On Friday 25 April 2003 18.16, Gianni Tedesco wrote:
> can you describe briefly how it works from userspace perspective? I
> don't think there is enough context in the patch to make it obvious
> for a kernel llama like me ;)
How I think it works from reading the patch.
1. You do a setsockopt( TCP_CONFIRM_CONNECT, 1) on the listenting
socket to request accept/reject operation.
2. The sockets are created on SYN and sent to accept().
3a. If the appplication chooses to reject the connection then it only
has to close the returned socket and a RST will be sent.
3b. If the application chooses to accept the connection then SYN+ACK
is sent and enabled for the connection. How the application chooses
to accept a connection is a bit muddled to me, but I think it is done
by trying to write to the socket (0 byte write seems to be ok). This
part needs some further explanation I think.
If in DoS prevention mode (syn cookies) then it falls back on delayed
socket creation as usual.
The patch looks quite nice, and is much less intrusive then I expected
this kind of thing to be in the Linux kernel.
Regards
Henrik
Received on Fri Apr 25 2003 - 11:44:52 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:42 MST