tcp: add tcp_syncookies mode to allow unconditionally generation of syncookies

| If you want to test which effects syncookies have to your | network connections you can set this knob to 2 to enable | unconditionally generation of syncookies. Original idea and first implementation by Eric Dumazet. Cc: Florian Westphal <fw@strlen.de> Cc: David Miller <davem@davemloft.net> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Hannes Frederic Sowa <hannes@stressinduktion.org> 2013-07-26 17:43:23 +0200
committer: David S. Miller <davem@davemloft.net> 2013-07-30 16:15:18 -0700
commit: 5ad37d5deee1ff7150a2d0602370101de158ad86 (patch)
tree: 602cac8fe98e0911753b7ff0485756962c2d232a /net/ipv6
parent: dcfd8d5830f8cc9062eb7040f455c034e8d160e6 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index b792e870686..38c196ca601 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -963,7 +963,8 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
 	if (!ipv6_unicast_destination(skb))
 		goto drop;
 
-	if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
+	if ((sysctl_tcp_syncookies == 2 ||
+	     inet_csk_reqsk_queue_is_full(sk)) && !isn) {
 		want_cookie = tcp_syn_flood_action(sk, skb, "TCPv6");
 		if (!want_cookie)
 			goto drop;
author	Hannes Frederic Sowa <hannes@stressinduktion.org>	2013-07-26 17:43:23 +0200
committer	David S. Miller <davem@davemloft.net>	2013-07-30 16:15:18 -0700
commit	5ad37d5deee1ff7150a2d0602370101de158ad86 (patch)
tree	602cac8fe98e0911753b7ff0485756962c2d232a /net/ipv6
parent	dcfd8d5830f8cc9062eb7040f455c034e8d160e6 (diff)