tcp: refine SYN handling in tcp_validate_incoming
Eric Dumazet [Tue, 17 Jul 2012 12:29:30 +0000 (12:29 +0000)]
[ Upstream commit e371589917011efe6ff8c7dfb4e9e81934ac5855 ]

Followup of commit 0c24604b68fc (tcp: implement RFC 5961 4.2)

As reported by Vijay Subramanian, we should send a challenge ACK
instead of a dup ack if a SYN flag is set on a packet received out of
window.

This permits the ratelimiting to work as intended, and to increase
correct SNMP counters.

Suggested-by: Vijay Subramanian <subramanian.vijay@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Vijay Subramanian <subramanian.vijay@gmail.com>
Cc: Kiran Kumar Kella <kkiran@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

net/ipv4/tcp_input.c

index 2dc2e15..0070b9f 100644 (file)
@@ -5314,8 +5314,11 @@ static bool tcp_validate_incoming(struct sock *sk, struct sk_buff *skb,
                 * an acknowledgment should be sent in reply (unless the RST
                 * bit is set, if so drop the segment and return)".
                 */
-               if (!th->rst)
+               if (!th->rst) {
+                       if (th->syn)
+                               goto syn_challenge;
                        tcp_send_dupack(sk, skb);
+               }
                goto discard;
        }
 
@@ -5345,6 +5348,7 @@ static bool tcp_validate_incoming(struct sock *sk, struct sk_buff *skb,
         * RFC 5691 4.2 : Send a challenge ack
         */
        if (th->syn) {
+syn_challenge:
                if (syn_inerr)
                        TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
                NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPSYNCHALLENGE);