Commit a0f82f64 authored by Florian Westphal's avatar Florian Westphal Committed by David S. Miller

syncookies: remove last_synq_overflow from struct tcp_sock

last_synq_overflow eats 4 or 8 bytes in struct tcp_sock, even
though it is only used when a listening sockets syn queue
is full.

We can (ab)use rx_opt.ts_recent_stamp to store the same information;
it is not used otherwise as long as a socket is in listen state.

Move linger2 around to avoid splitting struct mtu_probe
across cacheline boundary on 32 bit arches.
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7eebb0b2
...@@ -377,7 +377,7 @@ struct tcp_sock { ...@@ -377,7 +377,7 @@ struct tcp_sock {
unsigned int keepalive_time; /* time before keep alive takes place */ unsigned int keepalive_time; /* time before keep alive takes place */
unsigned int keepalive_intvl; /* time interval between keep alive probes */ unsigned int keepalive_intvl; /* time interval between keep alive probes */
unsigned long last_synq_overflow; int linger2;
/* Receiver side RTT estimation */ /* Receiver side RTT estimation */
struct { struct {
...@@ -406,8 +406,6 @@ struct tcp_sock { ...@@ -406,8 +406,6 @@ struct tcp_sock {
/* TCP MD5 Signagure Option information */ /* TCP MD5 Signagure Option information */
struct tcp_md5sig_info *md5sig_info; struct tcp_md5sig_info *md5sig_info;
#endif #endif
int linger2;
}; };
static inline struct tcp_sock *tcp_sk(const struct sock *sk) static inline struct tcp_sock *tcp_sk(const struct sock *sk)
......
...@@ -265,6 +265,19 @@ static inline int tcp_too_many_orphans(struct sock *sk, int num) ...@@ -265,6 +265,19 @@ static inline int tcp_too_many_orphans(struct sock *sk, int num)
atomic_read(&tcp_memory_allocated) > sysctl_tcp_mem[2]); atomic_read(&tcp_memory_allocated) > sysctl_tcp_mem[2]);
} }
/* syncookies: remember time of last synqueue overflow */
static inline void tcp_synq_overflow(struct sock *sk)
{
tcp_sk(sk)->rx_opt.ts_recent_stamp = jiffies;
}
/* syncookies: no recent synqueue overflow on this listening socket? */
static inline int tcp_synq_no_recent_overflow(const struct sock *sk)
{
unsigned long last_overflow = tcp_sk(sk)->rx_opt.ts_recent_stamp;
return time_after(jiffies, last_overflow + TCP_TIMEOUT_INIT);
}
extern struct proto tcp_prot; extern struct proto tcp_prot;
#define TCP_INC_STATS(net, field) SNMP_INC_STATS((net)->mib.tcp_statistics, field) #define TCP_INC_STATS(net, field) SNMP_INC_STATS((net)->mib.tcp_statistics, field)
......
...@@ -161,13 +161,12 @@ static __u16 const msstab[] = { ...@@ -161,13 +161,12 @@ static __u16 const msstab[] = {
*/ */
__u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp) __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp)
{ {
struct tcp_sock *tp = tcp_sk(sk);
const struct iphdr *iph = ip_hdr(skb); const struct iphdr *iph = ip_hdr(skb);
const struct tcphdr *th = tcp_hdr(skb); const struct tcphdr *th = tcp_hdr(skb);
int mssind; int mssind;
const __u16 mss = *mssp; const __u16 mss = *mssp;
tp->last_synq_overflow = jiffies; tcp_synq_overflow(sk);
/* XXX sort msstab[] by probability? Binary search? */ /* XXX sort msstab[] by probability? Binary search? */
for (mssind = 0; mss > msstab[mssind + 1]; mssind++) for (mssind = 0; mss > msstab[mssind + 1]; mssind++)
...@@ -268,7 +267,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, ...@@ -268,7 +267,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
if (!sysctl_tcp_syncookies || !th->ack) if (!sysctl_tcp_syncookies || !th->ack)
goto out; goto out;
if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) || if (tcp_synq_no_recent_overflow(sk) ||
(mss = cookie_check(skb, cookie)) == 0) { (mss = cookie_check(skb, cookie)) == 0) {
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED);
goto out; goto out;
......
...@@ -131,7 +131,7 @@ __u32 cookie_v6_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp) ...@@ -131,7 +131,7 @@ __u32 cookie_v6_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp)
int mssind; int mssind;
const __u16 mss = *mssp; const __u16 mss = *mssp;
tcp_sk(sk)->last_synq_overflow = jiffies; tcp_synq_overflow(sk);
for (mssind = 0; mss > msstab[mssind + 1]; mssind++) for (mssind = 0; mss > msstab[mssind + 1]; mssind++)
; ;
...@@ -175,7 +175,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ...@@ -175,7 +175,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
if (!sysctl_tcp_syncookies || !th->ack) if (!sysctl_tcp_syncookies || !th->ack)
goto out; goto out;
if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) || if (tcp_synq_no_recent_overflow(sk) ||
(mss = cookie_check(skb, cookie)) == 0) { (mss = cookie_check(skb, cookie)) == 0) {
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED);
goto out; goto out;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment