davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
658ddaaf66
kernel-ark/net/ipv4
History
Shawn Lu 658ddaaf66 tcp: md5: RST: getting md5 key from listener 
TCP RST mechanism is broken in TCP md5(RFC2385). When
connection is gone, md5 key is lost, sending RST
without md5 hash is deem to ignored by peer. This can
be a problem since RST help protocal like bgp to fast
recove from peer crash.

In most case, users of tcp md5, such as bgp and ldp,
have listener on both sides to accept connection from peer.
md5 keys for peers are saved in listening socket.

There are two cases in finding md5 key when connection is
lost:
1.Passive receive RST: The message is send to well known port,
tcp will associate it with listner. md5 key is gotten from
listener.

2.Active receive RST (no sock): The message is send to ative
side, there is no socket associated with the message. In this
case, finding listener from source port, then find md5 key from
listener.

we are not loosing sercuriy here:
packet is checked with md5 hash. No RST is generated
if md5 hash doesn't match or no md5 key can be found.

Signed-off-by: Shawn Lu <shawn.lu@ericsson.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-02-01 12:43:54 -05:00
..
netfilter Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-14 18:36:33 -08:00
af_inet.c per-netns ipv4 sysctl_tcp_mem 2011-12-12 19:04:11 -05:00
ah4.c ah: Don't return NET_XMIT_DROP on input. 2011-11-12 18:13:32 -05:00
arp.c ipv6: Use universal hash for NDISC. 2011-12-28 15:06:58 -05:00
cipso_ipv4.c cipso: remove an unneeded NULL check in cipso_v4_doi_add() 2011-10-11 18:43:53 -04:00
datagram.c ipv4: Lock socket and use cork flow in ip4_datagram_connect(). 2011-05-08 13:48:57 -07:00
devinet.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
esp4.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
fib_frontend.c rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
fib_lookup.h ipv4: Fix nexthop caching wrt. scoping. 2011-03-24 18:06:47 -07:00
fib_rules.c net: ipv4: export fib_lookup and fib_table_lookup 2011-12-04 22:43:33 +01:00
fib_semantics.c ipv4: Fix fib_info->fib_metrics leak 2011-09-16 17:42:26 -04:00
fib_trie.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
gre.c rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER 2011-08-02 04:29:23 -07:00
icmp.c net: more accurate skb truesize 2011-10-13 16:05:07 -04:00
igmp.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
inet_connection_sock.c net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00
inet_diag.c inet_diag: Rename inet_diag_req_compat into inet_diag_req 2012-01-11 12:56:06 -08:00
inet_fragment.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
inet_hashtables.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
inet_lro.c net: add skb frag size accessors 2011-10-19 03:10:46 -04:00
inet_timewait_sock.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
inetpeer.c inetpeer: initialize ->redirect_genid in inet_getpeer() 2012-01-17 15:52:12 -05:00
ip_forward.c ipv4: Save nexthop address of LSRR/SSRR option to IPCB. 2011-11-23 19:19:32 -05:00
ip_fragment.c treewide: Fix typos in various parts of the kernel, and fix some comments. 2011-12-02 14:57:31 +01:00
ip_gre.c ipv4: ip_gre: Convert to dst_neigh_lookup() 2012-01-27 21:00:07 -05:00
ip_input.c ip: introduce ip_is_fragment helper inline function 2011-06-21 20:33:34 -07:00
ip_options.c ipv4: Save nexthop address of LSRR/SSRR option to IPCB. 2011-11-23 19:19:32 -05:00
ip_output.c net: Rename dst_get_neighbour{, _raw} to dst_get_neighbour_noref{, _raw}. 2011-12-05 15:20:19 -05:00
ip_sockglue.c net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00
ipcomp.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
ipconfig.c net: fix some sparse errors 2012-01-17 10:31:12 -05:00
ipip.c ipip: Fix bug added to ipip_tunnel_xmit(). 2012-01-24 18:18:05 -05:00
ipmr.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
Kconfig Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-01-09 14:46:52 -08:00
Makefile tcp memory pressure controls 2011-12-12 19:04:10 -05:00
netfilter.c netfilter: possible unaligned packet header in ip_route_me_harder 2011-11-21 18:46:18 +01:00
ping.c net: fix some sparse errors 2012-01-17 10:31:12 -05:00
proc.c tcp: add LINUX_MIB_TCPRETRANSFAIL counter 2012-01-26 13:51:00 -05:00
protocol.c net: add __rcu annotations to protocol 2010-10-27 11:37:31 -07:00
raw.c ipv4: Remove all uses of LL_ALLOCATED_SPACE 2011-11-18 14:37:08 -05:00
route.c ipv4/ipv6: Prepare for new route gateway semantics. 2012-01-26 15:22:32 -05:00
syncookies.c tcp: Replace constants with #define macros 2011-12-21 01:03:23 -05:00
sysctl_net_ipv4.c net: ping: remove some sparse errors 2011-12-14 13:34:55 -05:00
tcp_bic.c tcp: fix undo after RTO for BIC 2012-01-20 14:17:26 -05:00
tcp_cong.c tcp: do not scale TSO segment size with reordering degree 2011-11-29 00:29:41 -05:00
tcp_cubic.c tcp: fix undo after RTO for CUBIC 2012-01-20 14:17:26 -05:00
tcp_diag.c inet_diag: Rename inet_diag_req into inet_diag_req_v2 2012-01-11 12:56:06 -08:00
tcp_highspeed.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_htcp.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_hybla.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_illinois.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_input.c tcp: detect loss above high_seq in recovery 2012-01-22 15:08:44 -05:00
tcp_ipv4.c tcp: md5: RST: getting md5 key from listener 2012-02-01 12:43:54 -05:00
tcp_lp.c Fix common misspellings 2011-03-31 11:26:23 -03:00
tcp_memcontrol.c net: decrement memcg jump label when limit, not usage, is changed 2012-01-12 12:27:59 -08:00
tcp_minisocks.c tcp: md5: rcu conversion 2012-01-31 12:14:00 -05:00
tcp_output.c tcp: add LINUX_MIB_TCPRETRANSFAIL counter 2012-01-26 13:51:00 -05:00
tcp_probe.c net: ipv4: tcp_probe: cleanup snprintf() use 2010-11-17 12:27:46 -08:00
tcp_scalable.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_timer.c net: fix assignment of 0/1 to bool variables. 2011-12-19 22:27:29 -05:00
tcp_vegas.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_vegas.h
tcp_veno.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_westwood.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_yeah.c Fix common misspellings 2011-03-31 11:26:23 -03:00
tcp.c per-netns ipv4 sysctl_tcp_mem 2011-12-12 19:04:11 -05:00
tunnel4.c net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00
udp_diag.c net: kill duplicate included header 2012-01-17 10:31:12 -05:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udp.c udp: Export code sk lookup routines 2011-12-09 14:14:08 -05:00
udplite.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
xfrm4_input.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c ipv4: Don't pre-seed hoplimit metric. 2010-12-12 22:08:17 -08:00
xfrm4_output.c xfrm4: Don't call icmp_send on local error 2011-07-01 17:33:19 -07:00
xfrm4_policy.c ipv4: fix ipsec forward performance regression 2011-10-24 03:01:22 -04:00
xfrm4_state.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
xfrm4_tunnel.c net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00