From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Fri, 31 Aug 2012 09:55:54 +0000 (+0000)
Subject: netfilter: Validate the sequence number of dataless ACK packets as well
X-Git-Tag: v3.6-rc6~18^2~14^2~1
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a70bbfaef0361d27272629d1a250a937edcafe4;p=pandora-kernel.git

netfilter: Validate the sequence number of dataless ACK packets as well

We spare nothing by not validating the sequence number of dataless
ACK packets and enabling it makes harder off-path attacks.

See: "Reflection scan: an Off-Path Attack on TCP" by Jan Wrobel,
http://arxiv.org/abs/1201.2074

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

Reading git-diff-tree failed