Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2e928295 authored by Linux Build Service Account's avatar Linux Build Service Account Committed by Gerrit - the friendly Code Review server
Browse files

Merge "tcp: make challenge acks less predictable"

parents 6a9cd0c6 eede2b61

net/ipv4/tcp_input.c

+10 −5
Original line number Diff line number Diff line
@@ -89,7 +89,7 @@ int sysctl_tcp_adv_win_scale __read_mostly = 1; 
EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);



/* rfc5961 challenge ack rate limiting */

int sysctl_tcp_challenge_ack_limit = 100;

int sysctl_tcp_challenge_ack_limit = 1000;



int sysctl_tcp_stdurg __read_mostly;

int sysctl_tcp_rfc1337 __read_mostly;
@@ -3428,7 +3428,7 @@ static void tcp_send_challenge_ack(struct sock *sk, const struct sk_buff *skb) 
	static u32 challenge_timestamp;

	static unsigned int challenge_count;

	struct tcp_sock *tp = tcp_sk(sk);

	u32 now;

	u32 count, now;



	/* First check our per-socket dupack rate limit. */

	if (tcp_oow_rate_limited(sock_net(sk), skb,
@@ -3436,13 +3436,18 @@ static void tcp_send_challenge_ack(struct sock *sk, const struct sk_buff *skb) 
				 &tp->last_oow_ack_time))

		return;



	/* Then check the check host-wide RFC 5961 rate limit. */

	/* Then check host-wide RFC 5961 rate limit. */

	now = jiffies / HZ;

	if (now != challenge_timestamp) {

		u32 half = (sysctl_tcp_challenge_ack_limit + 1) >> 1;



		challenge_timestamp = now;

		challenge_count = 0;

		WRITE_ONCE(challenge_count, half +

			   prandom_u32_max(sysctl_tcp_challenge_ack_limit));

	}

	if (++challenge_count <= sysctl_tcp_challenge_ack_limit) {

	count = READ_ONCE(challenge_count);

	if (count > 0) {

		WRITE_ONCE(challenge_count, count - 1);

		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK);

		tcp_send_ack(sk);

	}