linux/net
Eric Dumazet 282f23c6ee tcp: implement RFC 5961 3.2
Implement the RFC 5691 mitigation against Blind
Reset attack using RST bit.

Idea is to validate incoming RST sequence,
to match RCV.NXT value, instead of previouly accepted
window : (RCV.NXT <= SEG.SEQ < RCV.NXT+RCV.WND)

If sequence is in window but not an exact match, send
a "challenge ACK", so that the other part can resend an
RST with the appropriate sequence.

Add a new sysctl, tcp_challenge_ack_limit, to limit
number of challenge ACK sent per second.

Add a new SNMP counter to count number of challenge acks sent.
(netstat -s | grep TCPChallengeACK)

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Kiran Kumar Kella <kkiran@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-07-17 01:36:20 -07:00
..
9p net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
802 tokenring: delete all remaining driver support 2012-05-15 20:23:16 -04:00
8021q net: Fix memory leak - vlan_info struct 2012-07-10 23:32:27 -07:00
appletalk net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
atm net: Remove casts to same type 2012-06-04 11:45:11 -04:00
ax25 small cleanup in ax25_addr_parse() 2012-07-09 00:16:16 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-07-10 23:56:33 -07:00
bluetooth Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless 2012-07-09 16:34:34 -04:00
bridge bridge: Fix enforcement of multicast hash_max limit 2012-07-16 22:59:30 -07:00
caif Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-06-28 17:37:00 -07:00
can can: gw: Remove pointless casts 2012-07-10 22:36:17 +02:00
ceph net: Fix non-kernel-doc comments with kernel-doc start marker 2012-07-10 23:13:45 -07:00
core net: make sock diag per-namespace 2012-07-16 22:31:34 -07:00
dcb net: Fix non-kernel-doc comments with kernel-doc start marker 2012-07-10 23:13:45 -07:00
dccp net: Remove checks for dst_ops->redirect being NULL. 2012-07-12 00:41:25 -07:00
decnet net: Add dummy dst_ops->redirect method where needed. 2012-07-12 00:39:24 -07:00
dns_resolver Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-05-21 20:27:36 -07:00
dsa dsa: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:19 -04:00
ethernet net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
ieee802154 6lowpan: Change byte order when storing/accessing to len field 2012-07-16 22:52:02 -07:00
ipv4 tcp: implement RFC 5961 3.2 2012-07-17 01:36:20 -07:00
ipv6 ipv6: fix unappropriate errno returned for non-multicast address 2012-07-17 01:35:03 -07:00
ipx ipx: Remove spurious NULL checking in ipx_ioctl(). 2012-05-19 00:51:04 -04:00
irda irda: Fix typo in irda 2012-07-16 23:23:52 -07:00
iucv net: remove skb_orphan_try() 2012-06-15 15:30:15 -07:00
key net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
l2tp net: l2tp_eth: provide tx_dropped counter 2012-06-29 00:52:32 -07:00
lapb lapb: Neaten debugging 2012-05-17 18:45:20 -04:00
llc net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
mac80211 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2012-07-12 13:44:50 -04:00
mac802154 mac802154: sparse warnings: make symbols static 2012-07-12 07:54:45 -07:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-07-10 23:56:33 -07:00
netlabel netlabel: use GFP flags from caller instead of GFP_ATOMIC 2012-03-22 19:29:57 -04:00
netlink net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
netrom net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nfc Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2012-07-12 13:44:50 -04:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-05-16 22:17:37 -04:00
packet net: added support for 40GbE link. 2012-06-27 15:42:24 -07:00
phonet net: remove my future former mail address 2012-06-17 16:29:38 -07:00
rds net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
rfkill rfkill: Add the capability to switch all devices of all type in __rfkill_switch_all(). 2012-06-06 15:18:17 -04:00
rose net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-07-10 23:56:33 -07:00
sched netem: refine early skb orphaning 2012-07-16 23:08:33 -07:00
sctp sctp: fix sparse warning for sctp_init_cause_fixed 2012-07-16 23:23:52 -07:00
sunrpc net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
tipc tipc: remove print_buf and deprecated log buffer code 2012-07-13 19:34:43 -04:00
unix net: make sock diag per-namespace 2012-07-16 22:31:34 -07:00
wanrouter net/wanrouter: Deprecate and schedule for removal 2012-05-24 16:22:53 -04:00
wimax net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
wireless Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2012-07-12 13:44:50 -04:00
x25 net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
xfrm xfrm: Initialize the struct xfrm_dst behind the dst_enty field 2012-07-14 00:29:12 -07:00
compat.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-05-21 20:27:36 -07:00
Kconfig net: drop NET dependency from HAVE_BPF_JIT 2012-05-21 12:50:12 -07:00
Makefile econet: remove ancient bug ridden protocol 2012-05-18 01:35:08 -04:00
nonet.c
socket.c Merge branch 'for-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2012-05-22 17:37:47 -07:00
sysctl_net.c net: delete all instances of special processing for token ring 2012-05-15 20:14:35 -04:00