diff options
author | Florian Westphal <fw@strlen.de> | 2008-03-23 22:21:28 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-03-23 22:21:28 -0700 |
commit | 2051f11fb86b0056fec440fe7e9fa8370d60a5c6 (patch) | |
tree | e93befbb8fb6590994b51aa213bf9596c0070bc1 /net/ipv4/syncookies.c | |
parent | 310afe86af8ddd96a06b75aa61ef1af233f80e89 (diff) | |
download | linux-2051f11fb86b0056fec440fe7e9fa8370d60a5c6.tar.gz linux-2051f11fb86b0056fec440fe7e9fa8370d60a5c6.tar.bz2 linux-2051f11fb86b0056fec440fe7e9fa8370d60a5c6.zip |
[TCP]: Shrink syncookie_secret by 8 byte.
the first u32 copied from syncookie_secret is overwritten by the
minute-counter four lines below. After adjusting the destination
address, the size of syncookie_secret can be reduced accordingly.
AFAICS, the only other user of syncookie_secret[] is the ipv6
syncookie support. Because ipv6 syncookies only grab 44 bytes from
syncookie_secret[], this shouldn't affect them in any way.
With fixes from Glenn Griffin.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Glenn Griffin <ggriffin.kernel@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/syncookies.c')
-rw-r--r-- | net/ipv4/syncookies.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 4704f27f6c0b..abc752d45cf7 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c @@ -21,7 +21,7 @@ extern int sysctl_tcp_syncookies; -__u32 syncookie_secret[2][16-3+SHA_DIGEST_WORDS]; +__u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS]; EXPORT_SYMBOL(syncookie_secret); static __init int init_syncookies(void) @@ -41,7 +41,7 @@ static u32 cookie_hash(__be32 saddr, __be32 daddr, __be16 sport, __be16 dport, { __u32 *tmp = __get_cpu_var(cookie_scratch); - memcpy(tmp + 3, syncookie_secret[c], sizeof(syncookie_secret[c])); + memcpy(tmp + 4, syncookie_secret[c], sizeof(syncookie_secret[c])); tmp[0] = (__force u32)saddr; tmp[1] = (__force u32)daddr; tmp[2] = ((__force u32)sport << 16) + (__force u32)dport; |