> So Linux is wrong if it sends RSTs in response, and discarding T/TCP
> initial data is ok.
I'll buy that. And from looking at the source, it looks like we're
already doing the right thing:
/* Now we have several options: In theory there is
* nothing else in the frame. KA9Q has an option to
* send data with the syn, BSD accepts data with the
* syn up to the [to be] advertised window and
* Solaris 2.1 gives you a protocol error. For now
* we just ignore it, that fits the spec precisely
* and avoids incompatibilities. It would be nice in
* future to drop through and process the data.
*
* Now that TTCP is starting to be used we ought to
* queue this data.
* But, this leaves one open to an easy denial of
* service attack, and SYN cookies can't defend
* against this problem. So, we drop the data
* in the interest of security over speed.
*/
goto discard;
(from net/ipv4/tcp_input.c:tcp_rcv_state_process)
IIRC, the T/TCP discussion last came up in the 1.3.x time frame, so
this has been there through a few major rewrites.
-- "Love the dolphins," she advised him. "Write by W.A.S.T.E.."
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/