public inbox for
help / color / mirror / Atom feed
* [newlib-cygwin] pf: syncookie support
@ 2022-07-11 11:54 Sebastian Huber
  0 siblings, 0 replies; only message in thread
From: Sebastian Huber @ 2022-07-11 11:54 UTC (permalink / raw)
  To: newlib-cvs;h=5260d10c985fd87e1d1aaed3c437cf272af024e0

commit 5260d10c985fd87e1d1aaed3c437cf272af024e0
Author: Kristof Provost <>
Date:   Thu May 20 11:54:41 2021 +0200

    pf: syncookie support
    Import OpenBSD's syncookie support for pf. This feature help pf resist
    TCP SYN floods by only creating states once the remote host completes
    the TCP handshake rather than when the initial SYN packet is received.
    This is accomplished by using the initial sequence numbers to encode a
    cookie (hence the name) in the SYN+ACK response and verifying this on
    receipt of the client ACK.
    Reviewed by:    kbowling
    Obtained from:  OpenBSD
    MFC after:      1 week
    Sponsored by:   Modirum MDPay
    Differential Revision:

 newlib/libc/sys/rtems/include/netinet/tcp.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/newlib/libc/sys/rtems/include/netinet/tcp.h b/newlib/libc/sys/rtems/include/netinet/tcp.h
index 45bece9fa..a79dbeaad 100644
--- a/newlib/libc/sys/rtems/include/netinet/tcp.h
+++ b/newlib/libc/sys/rtems/include/netinet/tcp.h
@@ -105,6 +105,8 @@ struct tcphdr {
 #define	TCPOPT_FAST_OPEN	34
+#define	MAX_TCPOPTLEN		40	/* Absolute maximum TCP options len */
 /* Miscellaneous constants */
 #define	MAX_SACK_BLKS	6	/* Max # SACK blocks stored at receiver side */
 #define	TCP_MAX_SACK	4	/* MAX # SACKs sent in any segment */

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-07-11 11:54 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-11 11:54 [newlib-cygwin] pf: syncookie support Sebastian Huber

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).