tcp: add tcp_syncookies mode to allow unconditionally generation of syncookies | If you want to test which effects syncookies have to your | network connections you can set this knob to 2 to enable | unconditionally generation of syncookies. Original idea and first implementation by Eric Dumazet. Cc: Florian Westphal <fw@strlen.de> Cc: David Miller <davem@davemloft.net> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 5ad37d5deee1ff7150a2d0602370101de158ad86 [log] [tgz]
author: Hannes Frederic Sowa <hannes@stressinduktion.org> Fri Jul 26 17:43:23 2013 +0200
committer: David S. Miller <davem@davemloft.net> Tue Jul 30 16:15:18 2013 -0700
tree: 602cac8fe98e0911753b7ff0485756962c2d232a
parent: dcfd8d5830f8cc9062eb7040f455c034e8d160e6 [diff] [blame]
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index b792e87..38c196c 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c

@@ -963,7 +963,8 @@
 	if (!ipv6_unicast_destination(skb))
 		goto drop;
 
-	if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
+	if ((sysctl_tcp_syncookies == 2 ||
+	     inet_csk_reqsk_queue_is_full(sk)) && !isn) {
 		want_cookie = tcp_syn_flood_action(sk, skb, "TCPv6");
 		if (!want_cookie)
 			goto drop;
commit	5ad37d5deee1ff7150a2d0602370101de158ad86	[log] [tgz]
author	Hannes Frederic Sowa <hannes@stressinduktion.org>	Fri Jul 26 17:43:23 2013 +0200
committer	David S. Miller <davem@davemloft.net>	Tue Jul 30 16:15:18 2013 -0700
tree	602cac8fe98e0911753b7ff0485756962c2d232a
parent	dcfd8d5830f8cc9062eb7040f455c034e8d160e6 [diff] [blame]