Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/pf/pf_syncookies.c
Show First 20 Lines • Show All 294 Lines • ▼ Show 20 Lines | |||||
{ | { | ||||
uint16_t mss; | uint16_t mss; | ||||
uint32_t iss; | uint32_t iss; | ||||
mss = max(V_tcp_mssdflt, pf_get_mss(m, off, pd->hdr.tcp.th_off, pd->af)); | mss = max(V_tcp_mssdflt, pf_get_mss(m, off, pd->hdr.tcp.th_off, pd->af)); | ||||
iss = pf_syncookie_generate(m, off, pd, mss); | iss = pf_syncookie_generate(m, off, pd, mss); | ||||
pf_send_tcp(NULL, pd->af, pd->dst, pd->src, *pd->dport, *pd->sport, | pf_send_tcp(NULL, pd->af, pd->dst, pd->src, *pd->dport, *pd->sport, | ||||
iss, ntohl(pd->hdr.tcp.th_seq) + 1, TH_SYN|TH_ACK, 0, mss, | iss, ntohl(pd->hdr.tcp.th_seq) + 1, TH_SYN|TH_ACK, 0, mss, | ||||
0, 1, 0); | 0, 1, 0, pd->act.rtableid); | ||||
counter_u64_add(V_pf_status.lcounters[KLCNT_SYNCOOKIES_SENT], 1); | counter_u64_add(V_pf_status.lcounters[KLCNT_SYNCOOKIES_SENT], 1); | ||||
/* XXX Maybe only in adaptive mode? */ | /* XXX Maybe only in adaptive mode? */ | ||||
atomic_add_64(&V_pf_status.syncookies_inflight[V_pf_syncookie_status.oddeven], | atomic_add_64(&V_pf_status.syncookies_inflight[V_pf_syncookie_status.oddeven], | ||||
1); | 1); | ||||
} | } | ||||
bool | bool | ||||
pf_syncookie_check(struct pf_pdesc *pd) | pf_syncookie_check(struct pf_pdesc *pd) | ||||
▲ Show 20 Lines • Show All 202 Lines • ▼ Show 20 Lines | if (cookie.flags.mss_idx >= nitems(pf_syncookie_msstab) || | ||||
cookie.flags.wscale_idx >= nitems(pf_syncookie_wstab)) | cookie.flags.wscale_idx >= nitems(pf_syncookie_wstab)) | ||||
return (NULL); | return (NULL); | ||||
mss = pf_syncookie_msstab[cookie.flags.mss_idx]; | mss = pf_syncookie_msstab[cookie.flags.mss_idx]; | ||||
wscale = pf_syncookie_wstab[cookie.flags.wscale_idx]; | wscale = pf_syncookie_wstab[cookie.flags.wscale_idx]; | ||||
return (pf_build_tcp(NULL, pd->af, pd->src, pd->dst, *pd->sport, | return (pf_build_tcp(NULL, pd->af, pd->src, pd->dst, *pd->sport, | ||||
*pd->dport, seq, 0, TH_SYN, wscale, mss, ttl, 0, | *pd->dport, seq, 0, TH_SYN, wscale, mss, ttl, 0, | ||||
PF_TAG_SYNCOOKIE_RECREATED)); | PF_TAG_SYNCOOKIE_RECREATED, pd->act.rtableid)); | ||||
} | } |