tcp: RFC 5961 5.2 Blind Data Injection Attack Mitigation - linux-dev - Linux kernel development work

diff options

author	Eric Dumazet <edumazet@google.com>	2012-10-21 19:57:11 +0000
committer	David S. Miller <davem@davemloft.net>	2012-10-22 14:29:06 -0400
commit	354e4aa391ed50a4d827ff6fc11e0667d0859b25 (patch)
tree	26a9eab79c239f1e0f27b469a5ed06c9a111a1d2 /net/ipv4/tcp.c
parent	pkt_sched: use ns_to_ktime() helper (diff)
download	linux-dev-354e4aa391ed50a4d827ff6fc11e0667d0859b25.tar.xz linux-dev-354e4aa391ed50a4d827ff6fc11e0667d0859b25.zip

tcp: RFC 5961 5.2 Blind Data Injection Attack Mitigation

RFC 5961 5.2 [Blind Data Injection Attack].[Mitigation] All TCP stacks MAY implement the following mitigation. TCP stacks that implement this mitigation MUST add an additional input check to any incoming segment. The ACK value is considered acceptable only if it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <= SND.NXT). All incoming segments whose ACK value doesn't satisfy the above condition MUST be discarded and an ACK sent back. Move tcp_send_challenge_ack() before tcp_ack() to avoid a forward declaration. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Neal Cardwell <ncardwell@google.com> Cc: Yuchung Cheng <ycheng@google.com> Cc: Jerry Chu <hkchu@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'net/ipv4/tcp.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: