Ensure that when the sysctl-variable net.inet.tcp.syncookies_only is non zero, SYN-cookies are sent and no SYN-cache entry is added to the SYN-cache. In particular, this behavior should not depend on the value of the sysctl-variable net.inet.tcp.syncookies, which controls whether SYN cookies are used in combination with the SYN-cache to deal with bucket overflows.
Also ensure that tcps_sc_completed does not include TCP connections established via a SYN-cookie.
While there, make V_tcp_syncookies and V_tcp_syncookiesonly bool instead of int, since they are used as boolean variables.
Details
- Reviewers
glebius rrs rscheff cc peter.lei_ieee.org lstewart nickbanks_netflix.com jtl - Group Reviewers
transport - Commits
- rG7b57f2513361: tcp: improve sending of SYN-cookies
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
Make V_tcp_syncookies and V_tcp_syncookiesonly bool instead of int, since they are used as boolean variables.
Maybe also put an updated syncookies(4) man page update into this diff. Currently, that man page is not really clear on the distinctions between sysctl net.inet.tcp.syncookies and sysctl net.inet.tcp.syncookies_only. (the _only is mentioned, but not the relationship between syncache, syncookie and syncookie_only ).
Ah, good. I think that is good enough; no need to specifically mention that syncookies_only is no longer dependent on syncookies to function.
Looks good to me. I only have two minor suggestions.
sys/netinet/tcp_syncache.c | ||
---|---|---|
556–557 | Makes more sense, as if V_tcp_syncookiesonly == true, the value of V_tcp_syncookies does not bother. | |
1092 | I would add syncache only case: in the comment for readability and convenience. | |
1108 | I would add syncache && syncookie case: in the comment for readability and convenience. |