diff options
| author | Xin Long <lucien.xin@gmail.com> | 2017-04-15 22:00:28 +0800 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-04-18 13:39:50 -0400 |
| commit | d0f025e611581169c81e3c0fc44b5133d12748dd (patch) | |
| tree | a4328d92cba9958abe1472ba10d2f91423d57201 /net/bpf | |
| parent | e4dc99c7c21ba456fd72a70ada5d8d5f3850bcf5 (diff) | |
| download | talos-obmc-linux-d0f025e611581169c81e3c0fc44b5133d12748dd.tar.gz talos-obmc-linux-d0f025e611581169c81e3c0fc44b5133d12748dd.zip | |
sctp: process duplicated strreset in and addstrm in requests correctly
This patch is to fix the replay attack issue for strreset and addstrm in
requests.
When a duplicated strreset in or addstrm in request is received, reply it
with bad seqno if it's seqno < asoc->strreset_inseq - 2, and reply it with
the result saved in asoc if it's seqno >= asoc->strreset_inseq - 2.
For strreset in or addstrm in request, if the receiver side processes it
successfully, a strreset out or addstrm out request(as a response for that
request) will be sent back to peer. reconf_time will retransmit the out
request even if it's lost.
So when receiving a duplicated strreset in or addstrm in request and it's
result was performed, it shouldn't reply this request, but drop it instead.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bpf')
0 files changed, 0 insertions, 0 deletions
