aha/net/ipv6
William Allen Simpson 435cf559f0 TCPCT part 1d: define TCP cookie option, extend existing struct's
Data structures are carefully composed to require minimal additions.
For example, the struct tcp_options_received cookie_plus variable fits
between existing 16-bit and 8-bit variables, requiring no additional
space (taking alignment into consideration).  There are no additions to
tcp_request_sock, and only 1 pointer in tcp_sock.

This is a significantly revised implementation of an earlier (year-old)
patch that no longer applies cleanly, with permission of the original
author (Adam Langley):

    http://thread.gmane.org/gmane.linux.network/102586

The principle difference is using a TCP option to carry the cookie nonce,
instead of a user configured offset in the data.  This is more flexible and
less subject to user configuration error.  Such a cookie option has been
suggested for many years, and is also useful without SYN data, allowing
several related concepts to use the same extension option.

    "Re: SYN floods (was: does history repeat itself?)", September 9, 1996.
    http://www.merit.net/mail.archives/nanog/1996-09/msg00235.html

    "Re: what a new TCP header might look like", May 12, 1998.
    ftp://ftp.isi.edu/end2end/end2end-interest-1998.mail

These functions will also be used in subsequent patches that implement
additional features.

Requires:
   TCPCT part 1a: add request_values parameter for sending SYNACK
   TCPCT part 1b: generate Responder Cookie secret
   TCPCT part 1c: sysctl_tcp_cookie_size, socket option TCP_COOKIE_TRANSACTIONS

Signed-off-by: William.Allen.Simpson@gmail.com
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-12-02 22:07:25 -08:00
..
netfilter net: use net_eq to compare nets 2009-11-25 15:14:13 -08:00
addrconf.c net: use net_eq to compare nets 2009-11-25 15:14:13 -08:00
addrconf_core.c [IPV6]: ipv6_addr_type() doesn't know about RFC4193 addresses. 2007-07-31 02:28:21 -07:00
addrlabel.c net: replace %p6 with %pI6 2008-10-29 12:52:50 -07:00
af_inet6.c net: check kern before calling security subsystem 2009-11-05 22:18:18 -08:00
ah6.c xfrm: Use the user specified truncation length in ESP and AH 2009-11-25 15:48:41 -08:00
anycast.c ipv6: use RCU to walk list of network devices 2009-11-13 20:38:49 -08:00
datagram.c ipv6: no more dev_put() in datagram_send_ctl() 2009-11-02 03:42:41 -08:00
esp6.c xfrm: Use the user specified truncation length in ESP and AH 2009-11-25 15:48:41 -08:00
exthdrs.c net: constify struct inet6_protocol 2009-09-14 17:03:05 -07:00
exthdrs_core.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
fib6_rules.c net: Remove unused parameter from fill method in fib_rules_ops. 2009-05-20 17:26:23 -07:00
icmp.c net: constify struct inet6_protocol 2009-09-14 17:03:05 -07:00
inet6_connection_sock.c net: IPv6 changes 2009-10-20 18:55:45 -07:00
inet6_hashtables.c inet: rename some inet_sock fields 2009-10-18 18:52:53 -07:00
ip6_fib.c xfrm: select sane defaults for xfrm[4|6] gc_thresh 2009-07-30 18:52:15 -07:00
ip6_flowlabel.c net: use net_eq to compare nets 2009-11-25 15:14:13 -08:00
ip6_input.c net: constify struct inet6_protocol 2009-09-14 17:03:05 -07:00
ip6_output.c ip: Report qdisc packet drops 2009-09-02 18:05:33 -07:00
ip6_tunnel.c net: Simplify ip6_tunnel pernet operations. 2009-12-01 16:15:59 -08:00
ip6mr.c ip6mr: Optimize multiple unregistration 2009-10-29 01:13:53 -07:00
ipcomp6.c net: constify struct inet6_protocol 2009-09-14 17:03:05 -07:00
ipv6_sockglue.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-10-27 01:03:26 -07:00
Kconfig IPv6: Fix 6RD typo 2009-10-07 14:50:30 -07:00
Makefile [IPV6] MROUTE: Support multicast forwarding. 2008-04-05 22:33:38 +09:00
mcast.c ipv6: use RCU to walk list of network devices 2009-11-13 20:38:49 -08:00
mip6.c ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
ndisc.c make TLLAO option for NA packets configurable 2009-10-07 01:10:45 -07:00
netfilter.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
proc.c net: mark read-only arrays as const 2009-08-05 10:42:58 -07:00
protocol.c net: constify struct inet6_protocol 2009-09-14 17:03:05 -07:00
raw.c ipv6: avoid dev_hold()/dev_put() in rawv6_bind() 2009-11-08 00:43:18 -08:00
reassembly.c net: use net_eq to compare nets 2009-11-25 15:14:13 -08:00
route.c IPv6: use ipv6_addr_copy() in ip6_route_redirect() 2009-10-07 13:58:01 -07:00
sit.c net: Simplify ipip6 aka sit pernet operations. 2009-12-01 16:15:59 -08:00
syncookies.c Allow tcp_parse_options to consult dst entry 2009-10-29 01:28:41 -07:00
sysctl_net_ipv6.c inet6: functions shadow global variable 2009-08-02 12:54:30 -07:00
tcp_ipv6.c TCPCT part 1d: define TCP cookie option, extend existing struct's 2009-12-02 22:07:25 -08:00
tunnel6.c net: constify struct inet6_protocol 2009-09-14 17:03:05 -07:00
udp.c IPv6: use ipv6_addr_v4mapped() 2009-11-10 20:54:44 -08:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udplite.c net: drop capability from protocol definitions 2009-11-05 21:40:17 -08:00
xfrm6_input.c netns xfrm: per-netns MIBs 2008-11-25 17:59:52 -08:00
xfrm6_mode_beet.c ipsec: Interfamily IPSec BEET, ipv4-inner ipv6-outer 2008-08-06 02:40:25 -07:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm6_mode_tunnel.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm6_output.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm6_policy.c xfrm6: Fix xfrm6_policy.c build when SYSCTL disabled. 2009-08-04 20:32:16 -07:00
xfrm6_state.c ipv6: fix sparse warning: Using plain integer as NULL pointer 2009-02-21 23:37:10 -08:00
xfrm6_tunnel.c xfrm6_tunnel: RCU conversion 2009-10-24 06:07:57 -07:00