summaryrefslogtreecommitdiff
path: root/drivers/net/vxlan.c
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2012-11-13 09:37:18 +0400
committerDavid S. Miller <davem@davemloft.net>2012-11-13 23:35:17 +0400
commitbd090dfc634ddd711a5fbd0cadc6e0ab4977bcaf (patch)
tree0bea170c7ad25ecef637002cf2ebadc83086fea8 /drivers/net/vxlan.c
parentbbc8d9228ea8e37ce29fa96150d10b85a2c7be60 (diff)
downloadlinux-bd090dfc634ddd711a5fbd0cadc6e0ab4977bcaf.tar.xz
tcp: tcp_replace_ts_recent() should not be called from tcp_validate_incoming()
We added support for RFC 5961 in latest kernels but TCP fails to perform exhaustive check of ACK sequence. We can update our view of peer tsval from a frame that is later discarded by tcp_ack() This makes timestamps enabled sessions vulnerable to injection of a high tsval : peers start an ACK storm, since the victim sends a dupack each time it receives an ACK from the other peer. As tcp_validate_incoming() is called before tcp_ack(), we should not peform tcp_replace_ts_recent() from it, and let callers do it at the right time. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Neal Cardwell <ncardwell@google.com> Cc: Yuchung Cheng <ycheng@google.com> Cc: Nandita Dukkipati <nanditad@google.com> Cc: H.K. Jerry Chu <hkchu@google.com> Cc: Romain Francoise <romain@orebokech.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/vxlan.c')
0 files changed, 0 insertions, 0 deletions