diff options
author | attilio <attilio@FreeBSD.org> | 2011-04-25 17:13:40 +0000 |
---|---|---|
committer | attilio <attilio@FreeBSD.org> | 2011-04-25 17:13:40 +0000 |
commit | 2e19c21f223f834300d9e8b7fc46636902205453 (patch) | |
tree | a9b2378f15a6b24078acade80e7136f7779e5dbb /sys/netinet/tcp_var.h | |
parent | 99f9647714747def6d98acca6bfe0f865c0d2f1c (diff) | |
download | FreeBSD-src-2e19c21f223f834300d9e8b7fc46636902205453.zip FreeBSD-src-2e19c21f223f834300d9e8b7fc46636902205453.tar.gz |
Add the possibility to verify MD5 hash of incoming TCP packets.
As long as this is a costy function, even when compiled in (along with
the option TCP_SIGNATURE), it can be disabled via the
net.inet.tcp.signature_verify_input sysctl.
Sponsored by: Sandvine Incorporated
Reviewed by: emaste, bz
MFC after: 2 weeks
Diffstat (limited to 'sys/netinet/tcp_var.h')
-rw-r--r-- | sys/netinet/tcp_var.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index e265057..5d92d87 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -485,6 +485,13 @@ struct tcpstat { u_long tcps_ecn_shs; /* ECN successful handshakes */ u_long tcps_ecn_rcwnd; /* # times ECN reduced the cwnd */ + /* TCP_SIGNATURE related stats */ + u_long tcps_sig_rcvgoodsig; /* Total matching signature received */ + u_long tcps_sig_rcvbadsig; /* Total bad signature received */ + u_long tcps_sig_err_buildsig; /* Mismatching signature received */ + u_long tcps_sig_err_sigopt; /* No signature expected by socket */ + u_long tcps_sig_err_nosigopt; /* No signature provided by segment */ + u_long _pad[12]; /* 6 UTO, 6 TBD */ }; @@ -684,6 +691,8 @@ int tcp_twrespond(struct tcptw *, int); void tcp_setpersist(struct tcpcb *); #ifdef TCP_SIGNATURE int tcp_signature_compute(struct mbuf *, int, int, int, u_char *, u_int); +int tcp_signature_verify(struct mbuf *, int, int, int, struct tcpopt *, + struct tcphdr *, u_int); #endif void tcp_slowtimo(void); struct tcptemp * |