On Mon, May 4, 2015 at 12:34 AM, Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: > From: Eric Dumazet <edumazet@xxxxxxxxxx> > > This patch allows a server application to get the TCP SYN headers for > its passive connections. This is useful if the server is doing > fingerprinting of clients based on SYN packet contents. > > Two socket options are added: TCP_SAVE_SYN and TCP_SAVED_SYN. > > The first is used on a socket to enable saving the SYN headers > for child connections. This can be set before or after the listen() > call. > > The latter is used to retrieve the SYN headers for passive connections, > if the parent listener has enabled TCP_SAVE_SYN. > > TCP_SAVED_SYN is read once, it frees the saved SYN headers. > > The data returned in TCP_SAVED_SYN are network (IPv4/IPv6) and TCP > headers. > > Original patch was written by Tom Herbert, I changed it to not hold > a full skb (and associated dst and conntracking reference). > > We have used such patch for about 3 years at Google. > > Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> > --- Acked-by: Neal Cardwell <ncardwell@xxxxxxxxxx> Tested-by: Neal Cardwell <ncardwell@xxxxxxxxxx> The code looks good to me, and I re-ran the test I wrote (and which I see Eric posted), and double-checked that it passes on net-next with this patch applied. Personally I like the socket option names from this patch. TCP_SAVE_SYN means "Please save SYN headers for child sockets of this listener". And TCP_SAVED_SYN means "Please give me the saved SYN for this accepted child." Thanks, Eric! neal -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
