From ad779e5c9c4cb5379c040b057c3346c329930afe Mon Sep 17 00:00:00 2001 From: Joel Cunningham Date: Fri, 21 Apr 2017 09:24:08 -0500 Subject: [PATCH] doc: clarify RST handling comment This clarifies the documentation around RST handling to document the approach follows RFC 5961 and is not a standards violation --- src/core/tcp_in.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/core/tcp_in.c b/src/core/tcp_in.c index 167fd527..d154f98d 100644 --- a/src/core/tcp_in.c +++ b/src/core/tcp_in.c @@ -711,10 +711,10 @@ tcp_process(struct tcp_pcb *pcb) acceptable = 1; } else if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd)) { - /* If the sequence number is inside the window, we only send an ACK + /* If the sequence number is inside the window, we send a challenge ACK and wait for a re-send with matching sequence number. - This violates RFC 793, but is required to protection against - CVE-2004-0230 (RST spoofing attack). */ + This follows RFC 5961 section 3.2 and addresses CVE-2004-0230 + (RST spoofing attack), which is present in RFC 793 RST handling. */ tcp_ack_now(pcb); } }