Commit 2051f11f authored by Florian Westphal's avatar Florian Westphal Committed by David S. Miller

[TCP]: Shrink syncookie_secret by 8 byte.

the first u32 copied from syncookie_secret is overwritten by the
minute-counter four lines below.  After adjusting the destination
address, the size of syncookie_secret can be reduced accordingly.

AFAICS, the only other user of syncookie_secret[] is the ipv6
syncookie support.  Because ipv6 syncookies only grab 44 bytes from
syncookie_secret[], this shouldn't affect them in any way.

With fixes from Glenn Griffin.
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Acked-by: default avatarGlenn Griffin <ggriffin.kernel@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 310afe86
...@@ -436,7 +436,7 @@ extern int tcp_disconnect(struct sock *sk, int flags); ...@@ -436,7 +436,7 @@ extern int tcp_disconnect(struct sock *sk, int flags);
extern void tcp_unhash(struct sock *sk); extern void tcp_unhash(struct sock *sk);
/* From syncookies.c */ /* From syncookies.c */
extern __u32 syncookie_secret[2][16-3+SHA_DIGEST_WORDS]; extern __u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS];
extern struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, extern struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
struct ip_options *opt); struct ip_options *opt);
extern __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, extern __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb,
......
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
extern int sysctl_tcp_syncookies; extern int sysctl_tcp_syncookies;
__u32 syncookie_secret[2][16-3+SHA_DIGEST_WORDS]; __u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS];
EXPORT_SYMBOL(syncookie_secret); EXPORT_SYMBOL(syncookie_secret);
static __init int init_syncookies(void) static __init int init_syncookies(void)
...@@ -41,7 +41,7 @@ static u32 cookie_hash(__be32 saddr, __be32 daddr, __be16 sport, __be16 dport, ...@@ -41,7 +41,7 @@ static u32 cookie_hash(__be32 saddr, __be32 daddr, __be16 sport, __be16 dport,
{ {
__u32 *tmp = __get_cpu_var(cookie_scratch); __u32 *tmp = __get_cpu_var(cookie_scratch);
memcpy(tmp + 3, syncookie_secret[c], sizeof(syncookie_secret[c])); memcpy(tmp + 4, syncookie_secret[c], sizeof(syncookie_secret[c]));
tmp[0] = (__force u32)saddr; tmp[0] = (__force u32)saddr;
tmp[1] = (__force u32)daddr; tmp[1] = (__force u32)daddr;
tmp[2] = ((__force u32)sport << 16) + (__force u32)dport; tmp[2] = ((__force u32)sport << 16) + (__force u32)dport;
......
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
#include <net/tcp.h> #include <net/tcp.h>
extern int sysctl_tcp_syncookies; extern int sysctl_tcp_syncookies;
extern __u32 syncookie_secret[2][16-3+SHA_DIGEST_WORDS]; extern __u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS];
#define COOKIEBITS 24 /* Upper bits store count */ #define COOKIEBITS 24 /* Upper bits store count */
#define COOKIEMASK (((__u32)1 << COOKIEBITS) - 1) #define COOKIEMASK (((__u32)1 << COOKIEBITS) - 1)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment