davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
282f23c6ee
kernel-ark/net/ipv4
History
Eric Dumazet 282f23c6ee tcp: implement RFC 5961 3.2 
Implement the RFC 5691 mitigation against Blind
Reset attack using RST bit.

Idea is to validate incoming RST sequence,
to match RCV.NXT value, instead of previouly accepted
window : (RCV.NXT <= SEG.SEQ < RCV.NXT+RCV.WND)

If sequence is in window but not an exact match, send
a "challenge ACK", so that the other part can resend an
RST with the appropriate sequence.

Add a new sysctl, tcp_challenge_ack_limit, to limit
number of challenge ACK sent per second.

Add a new SNMP counter to count number of challenge acks sent.
(netstat -s | grep TCPChallengeACK)

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Kiran Kumar Kella <kkiran@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-07-17 01:36:20 -07:00
..
netfilter Merge branch 'master' of git://1984.lsi.us.es/nf-next 2012-07-07 16:18:50 -07:00
af_inet.c ipv4: Early TCP socket demux. 2012-06-19 21:22:05 -07:00
ah4.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
arp.c Revert "ipv4: tcp: dont cache unconfirmed intput dst" 2012-06-27 17:05:06 -07:00
cipso_ipv4.c ipv4: Convert call_rcu() to kfree_rcu(), drop opt_kfree_rcu() 2012-02-21 09:03:31 -08:00
datagram.c ipv4: Lock socket and use cork flow in ip4_datagram_connect(). 2011-05-08 13:48:57 -07:00
devinet.c ipv4: Add interface option to enable routing of 127.0.0.0/8 2012-06-12 15:25:46 -07:00
esp4.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
fib_frontend.c ipv4: Don't store a rule pointer in fib_result. 2012-07-13 08:21:29 -07:00
fib_lookup.h ipv4: Fix nexthop caching wrt. scoping. 2011-03-24 18:06:47 -07:00
fib_rules.c ipv4: Don't store a rule pointer in fib_result. 2012-07-13 08:21:29 -07:00
fib_semantics.c ipv4: Enforce max MTU metric at route insertion time. 2012-07-10 22:40:15 -07:00
fib_trie.c ipv4: Remove tb_peers from fib_table. 2012-07-12 09:39:28 -07:00
gre.c net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00
icmp.c ipv4: Put proper checks into icmp_socket_deliver(). 2012-07-12 08:06:04 -07:00
igmp.c ipv4: fix checkpatch errors 2012-04-15 12:37:19 -04:00
inet_connection_sock.c inet: Kill FLOWI_FLAG_PRECOW_METRICS. 2012-07-10 22:40:12 -07:00
inet_diag.c net: make sock diag per-namespace 2012-07-16 22:31:34 -07:00
inet_fragment.c inetpeer: add parameter net for inet_getpeer_v4,v6 2012-06-08 14:27:23 -07:00
inet_hashtables.c ipv4: fix checkpatch errors 2012-04-15 12:37:19 -04:00
inet_lro.c net: add skb frag size accessors 2011-10-19 03:10:46 -04:00
inet_timewait_sock.c net: ipv4 and ipv6: Convert printk(KERN_DEBUG to pr_debug 2012-05-16 01:01:03 -04:00
inetpeer.c ipv4: Maintain redirect and PMTU info in struct rtable again. 2012-07-10 22:40:14 -07:00
ip_forward.c snmp: fix OutOctets counter to include forwarded datagrams 2012-06-07 14:50:56 -07:00
ip_fragment.c Revert "ipv4: tcp: dont cache unconfirmed intput dst" 2012-06-27 17:05:06 -07:00
ip_gre.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
ip_input.c ipv4: Kill early demux method return value. 2012-06-27 22:01:22 -07:00
ip_options.c ipv4: defer fib_compute_spec_dst() call 2012-07-05 03:03:32 -07:00
ip_output.c net: Do delayed neigh confirmation. 2012-07-05 01:03:06 -07:00
ip_sockglue.c ipv4: Create and use fib_compute_spec_dst() helper. 2012-06-28 03:59:11 -07:00
ipcomp.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
ipconfig.c net/ipv4/ipconfig: neaten __setup placement 2012-05-20 04:06:16 -04:00
ipip.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
ipmr.c net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
Kconfig net: delete all instances of special processing for token ring 2012-05-15 20:14:35 -04:00
Makefile tcp: Move dynamnic metrics handling into seperate file. 2012-07-10 20:31:36 -07:00
netfilter.c net: Delete all remaining instances of ctl_path 2012-04-20 21:22:30 -04:00
ping.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
proc.c tcp: implement RFC 5961 3.2 2012-07-17 01:36:20 -07:00
protocol.c inet: Sanitize inet{,6} protocol demux. 2012-06-19 18:56:21 -07:00
raw.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
route.c ipv4: Don't store a rule pointer in fib_result. 2012-07-13 08:21:29 -07:00
syncookies.c tcp: fix syncookie regression 2012-03-11 15:52:12 -07:00
sysctl_net_ipv4.c tcp: implement RFC 5961 3.2 2012-07-17 01:36:20 -07:00
tcp_bic.c tcp: fix undo after RTO for BIC 2012-01-20 14:17:26 -05:00
tcp_cong.c tcp: bool conversions 2012-05-17 14:59:59 -04:00
tcp_cubic.c tcp: fix undo after RTO for CUBIC 2012-01-20 14:17:26 -05:00
tcp_diag.c inet_diag: Rename inet_diag_req into inet_diag_req_v2 2012-01-11 12:56:06 -08:00
tcp_highspeed.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_htcp.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_hybla.c tcp: bool conversions 2012-05-17 14:59:59 -04:00
tcp_illinois.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_input.c tcp: implement RFC 5961 3.2 2012-07-17 01:36:20 -07:00
tcp_ipv4.c net: Remove checks for dst_ops->redirect being NULL. 2012-07-12 00:41:25 -07:00
tcp_lp.c Fix common misspellings 2011-03-31 11:26:23 -03:00
tcp_memcontrol.c memcg: decrement static keys at real destroy time 2012-05-29 16:22:28 -07:00
tcp_metrics.c tcp: Fix out of bounds access to tcpm_vals 2012-07-11 17:30:41 -07:00
tcp_minisocks.c tcp: TCP Small Queues 2012-07-11 18:12:59 -07:00
tcp_output.c tcp: add LAST_ACK as a valid state for TSQ 2012-07-13 05:48:36 -07:00
tcp_probe.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
tcp_scalable.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_timer.c tcp: early retransmit: delayed fast retransmit 2012-05-02 20:56:10 -04:00
tcp_vegas.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_vegas.h
tcp_veno.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_westwood.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_yeah.c Fix common misspellings 2011-03-31 11:26:23 -03:00
tcp.c tcp: TCP Small Queues 2012-07-11 18:12:59 -07:00
tunnel4.c net: Convert printks to pr_<level> 2012-03-11 23:42:51 -07:00
udp_diag.c net: make sock diag per-namespace 2012-07-16 22:31:34 -07:00
udp_impl.h ipv4: fix checkpatch errors 2012-04-15 12:37:19 -04:00
udp.c ipv4: Add redirect support to all protocol icmp error handlers. 2012-07-11 21:27:49 -07:00
udplite.c net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00
xfrm4_input.c Revert "ipv4: tcp: dont cache unconfirmed intput dst" 2012-06-27 17:05:06 -07:00
xfrm4_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm4_output.c xfrm4: Don't call icmp_send on local error 2011-07-01 17:33:19 -07:00
xfrm4_policy.c net: Remove checks for dst_ops->redirect being NULL. 2012-07-12 00:41:25 -07:00
xfrm4_state.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
xfrm4_tunnel.c net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00