Re: [PATCH net v3 0/2] tcp: symmetric challenge ACK for SEG.ACK > SND.NXT

Next message: patchwork-bot+netdevbpf: "Re: [PATCH v3] llc: Return -EINPROGRESS from llc_ui_connect()"
Previous message: David Matlack: "Re: [PATCH 1/2] liveupdate: Use refcount_t for FLB reference counts"
In reply to: Jiayuan Chen: "[PATCH net v3 2/2] selftests/net: packetdrill: cover RFC 5961 5.2 challenge ACK on both edges"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: patchwork-bot+netdevbpf

Date: Thu Apr 23 2026 - 14:50:53 EST

Hello:

This series was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@xxxxxxxxxx>:

On Wed, 22 Apr 2026 20:35:37 +0800 you wrote:
> Commit 354e4aa391ed ("tcp: RFC 5961 5.2 Blind Data Injection Attack
> Mitigation") quotes RFC 5961 Section 5.2 in full, which requires
> that any incoming segment whose ACK value falls outside
> [SND.UNA - MAX.SND.WND, SND.NXT] MUST be discarded and an ACK sent
> back. Linux currently sends that challenge ACK only on the lower
> edge (SEG.ACK < SND.UNA - MAX.SND.WND); on the symmetric upper edge
> (SEG.ACK > SND.NXT) the segment is silently dropped with
> SKB_DROP_REASON_TCP_ACK_UNSENT_DATA.
>
> [...]

Here is the summary with links:
- [net,v3,1/2] tcp: send a challenge ACK on SEG.ACK > SND.NXT
https://git.kernel.org/netdev/net/c/42726ec644cb
- [net,v3,2/2] selftests/net: packetdrill: cover RFC 5961 5.2 challenge ACK on both edges
https://git.kernel.org/netdev/net/c/cf94b3c0f052

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html