diff options
| author | David S. Miller <davem@davemloft.net> | 2018-07-23 21:01:36 +0200 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2018-07-23 21:01:48 +0200 |
| commit | 1a4f14bab1868b443f0dd3c55b689a478f82e72e (patch) | |
| tree | 67c0e66dbb4895d1c03116df3a63896c67431680 /kernel | |
| parent | ip: hash fragments consistently (diff) | |
| parent | tcp: add tcp_ooo_try_coalesce() helper (diff) | |
| download | linux-1a4f14bab1868b443f0dd3c55b689a478f82e72e.tar.xz linux-1a4f14bab1868b443f0dd3c55b689a478f82e72e.zip | |
Merge branch 'tcp-robust-ooo'
Eric Dumazet says:
====================
Juha-Matti Tilli reported that malicious peers could inject tiny
packets in out_of_order_queue, forcing very expensive calls
to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for
every incoming packet.
With tcp_rmem[2] default of 6MB, the ooo queue could
contain ~7000 nodes.
This patch series makes sure we cut cpu cycles enough to
render the attack not critical.
We might in the future go further, like disconnecting
or black-holing proven malicious flows.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel')
0 files changed, 0 insertions, 0 deletions