diff options
author | jlemon <jlemon@FreeBSD.org> | 2001-11-22 04:50:44 +0000 |
---|---|---|
committer | jlemon <jlemon@FreeBSD.org> | 2001-11-22 04:50:44 +0000 |
commit | a3c1c9fdb4ec0da65e5e02c396bbd5bb22a16c8b (patch) | |
tree | 7e69286bc240807dcaf2ce9e68a4bb59848d76df /sys/netinet/in_pcb.h | |
parent | 7e4737a17a89fe0f71b6b62c33f5cb8b254ddbd8 (diff) | |
download | FreeBSD-src-a3c1c9fdb4ec0da65e5e02c396bbd5bb22a16c8b.zip FreeBSD-src-a3c1c9fdb4ec0da65e5e02c396bbd5bb22a16c8b.tar.gz |
Introduce a syncache, which enables FreeBSD to withstand a SYN flood
DoS in an improved fashion over the existing code.
Reviewed by: silby (in a previous iteration)
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/netinet/in_pcb.h')
-rw-r--r-- | sys/netinet/in_pcb.h | 89 |
1 files changed, 62 insertions, 27 deletions
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 8423462..eb1ac3d 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -39,7 +39,6 @@ #include <sys/queue.h> - #include <netinet6/ipsec.h> /* for IPSEC */ #define in6pcb inpcb /* for KAME src sync over BSD*'s */ @@ -67,6 +66,58 @@ struct in_addr_4in6 { }; /* + * NOTE: ipv6 addrs should be 64-bit aligned, per RFC 2553. + * in_conninfo has some extra padding to accomplish this. + */ +struct in_endpoints { + u_int16_t ie_fport; /* foreign port */ + u_int16_t ie_lport; /* local port */ + /* protocol dependent part, local and foreign addr */ + union { + /* foreign host table entry */ + struct in_addr_4in6 ie46_foreign; + struct in6_addr ie6_foreign; + } ie_dependfaddr; + union { + /* local host table entry */ + struct in_addr_4in6 ie46_local; + struct in6_addr ie6_local; + } ie_dependladdr; +#define ie_faddr ie_dependfaddr.ie46_foreign.ia46_addr4 +#define ie_laddr ie_dependladdr.ie46_local.ia46_addr4 +#define ie6_faddr ie_dependfaddr.ie6_foreign +#define ie6_laddr ie_dependladdr.ie6_local +}; + +/* + * XXX + * At some point struct route should possibly change to: + * struct rtentry *rt + * struct in_endpoints *ie; + */ +struct in_conninfo { + u_int8_t inc_flags; + u_int8_t inc_len; + u_int16_t inc_pad; /* XXX alignment for in_endpoints */ + /* protocol dependent part; cached route */ + struct in_endpoints inc_ie; + union { + /* placeholder for routing entry */ + struct route inc4_route; + struct route_in6 inc6_route; + } inc_dependroute; +}; +#define inc_isipv6 inc_flags /* temp compatability */ +#define inc_fport inc_ie.ie_fport +#define inc_lport inc_ie.ie_lport +#define inc_faddr inc_ie.ie_faddr +#define inc_laddr inc_ie.ie_laddr +#define inc_route inc_dependroute.inc4_route +#define inc6_faddr inc_ie.ie6_faddr +#define inc6_laddr inc_ie.ie6_laddr +#define inc6_route inc_dependroute.inc6_route + +/* * NB: the zone allocator is type-stable EXCEPT FOR THE FIRST TWO LONGS * of the structure. Therefore, it is important that the members in * that position not contain any information which is required to be @@ -76,22 +127,11 @@ struct icmp6_filter; struct inpcb { LIST_ENTRY(inpcb) inp_hash; /* hash list */ - u_short inp_fport; /* foreign port */ - u_short inp_lport; /* local port */ LIST_ENTRY(inpcb) inp_list; /* list for all PCBs of this proto */ u_int32_t inp_flow; - /* protocol dependent part, local and foreign addr */ - union { - /* foreign host table entry */ - struct in_addr_4in6 inp46_foreign; - struct in6_addr inp6_foreign; - } inp_dependfaddr; - union { - /* local host table entry */ - struct in_addr_4in6 inp46_local; - struct in6_addr inp6_local; - } inp_dependladdr; + /* local and foreign ports, local and foreign addr */ + struct in_conninfo inp_inc; caddr_t inp_ppcb; /* pointer to per-protocol pcb */ struct inpcbinfo *inp_pcbinfo; /* PCB list info */ @@ -99,13 +139,6 @@ struct inpcb { /* list for this PCB's local port */ int inp_flags; /* generic IP/datagram flags */ - /* protocol dependent part; cached route */ - union { - /* placeholder for routing entry */ - struct route inp4_route; - struct route_in6 inp6_route; - } inp_dependroute; - struct inpcbpolicy *inp_sp; /* for IPSEC */ u_char inp_vflag; #define INP_IPV4 0x1 @@ -119,9 +152,11 @@ struct inpcb { struct mbuf *inp4_options; /* IP options */ struct ip_moptions *inp4_moptions; /* IP multicast options */ } inp_depend4; -#define inp_faddr inp_dependfaddr.inp46_foreign.ia46_addr4 -#define inp_laddr inp_dependladdr.inp46_local.ia46_addr4 -#define inp_route inp_dependroute.inp4_route +#define inp_fport inp_inc.inc_fport +#define inp_lport inp_inc.inc_lport +#define inp_faddr inp_inc.inc_faddr +#define inp_laddr inp_inc.inc_laddr +#define inp_route inp_inc.inc_route #define inp_ip_tos inp_depend4.inp4_ip_tos #define inp_options inp_depend4.inp4_options #define inp_moptions inp_depend4.inp4_moptions @@ -143,9 +178,9 @@ struct inpcb { LIST_ENTRY(inpcb) inp_portlist; struct inpcbport *inp_phd; /* head of this list */ inp_gen_t inp_gencnt; /* generation count of this instance */ -#define in6p_faddr inp_dependfaddr.inp6_foreign -#define in6p_laddr inp_dependladdr.inp6_local -#define in6p_route inp_dependroute.inp6_route +#define in6p_faddr inp_inc.inc6_faddr +#define in6p_laddr inp_inc.inc6_laddr +#define in6p_route inp_inc.inc6_route #define in6p_ip6_hlim inp_depend6.inp6_hlim #define in6p_hops inp_depend6.inp6_hops /* default hop limit */ #define in6p_ip6_nxt inp_ip_p |