Revision bd090dfc634ddd711a5fbd0cadc6e0ab4977bcaf authored by Eric Dumazet on 13 November 2012, 05:37:18 UTC, committed by David S. Miller on 13 November 2012, 19:35:17 UTC
We added support for RFC 5961 in latest kernels but TCP fails to perform exhaustive check of ACK sequence. We can update our view of peer tsval from a frame that is later discarded by tcp_ack() This makes timestamps enabled sessions vulnerable to injection of a high tsval : peers start an ACK storm, since the victim sends a dupack each time it receives an ACK from the other peer. As tcp_validate_incoming() is called before tcp_ack(), we should not peform tcp_replace_ts_recent() from it, and let callers do it at the right time. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Neal Cardwell <ncardwell@google.com> Cc: Yuchung Cheng <ycheng@google.com> Cc: Nandita Dukkipati <nanditad@google.com> Cc: H.K. Jerry Chu <hkchu@google.com> Cc: Romain Francoise <romain@orebokech.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent bbc8d92
File | Mode | Size |
---|---|---|
hidraw | ||
hw_breakpoint | ||
kdb | ||
kfifo | ||
kobject | ||
kprobes | ||
rpmsg | ||
seccomp | ||
trace_events | ||
tracepoints | ||
uhid | ||
Kconfig | -rw-r--r-- | 2.0 KB |
Makefile | -rw-r--r-- | 164 bytes |
Computing file changes ...