tcp: RFC 5961 5.2 Blind Data Injection Attack Mitigation - linux

diff options

author	Eric Dumazet <edumazet@google.com>	2012-10-21 19:57:11 +0000
committer	Ben Hutchings <ben@decadent.org.uk>	2013-01-16 01:13:27 +0000
commit	e252bbd8c87b95e9cecdc01350fbb0b46a0f9bf1 (patch)
tree	c9321c66eebb5d5f65775d8f89225c6cd3d4c93d /scripts/patch-kernel
parent	9ae46af9cdaaac4938974c51ad7db2b8dc60ff83 (diff)

tcp: RFC 5961 5.2 Blind Data Injection Attack Mitigation

[ Upstream commit 354e4aa391ed50a4d827ff6fc11e0667d0859b25 ] RFC 5961 5.2 [Blind Data Injection Attack].[Mitigation] All TCP stacks MAY implement the following mitigation. TCP stacks that implement this mitigation MUST add an additional input check to any incoming segment. The ACK value is considered acceptable only if it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <= SND.NXT). All incoming segments whose ACK value doesn't satisfy the above condition MUST be discarded and an ACK sent back. Move tcp_send_challenge_ack() before tcp_ack() to avoid a forward declaration. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Neal Cardwell <ncardwell@google.com> Cc: Yuchung Cheng <ycheng@google.com> Cc: Jerry Chu <hkchu@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Diffstat (limited to 'scripts/patch-kernel')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: