diff options
| author | Florian Westphal <fw@strlen.de> | 2013-09-20 20:32:55 (GMT) |
|---|---|---|
| committer | Jiri Slaby <jslaby@suse.cz> | 2014-03-14 22:00:54 (GMT) |
| commit | 6c17205526423c520d8a708d4dbcecbdfe7e9f72 (patch) | |
| tree | e71f5400a38bf2fdd80da71abfb7067ee8fa4c1a /lib/locking-selftest-wlock.h | |
| parent | 5516d3fa4670849e446c81ddd4c00f0fd09f1173 (diff) | |
| download | linux-fsl-qoriq-6c17205526423c520d8a708d4dbcecbdfe7e9f72.tar.xz | |
tcp: syncookies: reduce cookie lifetime to 128 seconds
commit 8c27bd75f04fb9cb70c69c3cfe24f4e6d8e15906 upstream.
We currently accept cookies that were created less than 4 minutes ago
(ie, cookies with counter delta 0-3). Combined with the 8 mss table
values, this yields 32 possible values (out of 2**32) that will be valid.
Reducing the lifetime to < 2 minutes halves the guessing chance while
still providing a large enough period.
While at it, get rid of jiffies value -- they overflow too quickly on
32 bit platforms.
getnstimeofday is used to create a counter that increments every 64s.
perf shows getnstimeofday cost is negible compared to sha_transform;
normal tcp initial sequence number generation uses getnstimeofday, too.
Reported-by: Jakob Lell <jakob@jakoblell.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Diffstat (limited to 'lib/locking-selftest-wlock.h')
0 files changed, 0 insertions, 0 deletions