|
|
@@ -5815,24 +5815,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb)
|
|
|
if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
|
|
|
return 1;
|
|
|
|
|
|
- /* Now we have several options: In theory there is
|
|
|
- * nothing else in the frame. KA9Q has an option to
|
|
|
- * send data with the syn, BSD accepts data with the
|
|
|
- * syn up to the [to be] advertised window and
|
|
|
- * Solaris 2.1 gives you a protocol error. For now
|
|
|
- * we just ignore it, that fits the spec precisely
|
|
|
- * and avoids incompatibilities. It would be nice in
|
|
|
- * future to drop through and process the data.
|
|
|
- *
|
|
|
- * Now that TTCP is starting to be used we ought to
|
|
|
- * queue this data.
|
|
|
- * But, this leaves one open to an easy denial of
|
|
|
- * service attack, and SYN cookies can't defend
|
|
|
- * against this problem. So, we drop the data
|
|
|
- * in the interest of security over speed unless
|
|
|
- * it's still in use.
|
|
|
- */
|
|
|
- kfree_skb(skb);
|
|
|
+ consume_skb(skb);
|
|
|
return 0;
|
|
|
}
|
|
|
goto discard;
|
Eric Dumazet