netfilter: add SYNPROXY core/target (48b1de4c) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_torvalds_linux · GitLab

Commit 48b1de4c authored Aug 27, 2013 by

Patrick McHardy Committed by Pablo Neira Ayuso Aug 28, 2013

netfilter: add SYNPROXY core/target



Add a SYNPROXY for netfilter. The code is split into two parts, the synproxy
core with common functions and an address family specific target.

The SYNPROXY receives the connection request from the client, responds with
a SYN/ACK containing a SYN cookie and announcing a zero window and checks
whether the final ACK from the client contains a valid cookie.

It then establishes a connection to the original destination and, if
successful, sends a window update to the client with the window size
announced by the server.

Support for timestamps, SACK, window scaling and MSS options can be
statically configured as target parameters if the features of the server
are known. If timestamps are used, the timestamp value sent back to
the client in the SYN/ACK will be different from the real timestamp of
the server. In order to now break PAWS, the timestamps are translated in
the direction server->client.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Tested-by: Martin Topholm <mph@one.com>
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 0198230b

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit b83329fb
· Jul 23, 2019

mentioned in commit b83329fb

mentioned in commit b83329fb473f29d34d85d642e3a3313bb2871fa9

Toggle commit list
mirror @mirror
mentioned in commit e971ceb8
· Jul 23, 2019

mentioned in commit e971ceb8

mentioned in commit e971ceb803e147e47c15cbb7c5b84327c6453786

Toggle commit list

Please register or to comment