TCP: check min TTL on received ICMP packets
authorstephen hemminger <shemminger@vyatta.com>
Thu, 18 Mar 2010 11:27:32 +0000 (11:27 +0000)
committerDavid S. Miller <davem@davemloft.net>
Sat, 20 Mar 2010 04:00:42 +0000 (21:00 -0700)
This adds RFC5082 checks for TTL on received ICMP packets.
It adds some security against spoofed ICMP packets
disrupting GTSM protected sessions.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/tcp_ipv4.c

index 70df40980a87a201e79f036aebabcfcc9dbb68c4..f4df5f931f364797ee99c07f2877a92d19a56276 100644 (file)
@@ -370,6 +370,11 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
        if (sk->sk_state == TCP_CLOSE)
                goto out;
 
+       if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
+               NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
+               goto out;
+       }
+
        icsk = inet_csk(sk);
        tp = tcp_sk(sk);
        seq = ntohl(th->seq);