korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-03 17:14:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
354e4aa391
linux/net/ipv4
History
Eric Dumazet 354e4aa391 tcp: RFC 5961 5.2 Blind Data Injection Attack Mitigation 
RFC 5961 5.2 [Blind Data Injection Attack].[Mitigation]

  All TCP stacks MAY implement the following mitigation.  TCP stacks
  that implement this mitigation MUST add an additional input check to
  any incoming segment.  The ACK value is considered acceptable only if
  it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <=
  SND.NXT).  All incoming segments whose ACK value doesn't satisfy the
  above condition MUST be discarded and an ACK sent back.

Move tcp_send_challenge_ack() before tcp_ack() to avoid a forward
declaration.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Jerry Chu <hkchu@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-10-22 14:29:06 -04:00
..
netfilter netfilter: combine ipt_REDIRECT and ip6t_REDIRECT 2012-09-21 12:12:05 +02:00
af_inet.c ipv4: Don't add TCP-code in inet_sock_destruct 2012-09-20 17:12:27 -04:00
ah4.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
arp.c ipv4/route: arg delay is useless in rt_cache_flush() 2012-09-18 15:44:34 -04:00
cipso_ipv4.c cipso: don't follow a NULL pointer when setsockopt() is called 2012-07-18 09:01:12 -07:00
datagram.c ipv4: Lock socket and use cork flow in ip4_datagram_connect(). 2011-05-08 13:48:57 -07:00
devinet.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-09-28 14:40:49 -04:00
esp4.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
fib_frontend.c ipv4: fix sending of redirects 2012-10-08 17:42:35 -04:00
fib_lookup.h ipv4: Fix nexthop caching wrt. scoping. 2011-03-24 18:06:47 -07:00
fib_rules.c sections: fix section conflicts in net 2012-10-06 03:04:45 +09:00
fib_semantics.c ipv4: make sure nh_pcpu_rth_output is always allocated 2012-10-08 17:42:35 -04:00
fib_trie.c ipv4/route: arg delay is useless in rt_cache_flush() 2012-09-18 15:44:34 -04:00
gre.c net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00
icmp.c ipv4: Prepare for change of rt->rt_iif encoding. 2012-07-23 16:36:26 -07:00
igmp.c igmp: export symbol ip_mc_leave_group 2012-10-01 18:39:44 -04:00
inet_connection_sock.c ipv4: introduce rt_uses_gateway 2012-10-08 17:42:36 -04:00
inet_diag.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
inet_fragment.c ipv6: unify fragment thresh handling code 2012-09-19 17:23:28 -04:00
inet_hashtables.c ipv4: fix checkpatch errors 2012-04-15 12:37:19 -04:00
inet_lro.c net: add skb frag size accessors 2011-10-19 03:10:46 -04:00
inet_timewait_sock.c net: ipv4 and ipv6: Convert printk(KERN_DEBUG to pr_debug 2012-05-16 01:01:03 -04:00
inetpeer.c Merge branch 'for-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq 2012-10-02 09:54:49 -07:00
ip_forward.c ipv4: introduce rt_uses_gateway 2012-10-08 17:42:36 -04:00
ip_fragment.c ipv6: unify fragment thresh handling code 2012-09-19 17:23:28 -04:00
ip_gre.c gre: fix sparse warning 2012-10-01 17:35:31 -04:00
ip_input.c net: TCP early demux cleanup 2012-07-30 14:53:21 -07:00
ip_options.c ipv4: optimize fib_compute_spec_dst call in ip_options_echo 2012-07-19 08:30:49 -07:00
ip_output.c ipv4: introduce rt_uses_gateway 2012-10-08 17:42:36 -04:00
ip_sockglue.c ipv4: Prepare for change of rt->rt_iif encoding. 2012-07-23 16:36:26 -07:00
ip_vti.c vti: fix sparse bit endian warnings 2012-10-12 13:56:52 -04:00
ipcomp.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
ipconfig.c ipconfig: fix trivial build error 2012-09-25 13:22:30 -04:00
ipip.c tunnel: drop packet if ECN present with not-ECT 2012-09-27 18:12:37 -04:00
ipmr.c sections: fix section conflicts in net 2012-10-06 03:04:45 +09:00
Kconfig net/ipv4: VTI support new module for ip_vti. 2012-07-18 09:36:12 -07:00
Makefile memcg: rename config variables 2012-07-31 18:42:43 -07:00
netfilter.c netfilter: properly annotate ipv4_netfilter_{init,fini}() 2012-09-03 13:56:04 +02:00
ping.c userns: Use kgids for sysctl_ping_group_range 2012-08-14 21:49:10 -07:00
proc.c tcp: TCP Fast Open Server - header & support functions 2012-08-31 20:02:18 -04:00
protocol.c inet: Sanitize inet{,6} protocol demux. 2012-06-19 18:56:21 -07:00
raw.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-10-02 11:11:09 -07:00
route.c ipv4: Fix flushing of cached routing informations 2012-10-18 15:34:30 -04:00
syncookies.c tcp: TCP Fast Open Server - support TFO listeners 2012-08-31 20:02:19 -04:00
sysctl_net_ipv4.c tcp: sysctl interface leaks 16 bytes of kernel memory 2012-10-11 15:12:33 -04:00
tcp_bic.c tcp: fix undo after RTO for BIC 2012-01-20 14:17:26 -05:00
tcp_cong.c tcp: Apply device TSO segment limit earlier 2012-08-02 00:19:17 -07:00
tcp_cubic.c tcp: fix undo after RTO for CUBIC 2012-01-20 14:17:26 -05:00
tcp_diag.c inet_diag: Rename inet_diag_req into inet_diag_req_v2 2012-01-11 12:56:06 -08:00
tcp_fastopen.c tcp: TCP Fast Open Server - header & support functions 2012-08-31 20:02:18 -04:00
tcp_highspeed.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_htcp.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_hybla.c tcp: bool conversions 2012-05-17 14:59:59 -04:00
tcp_illinois.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_input.c tcp: RFC 5961 5.2 Blind Data Injection Attack Mitigation 2012-10-22 14:29:06 -04:00
tcp_ipv4.c tcp: resets are misrouted 2012-10-12 13:52:40 -04:00
tcp_lp.c Fix common misspellings 2011-03-31 11:26:23 -03:00
tcp_memcontrol.c memcg: decrement static keys at real destroy time 2012-05-29 16:22:28 -07:00
tcp_metrics.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
tcp_minisocks.c tcp: TCP Fast Open Server - note timestamps and retransmits for SYNACK RTT 2012-09-22 15:47:10 -04:00
tcp_output.c tcp: use PRR to reduce cwin in CWR state 2012-09-03 14:34:02 -04:00
tcp_probe.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
tcp_scalable.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_timer.c tcp: TCP Fast Open Server - support TFO listeners 2012-08-31 20:02:19 -04:00
tcp_vegas.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_vegas.h
tcp_veno.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_westwood.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_yeah.c Fix common misspellings 2011-03-31 11:26:23 -03:00
tcp.c tcp: fix FIONREAD/SIOCINQ 2012-10-18 15:34:31 -04:00
tunnel4.c net: Convert printks to pr_<level> 2012-03-11 23:42:51 -07:00
udp_diag.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
udp_impl.h ipv4: fix checkpatch errors 2012-04-15 12:37:19 -04:00
udp.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-10-02 11:11:09 -07:00
udplite.c net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00
xfrm4_input.c ipv4: Fix input route performance regression. 2012-07-26 15:50:39 -07:00
xfrm4_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c net/ipv4: VTI support rx-path hook in xfrm4_mode_tunnel. 2012-07-18 09:36:12 -07:00
xfrm4_output.c xfrm4: Don't call icmp_send on local error 2011-07-01 17:33:19 -07:00
xfrm4_policy.c ipv4: introduce rt_uses_gateway 2012-10-08 17:42:36 -04:00
xfrm4_state.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
xfrm4_tunnel.c net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00