git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Eric Dumazet <edumazet@google.com>
	Sun, 21 Oct 2012 19:57:11 +0000 (19:57 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 11 Jan 2013 17:03:48 +0000 (09:03 -0800)
commit	8d15569e14cfcf9151e9e3b4c0cb98369943a2bb
tree	0c066e73c8649a70c11191c220c7105f141469a9	tree \| snapshot
parent	ffd34fcbce326a88668075b9e5480cb301ac6a78	commit \| diff

tcp: RFC 5961 5.2 Blind Data Injection Attack Mitigation

[ Upstream commit 354e4aa391ed50a4d827ff6fc11e0667d0859b25 ]

RFC 5961 5.2 [Blind Data Injection Attack].[Mitigation]

  All TCP stacks MAY implement the following mitigation.  TCP stacks
  that implement this mitigation MUST add an additional input check to
  any incoming segment.  The ACK value is considered acceptable only if
  it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <=
  SND.NXT).  All incoming segments whose ACK value doesn't satisfy the
  above condition MUST be discarded and an ACK sent back.

Move tcp_send_challenge_ack() before tcp_ack() to avoid a forward
declaration.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Jerry Chu <hkchu@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>