tcp: refine SYN handling in tcp_validate_incoming

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Followup of commit 0c24604b68fc (tcp: implement RFC 5961 4.2)

As reported by Vijay Subramanian, we should send a challenge ACK
instead of a dup ack if a SYN flag is set on a packet received out of
window.

This permits the ratelimiting to work as intended, and to increase
correct SNMP counters.

Suggested-by: Vijay Subramanian <subramanian.vijay@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Vijay Subramanian <subramanian.vijay@gmail.com>
Cc: Kiran Kumar Kella <kkiran@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Eric Dumazet and committed by

David S. Miller 13 years ago e3715899 b6fe83e9

+5 -1

1 changed file

expand all

net

ipv4

tcp_input.c

+5 -1

net/ipv4/tcp_input.c

··· 5296 5296 * an acknowledgment should be sent in reply (unless the RST 5297 5297 * bit is set, if so drop the segment and return)". 5298 5298 */ 5299 - if (!th->rst) 5299 + if (!th->rst) { 5300 + if (th->syn) 5301 + goto syn_challenge; 5300 5302 tcp_send_dupack(sk, skb); 5303 + } 5301 5304 goto discard; 5302 5305 } 5303 5306 ··· 5330 5327 * RFC 5691 4.2 : Send a challenge ack 5331 5328 */ 5332 5329 if (th->syn) { 5330 + syn_challenge: 5333 5331 if (syn_inerr) 5334 5332 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS); 5335 5333 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPSYNCHALLENGE);