mirror/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
953af8e3acb68d2db11937cec3bc5da31de5c12e
linux/include/net
History
Dmitry Safonov 953af8e3ac net/tcp: Ignore specific ICMPs for TCP-AO connections 
Similarly to IPsec, RFC5925 prescribes:
  ">> A TCP-AO implementation MUST default to ignore incoming ICMPv4
  messages of Type 3 (destination unreachable), Codes 2-4 (protocol
  unreachable, port unreachable, and fragmentation needed -- ’hard
  errors’), and ICMPv6 Type 1 (destination unreachable), Code 1
  (administratively prohibited) and Code 4 (port unreachable) intended
  for connections in synchronized states (ESTABLISHED, FIN-WAIT-1, FIN-
  WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK, TIME-WAIT) that match MKTs."

A selftest (later in patch series) verifies that this attack is not
possible in this TCP-AO implementation.

Co-developed-by: Francesco Ruggeri <fruggeri@arista.com>
Signed-off-by: Francesco Ruggeri <fruggeri@arista.com>
Co-developed-by: Salam Noureddine <noureddine@arista.com>
Signed-off-by: Salam Noureddine <noureddine@arista.com>
Signed-off-by: Dmitry Safonov <dima@arista.com>
Acked-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-10-27 10:35:45 +01:00
..
9p
9p: Add additional debug flags and open modes
2023-03-27 02:33:48 +00:00
bluetooth
Bluetooth: Make handle of hci_conn be unique
2023-10-23 11:03:20 -07:00
caif
net: caif: Remove unused declaration cfsrvl_ctrlcmd()
2023-08-10 18:24:48 -07:00
iucv
net/af_iucv: Use struct_group() to zero struct iucv_sock region
2021-11-19 11:52:25 +00:00
mana
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-10-05 13:16:47 -07:00
netfilter
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-10-26 13:46:28 -07:00
netns
netfilter: conntrack: switch connlabels to atomic_t
2023-10-24 13:16:30 +02:00
nfc
NFC: add NCI_UNREG flag to eliminate the race
2021-11-17 20:17:05 -08:00
page_pool
page_pool: update document about fragment API
2023-10-23 19:14:49 -07:00
phonet
net: ioctl: Use kernel memory on protocol ioctl callbacks
2023-06-15 22:33:26 -07:00
sctp
sctp: Remove unused declaration sctp_backlog_migrate()
2023-08-10 19:31:52 -07:00
tc_act
sched: act_ct: switch to per-action label counting
2023-10-25 10:24:04 +01:00
6lowpan.h
act_api.h
net/sched: Rename user cookie and act cookie
2023-02-20 16:46:10 -08:00
addrconf.h
ipv6: constify inet6_mc_check()
2023-03-17 08:56:37 +00:00
af_ieee802154.h
af_rxrpc.h
rxrpc: Fix timeout of a call that hasn't yet been granted a channel
2023-05-01 07:43:19 +01:00
af_unix.h
af_unix: preserve const qualifier in unix_sk()
2023-03-18 12:23:33 +00:00
af_vsock.h
vsock: check for MSG_ZEROCOPY support on send
2023-10-15 13:19:42 +01:00
ah.h
amt.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
arp.h
neighbour: switch to standard rcu, instead of rcu_bh
2023-03-21 21:32:18 -07:00
atmclip.h
ax25.h
x25: preserve const qualifier in [a]x25_sk()
2023-03-18 12:23:34 +00:00
ax88796.h
ax88796: Fix some typo in a comment
2022-08-09 22:14:02 -07:00
bareudp.h
bareudp: Move definition of struct bareudp_conf to bareudp.c
2021-12-13 12:34:09 +00:00
bond_3ad.h
bonding: 3ad: Remove unused declaration bond_3ad_update_lacp_active()
2023-07-28 18:06:30 -07:00
bond_alb.h
bonding (gcc13): synchronize bond_{a,t}lb_xmit() types
2022-11-02 20:38:13 -07:00
bond_options.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
bonding.h
bonding: fix macvlan over alb bond support
2023-08-24 10:07:13 +02:00
bpf_sk_storage.h
bpf: struct sock is declared twice in bpf_sk_storage header
2021-03-26 17:43:55 +01:00
busy_poll.h
net: invert the netdevice.h vs xdp.h dependency
2023-08-03 08:38:07 -07:00
calipso.h
cfg80211-wext.h
wifi: cfg80211: Avoid clashing function prototypes
2022-11-16 11:31:47 +02:00
cfg80211.h
wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient
2023-10-23 12:50:44 +02:00
cfg802154.h
net: cfg802154: fix kernel-doc notation warnings
2023-07-14 20:39:29 -07:00
checksum.h
net: checksum: drop the linux/uaccess.h include
2023-01-27 11:19:46 +00:00
cipso_ipv4.h
cls_cgroup.h
codel_impl.h
codel: remove unnecessary sock.h include
2021-12-22 15:03:47 -08:00
codel_qdisc.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
codel.h
codel: fix kernel-doc notation warnings
2023-07-14 20:39:29 -07:00
compat.h
net: copy from user before calling __get_compat_msghdr
2022-07-24 18:39:17 -06:00
datalink.h
net: datalink: Remove unused declarations
2023-07-27 17:17:32 -07:00
dcbevent.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
dcbnl.h
net: dcb: add helper functions to retrieve PCP and DSCP rewrite maps
2023-01-20 09:33:22 +00:00
devlink.h
devlink: convert most of devlink_fmsg_*() to return void
2023-10-20 11:34:51 +01:00
dropreason-core.h
net/tcp: Add TCP-AO segments counters
2023-10-27 10:35:45 +01:00
dropreason.h
net: openvswitch: add last-action drop reason
2023-08-14 08:01:06 +01:00
dsa_stubs.h
net: dsa: Use conduit and user terms
2023-10-24 13:08:14 -07:00
dsa.h
net: dsa: Use conduit and user terms
2023-10-24 13:08:14 -07:00
dsfield.h
dst_cache.h
wireguard: device: reset peer src endpoint when netns exits
2021-11-29 19:50:45 -08:00
dst_metadata.h
xfrm: interface: Add unstable helpers for setting/getting XFRM metadata from TC-BPF
2022-12-05 21:58:27 -08:00
dst_ops.h
net: remove unnecessary input parameter 'how' in ifdown function
2023-08-22 13:19:02 +02:00
dst.h
ipv6: drop feature RTAX_FEATURE_ALLFRAG
2023-10-25 18:04:29 -07:00
erspan.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
esp.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
espintcp.h
ethoc.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
failover.h
net: failover: add net device refcount tracker
2021-12-06 16:06:02 -08:00
fib_notifier.h
fib_rules.h
fib: expand fib_rule_policy
2021-12-16 07:18:35 -08:00
firewire.h
firewire: net: Make use of get_unaligned_be48(), put_unaligned_be48()
2022-07-28 22:21:54 -07:00
flow_dissector.h
net: flow_dissector: Add IPSEC dissector
2023-08-02 10:09:31 +01:00
flow_offload.h
flow_offload: Annotate struct flow_action_entry with __counted_by
2023-10-06 11:37:02 +01:00
flow.h
ipv4: Drop tos parameter from flowi4_update_output()
2023-06-02 10:52:38 +01:00
fou.h
bpf,fou: Add bpf_skb_{set,get}_fou_encap kfuncs
2023-04-12 16:40:39 -07:00
fq_impl.h
wifi: mac80211: add support for restricting netdev features per vif
2022-12-01 15:09:10 +01:00
fq.h
net: fq: Remove unused typedef fq_flow_get_default_t
2023-08-08 15:58:23 -07:00
garp.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
gen_stats.h
net: sched: Remove Qdisc::running sequence counter
2021-10-18 12:54:41 +01:00
genetlink.h
genetlink: add genlmsg_iput() API
2023-08-15 15:01:03 -07:00
geneve.h
net: geneve: fix array of flexible structures warnings
2022-10-31 10:43:04 +00:00
gre.h
ip_gre: add csum offload support for gre header
2021-01-29 20:39:14 -08:00
gro_cells.h
gro.h
net: gro: fix misuse of CB in udp socket lookup
2023-07-29 17:10:27 +01:00
gso.h
net: move gso declarations and functions to their own files
2023-06-10 00:11:41 -07:00
gtp.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
gue.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
handshake.h
net/handshake: Add helpers for parsing incoming TLS Alerts
2023-07-28 14:07:59 -07:00
hwbm.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
icmp.h
ipv6: ICMPV6: add response to ICMPV6 RFC 8335 PROBE messages
2021-06-28 14:29:45 -07:00
ieee80211_radiotap.h
wifi: radiotap: add bandwidth definition of EHT U-SIG
2023-10-12 15:14:27 +03:00
ieee802154_netdev.h
mac802154: Handle received BEACON_REQ
2023-03-23 21:51:30 +01:00
if_inet6.h
ipv6: Annotate struct ip6_sf_socklist with __counted_by
2023-10-02 11:24:52 -07:00
ife.h
inet6_connection_sock.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
inet6_hashtables.h
net: Fix slab-out-of-bounds in inet[6]_steal_sock
2023-08-15 13:57:51 -07:00
inet_common.h
net: factor out __inet_listen_sk() helper
2023-08-14 07:06:13 +01:00
inet_connection_sock.h
ipv6: drop feature RTAX_FEATURE_ALLFRAG
2023-10-25 18:04:29 -07:00
inet_dscp.h
ipv6: Define dscp_t and stop taking ECN bits into account in fib6-rules
2022-02-07 20:12:45 -08:00
inet_ecn.h
net: add skb_get_dsfield() helper
2021-10-15 11:33:08 +01:00
inet_frag.h
inet: frags: eliminate kernel-doc warning
2023-07-14 20:39:29 -07:00
inet_hashtables.h
net: Fix slab-out-of-bounds in inet[6]_steal_sock
2023-08-15 13:57:51 -07:00
inet_sock.h
ipv6: drop feature RTAX_FEATURE_ALLFRAG
2023-10-25 18:04:29 -07:00
inet_timewait_sock.h
tcp: add support for usec resolution in TCP TS values
2023-10-23 09:35:01 +01:00
inetpeer.h
ioam6.h
treewide: Replace zero-length arrays with flexible-array members
2022-02-17 07:00:39 -06:00
ip6_checksum.h
net: move gro definitions to include/net/gro.h
2021-11-16 13:16:54 +00:00
ip6_fib.h
net: fib: avoid warn splat in flow dissector
2023-08-31 12:33:03 +02:00
ip6_route.h
ipv6: lockless IPV6_ADDR_PREFERENCES implementation
2023-09-19 18:21:44 +02:00
ip6_tunnel.h
ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
2022-04-25 11:40:45 +01:00
ip_fib.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-10-05 13:16:47 -07:00
ip_tunnels.h
ip_tunnels: use DEV_STATS_INC()
2023-09-06 06:05:59 +01:00
ip_vs.h
ipvs: Correct spelling in comments
2023-04-22 01:39:41 +02:00
ip.h
inet: lock the socket in ip_sock_set_tos()
2023-10-19 13:13:13 +02:00
ipcomp.h
xfrm: ipcomp: add extack to ipcomp{4,6}_init_state
2022-09-29 07:18:00 +02:00
ipconfig.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
ipv6_frag.h
net: dropreason: add SKB_DROP_REASON_FRAG_REASM_TIMEOUT
2022-10-31 20:14:27 -07:00
ipv6_stubs.h
bpf: Derive source IP addr via bpf_*_fib_lookup()
2023-10-09 16:28:35 -07:00
ipv6.h
ipv6: rename and move ip6_dst_lookup_tunnel()
2023-10-23 08:48:57 +01:00
iw_handler.h
wifi: wext: Remove unused declaration dev_get_wireless_info()
2023-08-22 21:40:40 +02:00
kcm.h
kcm: Send multiple frags in one sendmsg()
2023-06-12 21:13:23 -07:00
l3mdev.h
lag.h
lapb.h
net: lapb: Make "lapb_t1timer_running" able to detect an already running timer
2021-03-23 14:14:50 -07:00
lib80211.h
llc_c_ac.h
net: llc: Remove unused function declarations
2023-08-04 15:33:17 -07:00
llc_c_ev.h
net: llc: Remove unused function declarations
2023-08-04 15:33:17 -07:00
llc_c_st.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
llc_conn.h
llc: Check netns in llc_estab_match() and llc_listener_match().
2023-07-20 10:46:28 +02:00
llc_if.h
llc/snap: constify dev_addr passing
2021-10-13 09:40:46 -07:00
llc_pdu.h
net: llc: fix kernel-doc notation warnings
2023-07-14 20:39:29 -07:00
llc_s_ac.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
llc_s_ev.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
llc_s_st.h
add missing includes and forward declarations to networking includes under linux/
2022-07-28 11:29:36 +02:00
llc_sap.h
llc.h
llc: fix out-of-bound array index in llc_sk_dev_hash()
2021-11-07 19:25:29 +00:00
lwtunnel.h
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
2023-08-18 16:05:26 +02:00
mac80211.h
wifi: mac80211: rename ieee80211_tx_status() to ieee80211_tx_status_skb()
2023-10-23 12:26:51 +02:00
mac802154.h
mac802154: Drop IEEE802154_HW_RX_DROP_BAD_CKSUM
2022-10-12 12:57:19 +02:00
macsec.h
net: macsec: indicate next pn update when offloading
2023-10-10 10:30:30 +02:00
mctp.h
mctp: Reorder fields in 'struct mctp_route'
2023-06-20 20:06:16 -07:00
mctpdevice.h
mctp: Pass flow data & flow release events to drivers
2021-10-29 13:23:51 +01:00
mip6.h
mld.h
mld: add new workqueues for process mld events
2021-03-26 15:14:56 -07:00
mpls_iptunnel.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
mpls.h
mptcp.h
mptcp: add struct mptcp_sched_ops
2023-08-22 17:31:18 -07:00
mrp.h
mrp: introduce active flags to prevent UAF when applicant uninit
2022-11-18 12:14:55 +00:00
ncsi.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
ndisc.h
ndisc: Remove unused ndisc_ifinfo_sysctl_strategy() declaration
2023-08-07 08:53:55 +01:00
neighbour.h
neighbour: fix data-races around n->output
2023-10-01 17:14:37 +01:00
net_debug.h
net: add CONFIG_DEBUG_NET
2022-05-11 12:43:10 +01:00
net_failover.h
net_namespace.h
net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu()
2023-10-18 09:23:01 +01:00
net_ratelimit.h
net_trackers.h
net: add networking namespace refcount tracker
2021-12-10 06:38:26 -08:00
netdev_queues.h
net: add macro netif_subqueue_completed_wake
2023-04-18 12:59:01 +02:00
netdev_rx_queue.h
net: move struct netdev_rx_queue out of netdevice.h
2023-08-03 08:38:07 -07:00
netevent.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
netkit.h
netkit, bpf: Add bpf programmable net device
2023-10-24 16:06:03 -07:00
netlabel.h
netlink.h
netlink: make range pointers in policies const
2023-10-26 16:24:09 -07:00
netprio_cgroup.h
netrom.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
nexthop.h
nexthop: Annotate struct nh_group with __counted_by
2023-10-06 10:50:34 +01:00
nl802154.h
ieee802154: Add support for user beaconing requests
2023-01-28 13:51:22 +01:00
nsh.h
net: NSH: fix kernel-doc notation warning
2023-07-14 20:39:29 -07:00
p8022.h
net: 802: Remove unused function declarations
2023-08-04 15:33:50 -07:00
pie.h
pie: fix kernel-doc notation warning
2023-07-14 20:39:30 -07:00
ping.h
net/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294
2023-06-02 09:55:22 +01:00
pkt_cls.h
net, sched: Make tc-related drop reason more flexible
2023-10-16 10:07:36 -07:00
pkt_sched.h
net_sched: constify qdisc_priv()
2023-10-01 13:20:36 +01:00
pptp.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
protocol.h
tcp/udp: Make early_demux back namespacified.
2022-07-15 18:50:35 -07:00
psample.h
psample: Add a fwd declaration for skbuff
2021-08-09 15:34:21 -07:00
psnap.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
raw.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-04-06 12:01:20 -07:00
rawv6.h
ipv6: raw: constify raw_v6_match() socket argument
2023-03-17 08:56:37 +00:00
red.h
treewide: use get_random_u32() when possible
2022-10-11 17:42:58 -06:00
regulatory.h
wifi: cfg80211: save power spectral density(psd) of regulatory rule
2023-09-18 09:44:05 +02:00
request_sock.h
tcp: Use BPF timeout setting for SYN ACK RTO
2022-02-02 14:45:18 +00:00
rose.h
net: rose: add netdev ref tracker to 'struct rose_sock'
2022-08-01 11:59:23 -07:00
route.h
ipv4: rename and move ip_route_output_tunnel()
2023-10-16 09:57:52 +01:00
rpl.h
ipv6: rpl: Remove pskb(_may)?_pull() in ipv6_rpl_srh_rcv().
2023-06-19 11:32:58 -07:00
rsi_91x.h
rsi: remove kernel-doc comment marker
2023-07-14 20:39:30 -07:00
rtnetlink.h
net: validate veth and vxcan peer ifindexes
2023-08-20 11:40:03 +01:00
rtnh.h
sch_generic.h
net, sched: Make tc-related drop reason more flexible
2023-10-16 10:07:36 -07:00
scm.h
af_unix: Fix msg_controllen test in scm_pidfd_recv() for MSG_CMSG_COMPAT.
2023-09-04 11:00:17 +01:00
secure_seq.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
seg6_hmac.h
seg6_local.h
seg6.h
udp6: Use Segment Routing Header for dest address if present
2022-01-04 12:17:35 +00:00
selftests.h
net: selftest: fix build issue if INET is disabled
2021-04-28 14:06:45 -07:00
slhc_vj.h
smc.h
net/smc: Introduce explicit check for v2 support
2023-03-15 08:18:35 +00:00
snmp.h
sock_reuseport.h
soreuseport: Fix socket selection for SO_INCOMING_CPU.
2022-10-25 11:35:16 +02:00
sock.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-10-19 13:29:01 -07:00
Space.h
net: appletalk: remove cops support
2023-10-04 11:49:20 -07:00
stp.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
strparser.h
tls: rx: remove the message decrypted tracking
2022-07-18 11:24:10 +01:00
switchdev.h
net: switchdev: Remove unused declaration switchdev_port_fwd_mark_set()
2023-08-09 13:12:15 -07:00
tc_wrapper.h
net/sched: Retire rsvp classifier
2023-02-16 09:27:07 +01:00
tcp_ao.h
net/tcp: Ignore specific ICMPs for TCP-AO connections
2023-10-27 10:35:45 +01:00
tcp_states.h
tcp.h
net/tcp: Add tcp_hash_fail() ratelimited logs
2023-10-27 10:35:45 +01:00
tcx.h
bpf, tcx: Get rid of tcx_link_const
2023-10-23 15:01:53 -07:00
timewait_sock.h
tipc.h
tls_prot.h
net/tls: Add TLS Alert definitions
2023-07-28 14:07:59 -07:00
tls_toe.h
tls.h
tls: use fixed size for tls_offload_context_{tx,rx}.driver_state
2023-10-13 11:26:10 +01:00
transp_v6.h
inet6: Remove unused function declaration udpv6_connect()
2023-08-01 15:06:27 -07:00
tso.h
net: tso: inline tso_count_descs()
2022-12-12 15:04:39 -08:00
tun_proto.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
udp_tunnel.h
ipv6: add new arguments to udp_tunnel6_dst_lookup()
2023-10-23 08:48:57 +01:00
udp.h
udp/udplite: Remove unused function declarations udp{,lite}_get_port()
2023-08-07 08:53:55 +01:00
udplite.h
udplite: fix various data-races
2023-09-14 16:16:36 +02:00
vsock_addr.h
vxlan.h
vxlan: Fix nexthop hash size
2023-08-02 10:58:26 +01:00
wext.h
x25.h
x25: preserve const qualifier in [a]x25_sk()
2023-03-18 12:23:34 +00:00
x25device.h
xdp_priv.h
net: add missing includes and forward declarations under net/
2022-07-22 12:53:22 +01:00
xdp_sock_drv.h
xsk: support mbuf on ZC RX
2023-07-19 09:56:49 -07:00
xdp_sock.h
xsk: Avoid starving the xsk further down the list
2023-10-24 11:55:36 +02:00
xdp.h
bpf: expose information about supported xdp metadata kfunc
2023-09-15 11:26:58 -07:00
xfrm.h
ipv6: lockless IPV6_DONTFRAG implementation
2023-09-15 10:33:47 +01:00
xsk_buff_pool.h
xsk: support mbuf on ZC RX
2023-07-19 09:56:49 -07:00