- 论坛徽章:
- 0
|
原理
就是用我的new_secure_tcp_syn_cookie()替代原来的secure_tcp_syn_cookie()来产生
cookie,并且也用它来检测ack包.
不知道我的算法是否有重大的安全问题?如果密码比较容易被猜测出来的话,我们可以选择缩短更新密码时间...
//Hank
static __u32 new_secure_tcp_syn_cookie(__be32 saddr, __be32 daddr, __be16 sport, __be16 dport, __u32 sseq)
{
__u32 isn;
//printk("in new_secure_tcp_syn_cookie, saddr=%u, daddr=%u, sport=%u, dport=%u, sseq=%u\n", saddr, daddr, sport, dport, sseq);
isn=new_syncookie_secret[*(unsigned char *)&saddr];
//printk("isn=%u saddr0=%d ", isn, *(unsigned char *)&saddr);
isn=isn ^ new_syncookie_secret[*((unsigned char *)&saddr+1) ^ *(unsigned char *)&isn];
//printk("%u saddr1=%d ", isn, *((unsigned char *)&saddr+1));
isn=isn ^ new_syncookie_secret[*((unsigned char *)&saddr+2) ^ *(unsigned char *)&isn];
//printk("%u saddr2=%d ", isn, *((unsigned char *)&saddr+2));
isn=isn ^ new_syncookie_secret[*((unsigned char *)&saddr+3) ^ *(unsigned char *)&isn];
//printk("%u saddr3=%d ", isn, *((unsigned char *)&saddr+3));
isn=isn ^ new_syncookie_secret[*(unsigned char *)&daddr ^ *(unsigned char *)&isn];
//printk("%u daddr0=%d ", isn, *(unsigned char *)&daddr);
isn=isn ^ new_syncookie_secret[*((unsigned char *)&daddr+1) ^ *(unsigned char *)&isn];
//printk("%u daddr1=%d ", isn, *((unsigned char *)&daddr+1));
isn=isn ^ new_syncookie_secret[*((unsigned char *)&daddr+2) ^ *(unsigned char *)&isn];
//printk("%u daddr2=%d ", isn, *((unsigned char *)&daddr+2));
isn=isn ^ new_syncookie_secret[*((unsigned char *)&daddr+3) ^ *(unsigned char *)&isn];
//printk("%u daddr3=%d ", isn, *((unsigned char *)&daddr+3));
isn=isn ^ new_syncookie_secret[*(unsigned char *)&sport ^ *(unsigned char *)&isn];
//printk("%u sport0=%d ", isn, *(unsigned char *)&sport);
isn=isn ^ new_syncookie_secret[*((unsigned char *)&sport+1) ^ *(unsigned char *)&isn];
//printk("%u sport1=%d ", isn, *((unsigned char *)&sport+1));
isn=isn ^ new_syncookie_secret[*(unsigned char *)&dport ^ *(unsigned char *)&isn];
//printk("%u dport0=%d ", isn, *(unsigned char *)&dport);
isn=isn ^ new_syncookie_secret[*((unsigned char *)&dport+1) ^ *(unsigned char *)&isn];
//printk("%u dport1=%d ", isn, *((unsigned char *)&dport+1));
isn=isn ^ new_syncookie_secret[*(unsigned char *)&sseq ^ *(unsigned char *)&isn];
//printk("%u sseq0=%d ", isn, *(unsigned char *)&sseq);
isn=isn ^ new_syncookie_secret[*((unsigned char *)&sseq+1) ^ *(unsigned char *)&isn];
//printk("%u sseq1=%d ", isn, *((unsigned char *)&sseq+1));
isn=isn ^ new_syncookie_secret[*((unsigned char *)&sseq+2) ^ *(unsigned char *)&isn];
//printk("%u sseq2=%d ", isn, *((unsigned char *)&sseq+2));
isn=isn ^ new_syncookie_secret[*((unsigned char *)&sseq+3) ^ *(unsigned char *)&isn];
//printk("%u sseq3=%d\n", isn, *((unsigned char *)&sseq+3));
return isn;
} |
|