282f23c6ee
Implement the RFC 5691 mitigation against Blind Reset attack using RST bit. Idea is to validate incoming RST sequence, to match RCV.NXT value, instead of previouly accepted window : (RCV.NXT <= SEG.SEQ < RCV.NXT+RCV.WND) If sequence is in window but not an exact match, send a "challenge ACK", so that the other part can resend an RST with the appropriate sequence. Add a new sysctl, tcp_challenge_ack_limit, to limit number of challenge ACK sent per second. Add a new SNMP counter to count number of challenge acks sent. (netstat -s | grep TCPChallengeACK) Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Kiran Kumar Kella <kkiran@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
acpi | ||
asm-generic | ||
crypto | ||
drm | ||
keys | ||
linux | ||
math-emu | ||
media | ||
memory | ||
misc | ||
mtd | ||
net | ||
pcmcia | ||
rdma | ||
rxrpc | ||
scsi | ||
sound | ||
target | ||
trace | ||
video | ||
xen | ||
Kbuild |