diff options
author | Florian Westphal <fw@strlen.de> | 2014-10-30 02:55:38 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-10-30 16:53:39 -0400 |
commit | 646697b9e3fef913bb6393ebfb6115c442a96be7 (patch) | |
tree | baa2ad2fb7b968b1fec4f11d59949160f93938de /net/ipv6 | |
parent | f5fbf115691c350f88bae103f629503e201a7bff (diff) | |
download | op-kernel-dev-646697b9e3fef913bb6393ebfb6115c442a96be7.zip op-kernel-dev-646697b9e3fef913bb6393ebfb6115c442a96be7.tar.gz |
syncookies: only increment SYNCOOKIESFAILED on validation error
Only count packets that failed cookie-authentication.
We can get SYNCOOKIESFAILED > 0 while we never even sent a single cookie.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/syncookies.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 0e26e79..be291ba 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c @@ -171,8 +171,11 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) if (!sysctl_tcp_syncookies || !th->ack || th->rst) goto out; - if (tcp_synq_no_recent_overflow(sk) || - (mss = __cookie_v6_check(ipv6_hdr(skb), th, cookie)) == 0) { + if (tcp_synq_no_recent_overflow(sk)) + goto out; + + mss = __cookie_v6_check(ipv6_hdr(skb), th, cookie); + if (mss == 0) { NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); goto out; } |