android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a26552afe8
android_kernel_samsung_sm8650/include
History
Hannes Frederic Sowa a26552afe8 tcp: don't allow syn packets without timestamps to pass tcp_tw_recycle logic 
tcp_tw_recycle heavily relies on tcp timestamps to build a per-host
ordering of incoming connections and teardowns without the need to
hold state on a specific quadruple for TCP_TIMEWAIT_LEN, but only for
the last measured RTO. To do so, we keep the last seen timestamp in a
per-host indexed data structure and verify if the incoming timestamp
in a connection request is strictly greater than the saved one during
last connection teardown. Thus we can verify later on that no old data
packets will be accepted by the new connection.

During moving a socket to time-wait state we already verify if timestamps
where seen on a connection. Only if that was the case we let the
time-wait socket expire after the RTO, otherwise normal TCP_TIMEWAIT_LEN
will be used. But we don't verify this on incoming SYN packets. If a
connection teardown was less than TCP_PAWS_MSL seconds in the past we
cannot guarantee to not accept data packets from an old connection if
no timestamps are present. We should drop this SYN packet. This patch
closes this loophole.

Please note, this patch does not make tcp_tw_recycle in any way more
usable but only adds another safety check:
Sporadic drops of SYN packets because of reordering in the network or
in the socket backlog queues can happen. Users behing NAT trying to
connect to a tcp_tw_recycle enabled server can get caught in blackholes
and their connection requests may regullary get dropped because hosts
behind an address translator don't have synchronized tcp timestamp clocks.
tcp_tw_recycle cannot work if peers don't have tcp timestamps enabled.

In general, use of tcp_tw_recycle is disadvised.

Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-14 14:38:54 -07:00
..
acpi ACPI and power management updates for 3.17-rc1 2014-08-06 20:34:19 -07:00
asm-generic This is the bulk of GPIO changes for the v3.17 development 2014-08-08 18:00:35 -07:00
clocksource ARM: pxa: Add non device-tree timer link to clocksource 2014-07-23 12:02:39 +02:00
crypto Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2014-08-06 08:06:39 -07:00
drm Merge branch 'linux-3.17' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 2014-08-09 17:46:39 -07:00
dt-bindings Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2014-08-11 07:14:01 -07:00
keys Merge remote-tracking branch 'integrity/next-with-keys' into keys-next 2014-07-22 21:54:43 +01:00
kvm KVM: ARM: vgic: add the GICv3 backend 2014-07-11 04:57:36 -07:00
linux Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-08-13 18:27:40 -06:00
math-emu
media [media] media: atmel-isi: add v4l2 async probe support 2014-07-30 19:35:06 -03:00
memory
misc
net tcp: don't allow syn packets without timestamps to pass tcp_tw_recycle logic 2014-08-14 14:38:54 -07:00
pcmcia
ras
rdma
rxrpc
scsi lib/scatterlist: make ARCH_HAS_SG_CHAIN an actual Kconfig 2014-08-08 15:57:26 -07:00
soc/tegra ARM: tegra: Convert PMC to a driver 2014-07-17 14:58:43 +02:00
sound ASoC: Updates for v3.17 2014-08-04 18:28:21 +02:00
target
trace Nicolas Pitre added generic tracepoints for tracing IPIs and updated the 2014-08-09 17:33:44 -07:00
uapi Merge branch 'linux-3.17' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 2014-08-09 17:46:39 -07:00
video fbdev changes for 3.17 2014-08-08 18:09:33 -07:00
xen - Remove unused V2 grant table support. 2014-08-07 11:33:15 -07:00
Kbuild