Date: Sun, 21 Jul 2024 18:44:12 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 250357] [tcp] RFC 5961 is not implemented completely Message-ID: <bug-250357-7501-POZK8bYjg5@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-250357-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-250357-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D250357 --- Comment #5 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D646c28ea80cb0f9258386626297495b5a= 0e56db5 commit 646c28ea80cb0f9258386626297495b5a0e56db5 Author: Michael Tuexen <tuexen@FreeBSD.org> AuthorDate: 2024-07-21 09:37:35 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2024-07-21 09:37:35 +0000 tcp: improve SEG.ACK validation Implement the improved SEG.ACK validation described in RFC 5961. In addition to that, also detect ghost ACKs, which are ACKs for data that has never been sent. The additional checks are enabled by default, but can be disabled by setting the sysctl-variable net.inet.tcp.insecure_ack to a non-zero value. PR: 250357 Reviewed by: Peter Lei, rscheff (older version) MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D45894 share/man/man4/tcp.4 | 5 ++++- sys/netinet/in_kdtrace.c | 2 ++ sys/netinet/in_kdtrace.h | 3 +++ sys/netinet/tcp_input.c | 44 +++++++++++++++++++++++++++++++++++++++= ++++ sys/netinet/tcp_stacks/bbr.c | 37 ++++++++++++++++++++++++++++++++++++ sys/netinet/tcp_stacks/rack.c | 39 ++++++++++++++++++++++++++++++++++++++ sys/netinet/tcp_var.h | 9 ++++++++- usr.bin/netstat/inet.c | 8 ++++++-- 8 files changed, 143 insertions(+), 4 deletions(-) --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-250357-7501-POZK8bYjg5>