From: Eric Dumazet Date: Thu, 20 Mar 2014 04:02:21 +0000 (-0700) Subject: tcp: syncookies: do not use getnstimeofday() X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=632623153196bf183a69686ed9c07eee98ff1bf8;p=openwrt%2Fstaging%2Fblogic.git tcp: syncookies: do not use getnstimeofday() While it is true that getnstimeofday() uses about 40 cycles if TSC is available, it can use 1600 cycles if hpet is the clocksource. Switch to get_jiffies_64(), as this is more than enough, and go back to 60 seconds periods. Fixes: 8c27bd75f04f ("tcp: syncookies: reduce cookie lifetime to 128 seconds") Signed-off-by: Eric Dumazet Cc: Florian Westphal Acked-by: Florian Westphal Signed-off-by: David S. Miller --- diff --git a/include/net/tcp.h b/include/net/tcp.h index 8c4dd63134d4..743accec6c76 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -480,20 +480,21 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, #ifdef CONFIG_SYN_COOKIES #include -/* Syncookies use a monotonic timer which increments every 64 seconds. +/* Syncookies use a monotonic timer which increments every 60 seconds. * This counter is used both as a hash input and partially encoded into * the cookie value. A cookie is only validated further if the delta * between the current counter value and the encoded one is less than this, - * i.e. a sent cookie is valid only at most for 128 seconds (or less if + * i.e. a sent cookie is valid only at most for 2*60 seconds (or less if * the counter advances immediately after a cookie is generated). */ #define MAX_SYNCOOKIE_AGE 2 static inline u32 tcp_cookie_time(void) { - struct timespec now; - getnstimeofday(&now); - return now.tv_sec >> 6; /* 64 seconds granularity */ + u64 val = get_jiffies_64(); + + do_div(val, 60 * HZ); + return val; } u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th,