system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-11-05 18:23:50 +00:00
Code Issues Projects Releases Packages Wiki Activity
linux/net
History
Jerry Chu 37561f68bd tcp: Reject invalid ack_seq to Fast Open sockets 
A packet with an invalid ack_seq may cause a TCP Fast Open socket to switch
to the unexpected TCP_CLOSING state, triggering a BUG_ON kernel panic.

When a FIN packet with an invalid ack_seq# arrives at a socket in
the TCP_FIN_WAIT1 state, rather than discarding the packet, the current
code will accept the FIN, causing state transition to TCP_CLOSING.

This may be a small deviation from RFC793, which seems to say that the
packet should be dropped. Unfortunately I did not expect this case for
Fast Open hence it will trigger a BUG_ON panic.

It turns out there is really nothing bad about a TFO socket going into
TCP_CLOSING state so I could just remove the BUG_ON statements. But after
some thought I think it's better to treat this case like TCP_SYN_RECV
and return a RST to the confused peer who caused the unacceptable ack_seq
to be generated in the first place.

Signed-off-by: H.K. Jerry Chu <hkchu@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-10-23 02:42:56 -04:00
..
9p The following changes since commit 4cbe5a555f: 2012-10-12 09:59:23 +09:00
802
8021q vlan: allow to change type when no vlan device is hooked on netdev 2012-10-18 15:34:30 -04:00
appletalk
atm
ax25
batman-adv batman-adv: Fix potential broadcast BLA-duplicate-check race condition 2012-10-18 18:17:31 +02:00
bluetooth Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth 2012-10-15 14:34:23 -04:00
bridge
caif
can
ceph Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-14 13:39:34 -07:00
core net: fix secpath kmemleak 2012-10-22 15:16:07 -04:00
dcb
dccp
decnet
dns_resolver Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-14 13:39:34 -07:00
dsa
ethernet
ieee802154
ipv4 tcp: Reject invalid ack_seq to Fast Open sockets 2012-10-23 02:42:56 -04:00
ipv6 ipv6: addrconf: fix /proc/net/if_inet6 2012-10-16 14:41:47 -04:00
ipx
irda
iucv
key
l2tp
lapb
llc
mac80211 Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 2012-10-17 16:23:33 -04:00
mac802154
netfilter netfilter: xt_TEE: don't use destination address found in header 2012-10-17 11:00:31 +02:00
netlabel
netlink netlink: use kfree_rcu() in netlink_release() 2012-10-18 15:34:30 -04:00
netrom
nfc
openvswitch
packet
phonet
rds
rfkill
rose
rxrpc Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-14 13:39:34 -07:00
sched
sctp sctp: fix call to SCTP_CMD_PROCESS_SACK in sctp_cmd_interpreter() 2012-10-16 14:41:46 -04:00
sunrpc Merge branch 'for-3.7' of git://linux-nfs.org/~bfields/linux 2012-10-13 10:53:54 +09:00
tipc
unix
wanrouter
wimax
wireless cfg80211/mac80211: avoid state mishmash on deauth 2012-10-15 17:21:34 +02:00
x25
xfrm
compat.c
Kconfig
Makefile
nonet.c
socket.c
sysctl_net.c