2.6.git]
/
net
/
ipv4
/
syncookies.c
diff --git
a/net/ipv4/syncookies.c
b/net/ipv4/syncookies.c
index
e20be33
..
6b19530
100644
(file)
--- a/
net/ipv4/syncookies.c
+++ b/
net/ipv4/syncookies.c
@@
-35,23
+35,23
@@
module_init(init_syncookies);
#define COOKIEBITS 24 /* Upper bits store count */
#define COOKIEMASK (((__u32)1 << COOKIEBITS) - 1)
#define COOKIEBITS 24 /* Upper bits store count */
#define COOKIEMASK (((__u32)1 << COOKIEBITS) - 1)
-static u32 cookie_hash(
u32 saddr, u32 daddr, u32 sport, u32
dport,
+static u32 cookie_hash(
__be32 saddr, __be32 daddr, __be16 sport, __be16
dport,
u32 count, int c)
{
__u32 tmp[16 + 5 + SHA_WORKSPACE_WORDS];
memcpy(tmp + 3, syncookie_secret[c], sizeof(syncookie_secret[c]));
u32 count, int c)
{
__u32 tmp[16 + 5 + SHA_WORKSPACE_WORDS];
memcpy(tmp + 3, syncookie_secret[c], sizeof(syncookie_secret[c]));
- tmp[0] = saddr;
- tmp[1] = daddr;
- tmp[2] = (
sport << 16) +
dport;
+ tmp[0] =
(__force u32)
saddr;
+ tmp[1] =
(__force u32)
daddr;
+ tmp[2] = (
(__force u32)sport << 16) + (__force u32)
dport;
tmp[3] = count;
sha_transform(tmp + 16, (__u8 *)tmp, tmp + 16 + 5);
return tmp[17];
}
tmp[3] = count;
sha_transform(tmp + 16, (__u8 *)tmp, tmp + 16 + 5);
return tmp[17];
}
-static __u32 secure_tcp_syn_cookie(__
u32 saddr, __u32 daddr, __u
16 sport,
- __
u
16 dport, __u32 sseq, __u32 count,
+static __u32 secure_tcp_syn_cookie(__
be32 saddr, __be32 daddr, __be
16 sport,
+ __
be
16 dport, __u32 sseq, __u32 count,
__u32 data)
{
/*
__u32 data)
{
/*
@@
-80,8
+80,8
@@
static __u32 secure_tcp_syn_cookie(__u32 saddr, __u32 daddr, __u16 sport,
* "maxdiff" if the current (passed-in) "count". The return value
* is (__u32)-1 if this test fails.
*/
* "maxdiff" if the current (passed-in) "count". The return value
* is (__u32)-1 if this test fails.
*/
-static __u32 check_tcp_syn_cookie(__u32 cookie, __
u32 saddr, __u
32 daddr,
- __
u16 sport, __u
16 dport, __u32 sseq,
+static __u32 check_tcp_syn_cookie(__u32 cookie, __
be32 saddr, __be
32 daddr,
+ __
be16 sport, __be
16 dport, __u32 sseq,
__u32 count, __u32 maxdiff)
{
__u32 diff;
__u32 count, __u32 maxdiff)
{
__u32 diff;
@@
-214,9
+214,13
@@
struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
if (!req)
goto out;
if (!req)
goto out;
+ if (security_inet_conn_request(sk, skb, req)) {
+ reqsk_free(req);
+ goto out;
+ }
ireq = inet_rsk(req);
treq = tcp_rsk(req);
ireq = inet_rsk(req);
treq = tcp_rsk(req);
- treq->rcv_isn =
hton
l(skb->h.th->seq) - 1;
+ treq->rcv_isn =
ntoh
l(skb->h.th->seq) - 1;
treq->snt_isn = cookie;
req->mss = mss;
ireq->rmt_port = skb->h.th->source;
treq->snt_isn = cookie;
req->mss = mss;
ireq->rmt_port = skb->h.th->source;
@@
-259,6
+263,7
@@
struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
.uli_u = { .ports =
{ .sport = skb->h.th->dest,
.dport = skb->h.th->source } } };
.uli_u = { .ports =
{ .sport = skb->h.th->dest,
.dport = skb->h.th->source } } };
+ security_req_classify_flow(req, &fl);
if (ip_route_output_key(&rt, &fl)) {
reqsk_free(req);
goto out;
if (ip_route_output_key(&rt, &fl)) {
reqsk_free(req);
goto out;