Type: fix
Per rfc793, in window syns for established connections should lead to
connection resets. As a mitigation for blind reset attacks, rfc5961
requests that such syns be replied to with challange acks.
Change-Id: I75e4972bbb515e48d9cf1bda32ea5d9891d670f0
Signed-off-by: Florin Coras <fcoras@cisco.com>
/* 4th: check the SYN bit (in window) */
if (PREDICT_FALSE (tcp_syn (th0)))
{
+ /* As per RFC5961 send challenge ack instead of reset */
+ tcp_program_ack (wrk, tc0);
*error0 = TCP_ERROR_SPURIOUS_SYN;
- tcp_send_reset (tc0);
goto error;
}