git.baikalelectronics.ru Git - kernel.git/commit

author	Eric Dumazet <edumazet@google.com>
	Sun, 21 Oct 2012 19:57:11 +0000 (19:57 +0000)
committer	David S. Miller <davem@davemloft.net>
	Mon, 22 Oct 2012 18:29:06 +0000 (14:29 -0400)
commit	a2e9ee9d0bec7a70b5db69afcb4cfc2354d5f9f3
tree	26a9eab79c239f1e0f27b469a5ed06c9a111a1d2	tree \| snapshot
parent	a05d0c96e1849e0f81eda0295d5202d2675433d1	commit \| diff

tcp: RFC 5961 5.2 Blind Data Injection Attack Mitigation

RFC 5961 5.2 [Blind Data Injection Attack].[Mitigation]

  All TCP stacks MAY implement the following mitigation.  TCP stacks
  that implement this mitigation MUST add an additional input check to
  any incoming segment.  The ACK value is considered acceptable only if
  it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <=
  SND.NXT).  All incoming segments whose ACK value doesn't satisfy the
  above condition MUST be discarded and an ACK sent back.

Move tcp_send_challenge_ack() before tcp_ack() to avoid a forward
declaration.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Jerry Chu <hkchu@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>