projects
/
GitHub
/
LineageOS
/
android_kernel_motorola_exynos9610.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
1041444
)
TCP: check min TTL on received ICMP packets
author
stephen hemminger
<shemminger@vyatta.com>
Thu, 18 Mar 2010 11:27:32 +0000
(11:27 +0000)
committer
David S. Miller
<davem@davemloft.net>
Sat, 20 Mar 2010 04:00:42 +0000
(21:00 -0700)
This adds RFC5082 checks for TTL on received ICMP packets.
It adds some security against spoofed ICMP packets
disrupting GTSM protected sessions.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/tcp_ipv4.c
patch
|
blob
|
blame
|
history
diff --git
a/net/ipv4/tcp_ipv4.c
b/net/ipv4/tcp_ipv4.c
index 70df40980a87a201e79f036aebabcfcc9dbb68c4..f4df5f931f364797ee99c07f2877a92d19a56276 100644
(file)
--- a/
net/ipv4/tcp_ipv4.c
+++ b/
net/ipv4/tcp_ipv4.c
@@
-370,6
+370,11
@@
void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
if (sk->sk_state == TCP_CLOSE)
goto out;
+ if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
+ NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
+ goto out;
+ }
+
icsk = inet_csk(sk);
tp = tcp_sk(sk);
seq = ntohl(th->seq);