Diffusion FreeBSD src repository 646c28ea80cb

tcp: improve SEG.ACK validation
646c28ea80cb
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

tcp: improve SEG.ACK validation

Implement the improved SEG.ACK validation described in RFC 5961.
In addition to that, also detect ghost ACKs, which are ACKs for data
that has never been sent.
The additional checks are enabled by default, but can be disabled
by setting the sysctl-variable net.inet.tcp.insecure_ack to a
non-zero value.

PR: 250357
Reviewed by: Peter Lei, rscheff (older version)
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D45894

Details

Provenance

Authored on Jul 21 2024, 9:37 AM

Reviewer

Differential Revision

D45894: tcp: improve SEG.ACK validation

Parents

rG1cbd613f3343: db_pprint: Properly handle complex pointer types

Branches

Unknown

Tags

Unknown

Event Timeline

tuexen committed rG646c28ea80cb: tcp: improve SEG.ACK validation (authored by tuexen).Jul 21 2024, 9:37 AM

tuexen mentioned this in D45894: tcp: improve SEG.ACK validation.Jul 22 2024, 5:19 PM

tuexen added an edge: D45894: tcp: improve SEG.ACK validation.Jul 23 2024, 5:26 PM

tuexen mentioned this in rG52eacec95d54: tcp: fix t_flags2 collision.Aug 3 2024, 7:55 PM

tuexen mentioned this in rG1ce8cf6f7bdf: tcp: improve SEG.ACK validation.Aug 3 2024, 11:06 PM

tuexen mentioned this in rGf7425802933f: tcp: fix t_flags2 collision.Aug 10 2024, 10:29 AM

Changes (8)

Path

Size

share/

man/

man4/

sys/

netinet/

tcp_stacks/

usr.bin/

netstat/

rG646c28ea80cb

share/man/man4/tcp.4

Loading...

sys/netinet/in_kdtrace.c

Loading...

sys/netinet/in_kdtrace.h

Loading...

sys/netinet/tcp_input.c

Loading...

sys/netinet/tcp_stacks/bbr.c

Loading...

sys/netinet/tcp_stacks/rack.c

Loading...

sys/netinet/tcp_var.h

Loading...

usr.bin/netstat/inet.c

Loading...