Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

tcp: cleanup tcp_v[46]_inbound_md5_hash()

We'll soon have to call tcp_v[46]_inbound_md5_hash() twice.
Also add const attribute to the socket, as it might be the
unlocked listener for SYN packets.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet 10 years ago
parent
b267cdd107
commit
ba8e275a45
2 changed files with 12 additions and 14 deletions
Unified View Show Diff Stats
  1. 6 10
      net/ipv4/tcp_ipv4.c
  2. 6 4
      net/ipv6/tcp_ipv6.c

+ 6 - 10
net/ipv4/tcp_ipv4.c
View File 

@@ -1112,10 +1112,13 @@ clear_hash_noput:
 
 }
 
 }
 
 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
 
 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
 
 
 
+#endif
 
+
 
 /* Called with rcu_read_lock() */
 
 /* Called with rcu_read_lock() */
 
-static bool tcp_v4_inbound_md5_hash(struct sock *sk,
 
+static bool tcp_v4_inbound_md5_hash(const struct sock *sk,
 
 				    const struct sk_buff *skb)
 
 				    const struct sk_buff *skb)
 
 {
 
 {
 
+#ifdef CONFIG_TCP_MD5SIG
 
 	/*
 
 	/*
 
 	 * This gets called for each TCP segment that arrives
 
 	 * This gets called for each TCP segment that arrives
 
 	 * so we want to be efficient.
 
 	 * so we want to be efficient.
 
@@ -1165,8 +1168,9 @@ static bool tcp_v4_inbound_md5_hash(struct sock *sk,
 
 		return true;
 
 		return true;
 
 	}
 
 	}
 
 	return false;
 
 	return false;
 
-}
 
 #endif
 
 #endif
 
+	return false;
 
+}
 
 
 
 static void tcp_v4_init_req(struct request_sock *req,
 
 static void tcp_v4_init_req(struct request_sock *req,
 
 			    const struct sock *sk_listener,
 
 			    const struct sock *sk_listener,
 
@@ -1607,16 +1611,8 @@ process:
 
 	if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
 
 	if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
 
 		goto discard_and_relse;
 
 		goto discard_and_relse;
 
 
 
-#ifdef CONFIG_TCP_MD5SIG
 
-	/*
 
-	 * We really want to reject the packet as early as possible
 
-	 * if:
 
-	 *  o We're expecting an MD5'd packet and this is no MD5 tcp option
 
-	 *  o There is an MD5 option and we're not expecting one
 
-	 */
 
 	if (tcp_v4_inbound_md5_hash(sk, skb))
 
 	if (tcp_v4_inbound_md5_hash(sk, skb))
 
 		goto discard_and_relse;
 
 		goto discard_and_relse;
 
-#endif
 
 
 
 	nf_reset(skb);
 
 	nf_reset(skb);

+ 6 - 4
net/ipv6/tcp_ipv6.c
View File 

@@ -622,8 +622,12 @@ clear_hash_noput:
 
 	return 1;
 
 	return 1;
 
 }
 
 }
 
 
 
-static bool tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
 
+#endif
 
+
 
+static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
 
+				    const struct sk_buff *skb)
 
 {
 
 {
 
+#ifdef CONFIG_TCP_MD5SIG
 
 	const __u8 *hash_location = NULL;
 
 	const __u8 *hash_location = NULL;
 
 	struct tcp_md5sig_key *hash_expected;
 
 	struct tcp_md5sig_key *hash_expected;
 
 	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
 
 	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
 
@@ -660,9 +664,9 @@ static bool tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
 
 				     &ip6h->daddr, ntohs(th->dest));
 
 				     &ip6h->daddr, ntohs(th->dest));
 
 		return true;
 
 		return true;
 
 	}
 
 	}
 
+#endif
 
 	return false;
 
 	return false;
 
 }
 
 }
 
-#endif
 
 
 
 static void tcp_v6_init_req(struct request_sock *req,
 
 static void tcp_v6_init_req(struct request_sock *req,
 
 			    const struct sock *sk_listener,
 
 			    const struct sock *sk_listener,
 
@@ -1408,10 +1412,8 @@ process:
 
 
 
 	tcp_v6_fill_cb(skb, hdr, th);
 
 	tcp_v6_fill_cb(skb, hdr, th);
 
 
 
-#ifdef CONFIG_TCP_MD5SIG
 
 	if (tcp_v6_inbound_md5_hash(sk, skb))
 
 	if (tcp_v6_inbound_md5_hash(sk, skb))
 
 		goto discard_and_relse;
 
 		goto discard_and_relse;
 
-#endif
 
 
 
 	if (sk_filter(sk, skb))
 
 	if (sk_filter(sk, skb))
 
 		goto discard_and_relse;
 
 		goto discard_and_relse;