iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/ipv4
History
Eric Dumazet 282f23c6ee tcp: implement RFC 5961 3.2 
Implement the RFC 5691 mitigation against Blind
Reset attack using RST bit.

Idea is to validate incoming RST sequence,
to match RCV.NXT value, instead of previouly accepted
window : (RCV.NXT <= SEG.SEQ < RCV.NXT+RCV.WND)

If sequence is in window but not an exact match, send
a "challenge ACK", so that the other part can resend an
RST with the appropriate sequence.

Add a new sysctl, tcp_challenge_ack_limit, to limit
number of challenge ACK sent per second.

Add a new SNMP counter to count number of challenge acks sent.
(netstat -s | grep TCPChallengeACK)

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Kiran Kumar Kella <kkiran@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-07-17 01:36:20 -07:00
..
netfilter
Merge branch 'master' of git://1984.lsi.us.es/nf-next
2012-07-07 16:18:50 -07:00
af_inet.c
ipv4: Early TCP socket demux.
2012-06-19 21:22:05 -07:00
ah4.c
ipv4: Add redirect support to all protocol icmp error handlers.
2012-07-11 21:27:49 -07:00
arp.c
Revert "ipv4: tcp: dont cache unconfirmed intput dst"
2012-06-27 17:05:06 -07:00
cipso_ipv4.c
ipv4: Convert call_rcu() to kfree_rcu(), drop opt_kfree_rcu()
2012-02-21 09:03:31 -08:00
datagram.c
ipv4: Lock socket and use cork flow in ip4_datagram_connect().
2011-05-08 13:48:57 -07:00
devinet.c
ipv4: Add interface option to enable routing of 127.0.0.0/8
2012-06-12 15:25:46 -07:00
esp4.c
ipv4: Add redirect support to all protocol icmp error handlers.
2012-07-11 21:27:49 -07:00
fib_frontend.c
ipv4: Don't store a rule pointer in fib_result.
2012-07-13 08:21:29 -07:00
fib_lookup.h
ipv4: Fix nexthop caching wrt. scoping.
2011-03-24 18:06:47 -07:00
fib_rules.c
ipv4: Don't store a rule pointer in fib_result.
2012-07-13 08:21:29 -07:00
fib_semantics.c
ipv4: Enforce max MTU metric at route insertion time.
2012-07-10 22:40:15 -07:00
fib_trie.c
ipv4: Remove tb_peers from fib_table.
2012-07-12 09:39:28 -07:00
gre.c
net: ipv4: Standardize prefixes for message logging
2012-03-12 17:05:21 -07:00
icmp.c
ipv4: Put proper checks into icmp_socket_deliver().
2012-07-12 08:06:04 -07:00
igmp.c
ipv4: fix checkpatch errors
2012-04-15 12:37:19 -04:00
inet_connection_sock.c
inet: Kill FLOWI_FLAG_PRECOW_METRICS.
2012-07-10 22:40:12 -07:00
inet_diag.c
net: make sock diag per-namespace
2012-07-16 22:31:34 -07:00
inet_fragment.c
inetpeer: add parameter net for inet_getpeer_v4,v6
2012-06-08 14:27:23 -07:00
inet_hashtables.c
ipv4: fix checkpatch errors
2012-04-15 12:37:19 -04:00
inet_lro.c
net: add skb frag size accessors
2011-10-19 03:10:46 -04:00
inet_timewait_sock.c
net: ipv4 and ipv6: Convert printk(KERN_DEBUG to pr_debug
2012-05-16 01:01:03 -04:00
inetpeer.c
ipv4: Maintain redirect and PMTU info in struct rtable again.
2012-07-10 22:40:14 -07:00
ip_forward.c
snmp: fix OutOctets counter to include forwarded datagrams
2012-06-07 14:50:56 -07:00
ip_fragment.c
Revert "ipv4: tcp: dont cache unconfirmed intput dst"
2012-06-27 17:05:06 -07:00
ip_gre.c
ipv4: Add redirect support to all protocol icmp error handlers.
2012-07-11 21:27:49 -07:00
ip_input.c
ipv4: Kill early demux method return value.
2012-06-27 22:01:22 -07:00
ip_options.c
ipv4: defer fib_compute_spec_dst() call
2012-07-05 03:03:32 -07:00
ip_output.c
net: Do delayed neigh confirmation.
2012-07-05 01:03:06 -07:00
ip_sockglue.c
ipv4: Create and use fib_compute_spec_dst() helper.
2012-06-28 03:59:11 -07:00
ipcomp.c
ipv4: Add redirect support to all protocol icmp error handlers.
2012-07-11 21:27:49 -07:00
ipconfig.c
net/ipv4/ipconfig: neaten __setup placement
2012-05-20 04:06:16 -04:00
ipip.c
ipv4: Add redirect support to all protocol icmp error handlers.
2012-07-11 21:27:49 -07:00
ipmr.c
net: Fix (nearly-)kernel-doc comments for various functions
2012-07-10 23:13:45 -07:00
Kconfig
net: delete all instances of special processing for token ring
2012-05-15 20:14:35 -04:00
Makefile
tcp: Move dynamnic metrics handling into seperate file.
2012-07-10 20:31:36 -07:00
netfilter.c
net: Delete all remaining instances of ctl_path
2012-04-20 21:22:30 -04:00
ping.c
ipv4: Add redirect support to all protocol icmp error handlers.
2012-07-11 21:27:49 -07:00
proc.c
tcp: implement RFC 5961 3.2
2012-07-17 01:36:20 -07:00
protocol.c
inet: Sanitize inet{,6} protocol demux.
2012-06-19 18:56:21 -07:00
raw.c
ipv4: Add redirect support to all protocol icmp error handlers.
2012-07-11 21:27:49 -07:00
route.c
ipv4: Don't store a rule pointer in fib_result.
2012-07-13 08:21:29 -07:00
syncookies.c
tcp: fix syncookie regression
2012-03-11 15:52:12 -07:00
sysctl_net_ipv4.c
tcp: implement RFC 5961 3.2
2012-07-17 01:36:20 -07:00
tcp_bic.c
tcp: fix undo after RTO for BIC
2012-01-20 14:17:26 -05:00
tcp_cong.c
tcp: bool conversions
2012-05-17 14:59:59 -04:00
tcp_cubic.c
tcp: fix undo after RTO for CUBIC
2012-01-20 14:17:26 -05:00
tcp_diag.c
inet_diag: Rename inet_diag_req into inet_diag_req_v2
2012-01-11 12:56:06 -08:00
tcp_highspeed.c
tcp: mark tcp_congestion_ops read_mostly
2011-03-10 00:40:17 -08:00
tcp_htcp.c
tcp: mark tcp_congestion_ops read_mostly
2011-03-10 00:40:17 -08:00
tcp_hybla.c
tcp: bool conversions
2012-05-17 14:59:59 -04:00
tcp_illinois.c
tcp: mark tcp_congestion_ops read_mostly
2011-03-10 00:40:17 -08:00
tcp_input.c
tcp: implement RFC 5961 3.2
2012-07-17 01:36:20 -07:00
tcp_ipv4.c
net: Remove checks for dst_ops->redirect being NULL.
2012-07-12 00:41:25 -07:00
tcp_lp.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
tcp_memcontrol.c
memcg: decrement static keys at real destroy time
2012-05-29 16:22:28 -07:00
tcp_metrics.c
tcp: Fix out of bounds access to tcpm_vals
2012-07-11 17:30:41 -07:00
tcp_minisocks.c
tcp: TCP Small Queues
2012-07-11 18:12:59 -07:00
tcp_output.c
tcp: add LAST_ACK as a valid state for TSQ
2012-07-13 05:48:36 -07:00
tcp_probe.c
net: cleanup unsigned to unsigned int
2012-04-15 12:44:40 -04:00
tcp_scalable.c
tcp: mark tcp_congestion_ops read_mostly
2011-03-10 00:40:17 -08:00
tcp_timer.c
tcp: early retransmit: delayed fast retransmit
2012-05-02 20:56:10 -04:00
tcp_vegas.c
tcp: mark tcp_congestion_ops read_mostly
2011-03-10 00:40:17 -08:00
tcp_vegas.h
tcp_veno.c
tcp: mark tcp_congestion_ops read_mostly
2011-03-10 00:40:17 -08:00
tcp_westwood.c
tcp: mark tcp_congestion_ops read_mostly
2011-03-10 00:40:17 -08:00
tcp_yeah.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
tcp.c
tcp: TCP Small Queues
2012-07-11 18:12:59 -07:00
tunnel4.c
net: Convert printks to pr_<level>
2012-03-11 23:42:51 -07:00
udp_diag.c
net: make sock diag per-namespace
2012-07-16 22:31:34 -07:00
udp_impl.h
ipv4: fix checkpatch errors
2012-04-15 12:37:19 -04:00
udp.c
ipv4: Add redirect support to all protocol icmp error handlers.
2012-07-11 21:27:49 -07:00
udplite.c
net: ipv4: Standardize prefixes for message logging
2012-03-12 17:05:21 -07:00
xfrm4_input.c
Revert "ipv4: tcp: dont cache unconfirmed intput dst"
2012-06-27 17:05:06 -07:00
xfrm4_mode_beet.c
ipsec: be careful of non existing mac headers
2012-02-23 16:50:45 -05:00
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
ipsec: be careful of non existing mac headers
2012-02-23 16:50:45 -05:00
xfrm4_output.c
xfrm4: Don't call icmp_send on local error
2011-07-01 17:33:19 -07:00
xfrm4_policy.c
net: Remove checks for dst_ops->redirect being NULL.
2012-07-12 00:41:25 -07:00
xfrm4_state.c
net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules
2011-10-31 19:30:30 -04:00
xfrm4_tunnel.c
net: ipv4: Standardize prefixes for message logging
2012-03-12 17:05:21 -07:00