Files
i2som-imx-linux/Documentation
Eric Dumazet 61f69dc4e4 tcp: implement RFC 5961 3.2
[ Upstream commit 282f23c6ee ]

Implement the RFC 5691 mitigation against Blind
Reset attack using RST bit.

Idea is to validate incoming RST sequence,
to match RCV.NXT value, instead of previouly accepted
window : (RCV.NXT <= SEG.SEQ < RCV.NXT+RCV.WND)

If sequence is in window but not an exact match, send
a "challenge ACK", so that the other part can resend an
RST with the appropriate sequence.

Add a new sysctl, tcp_challenge_ack_limit, to limit
number of challenge ACK sent per second.

Add a new SNMP counter to count number of challenge acks sent.
(netstat -s | grep TCPChallengeACK)

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Kiran Kumar Kella <kkiran@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
2013-01-16 01:13:25 +00:00
..
2011-09-27 18:08:04 +02:00
2011-09-27 18:08:04 +02:00
2011-09-27 18:08:04 +02:00
2011-06-07 16:06:01 +02:00
2011-03-31 11:26:23 -03:00
2011-09-12 11:50:56 -07:00
2011-06-13 13:43:05 +02:00
2011-03-31 11:26:23 -03:00
2011-03-31 11:26:23 -03:00
2013-01-16 01:13:25 +00:00
2011-09-27 18:08:04 +02:00
2011-03-31 11:26:23 -03:00
2011-11-02 16:07:02 -07:00
2011-07-24 10:48:22 +02:00
2011-09-27 18:08:04 +02:00
2011-09-27 18:08:04 +02:00
2011-03-31 11:26:23 -03:00
2011-09-27 18:08:04 +02:00
2012-01-12 11:29:34 -08:00
2011-03-31 11:26:23 -03:00
2011-03-31 11:26:23 -03:00
2011-03-31 11:26:23 -03:00
2011-05-23 15:14:11 -07:00
2011-03-31 11:26:23 -03:00
2011-03-31 11:26:23 -03:00
2011-09-27 18:08:04 +02:00
2011-06-13 13:43:05 +02:00
2011-09-27 18:08:04 +02:00
2011-09-27 18:08:04 +02:00
2011-09-27 18:08:04 +02:00
2011-03-31 11:26:23 -03:00