github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
42726ec644
linux/tools/testing
History
Jiayuan Chen 42726ec644 tcp: send a challenge ACK on SEG.ACK > SND.NXT 
RFC 5961 Section 5.2 validates an incoming segment's ACK value
against the range [SND.UNA - MAX.SND.WND, SND.NXT] and states:

  "All incoming segments whose ACK value doesn't satisfy the above
   condition MUST be discarded and an ACK sent back."

Commit 354e4aa391 ("tcp: RFC 5961 5.2 Blind Data Injection Attack
Mitigation") opted Linux into this mitigation and implements the
challenge ACK on the lower side (SEG.ACK < SND.UNA - MAX.SND.WND),
but the symmetric upper side (SEG.ACK > SND.NXT) still takes the
pre-RFC-5961 path and silently returns
SKB_DROP_REASON_TCP_ACK_UNSENT_DATA, even though RFC 793 Section 3.9
(now RFC 9293 Section 3.10.7.4) has always required:

  "If the ACK acknowledges something not yet sent (SEG.ACK > SND.NXT)
   then send an ACK, drop the segment, and return."

Complete the mitigation by sending a challenge ACK on that branch,
reusing the existing tcp_send_challenge_ack() path which already
enforces the per-socket RFC 5961 Section 7 rate limit via
__tcp_oow_rate_limited().  FLAG_NO_CHALLENGE_ACK is honoured for
symmetry with the lower-edge case.

Update the existing tcp_ts_recent_invalid_ack.pkt selftest, which
drives this exact path, to consume the new challenge ACK.

Fixes: 354e4aa391 ("tcp: RFC 5961 5.2 Blind Data Injection Attack Mitigation")
Signed-off-by: Jiayuan Chen <jiayuan.chen@linux.dev>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20260422123605.320000-2-jiayuan.chen@linux.dev
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-04-23 11:04:00 -07:00
..
crypto/chacha20-s390
cxl cxl changes for v7.0 2026-02-12 16:33:05 -08:00
fault-injection
ktest ktest.pl: Fix uninitialized var in config-bisect.pl 2025-12-03 18:25:18 -05:00
kunit linux_kselftest-kunit-7.1-rc1 2026-04-14 17:39:42 -07:00
memblock memblock: drop redundant 'struct page *' argument from memblock_free_pages() 2026-01-09 11:53:51 +02:00
nvdimm tools/testing/nvdimm: Use per-DIMM device handle 2025-11-03 16:47:13 -06:00
radix-tree idr: fix idr_alloc() returning an ID out of range 2025-12-23 11:23:11 -08:00
rbtree
scatterlist mm: remove nth_page() 2025-09-21 14:22:10 -07:00
selftests tcp: send a challenge ACK on SEG.ACK > SND.NXT 2026-04-23 11:04:00 -07:00
shared tools: Update context analysis macros in compiler_types.h 2026-01-28 09:25:45 +01:00
vma tools/testing/vma: add VMA userland tests for VMA flag functions 2026-02-12 15:42:59 -08:00
vsock vsock/test: add MSG_PEEK after partial recv test 2026-04-16 19:34:22 -07:00