Commit 97e3ecd1 authored Mar 18, 2010 by stephen hemminger Committed by David S. Miller Mar 19, 2010

TCP: check min TTL on received ICMP packets



This adds RFC5082 checks for TTL on received ICMP packets.
It adds some security against spoofed ICMP packets
disrupting GTSM protected sessions.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 10414444

net/ipv4/tcp_ipv4.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -370,6 +370,11 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
		if (sk->sk_state == TCP_CLOSE)
		goto out;

		if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
		NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
		goto out;
		}

		icsk = inet_csk(sk);
		tp = tcp_sk(sk);
		seq = ntohl(th->seq);