Hello:
This series was applied to netdev/net.git (main)
by Jakub Kicinski <[email protected]>:
On Wed, 22 Apr 2026 20:35:37 +0800 you wrote:
> Commit 354e4aa391ed ("tcp: RFC 5961 5.2 Blind Data Injection Attack
> Mitigation") quotes RFC 5961 Section 5.2 in full, which requires
> that any incoming segment whose ACK value falls outside
> [SND.UNA - MAX.SND.WND, SND.NXT] MUST be discarded and an ACK sent
> back. Linux currently sends that challenge ACK only on the lower
> edge (SEG.ACK < SND.UNA - MAX.SND.WND); on the symmetric upper edge
> (SEG.ACK > SND.NXT) the segment is silently dropped with
> SKB_DROP_REASON_TCP_ACK_UNSENT_DATA.
>
> [...]
Here is the summary with links:
- [net,v3,1/2] tcp: send a challenge ACK on SEG.ACK > SND.NXT
https://git.kernel.org/netdev/net/c/42726ec644cb
- [net,v3,2/2] selftests/net: packetdrill: cover RFC 5961 5.2 challenge ACK
on both edges
https://git.kernel.org/netdev/net/c/cf94b3c0f052
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
