Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1983ec4a authored by Linux Build Service Account's avatar Linux Build Service Account Committed by Gerrit - the friendly Code Review server
Browse files

Merge "tcp: make challenge acks less predictable"

parents d1caeacb a89be1d9

net/ipv4/tcp_input.c

+11 −4
Original line number Diff line number Diff line
@@ -88,7 +88,7 @@ int sysctl_tcp_adv_win_scale __read_mostly = 1; 
EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);



/* rfc5961 challenge ack rate limiting */

int sysctl_tcp_challenge_ack_limit = 100;

int sysctl_tcp_challenge_ack_limit = 1000;



int sysctl_tcp_stdurg __read_mostly;

int sysctl_tcp_rfc1337 __read_mostly;
@@ -3325,13 +3325,20 @@ static void tcp_send_challenge_ack(struct sock *sk) 
	/* unprotected vars, we dont care of overwrites */

	static u32 challenge_timestamp;

	static unsigned int challenge_count;

	u32 now = jiffies / HZ;

	u32 count, now;



	/* Check host-wide RFC 5961 rate limit. */

	now = jiffies / HZ;

	if (now != challenge_timestamp) {

		u32 half = (sysctl_tcp_challenge_ack_limit + 1) >> 1;



		challenge_timestamp = now;

		challenge_count = 0;

		WRITE_ONCE(challenge_count, half +

			   prandom_u32_max(sysctl_tcp_challenge_ack_limit));

	}

	if (++challenge_count <= sysctl_tcp_challenge_ack_limit) {

	count = READ_ONCE(challenge_count);

	if (count > 0) {

		WRITE_ONCE(challenge_count, count - 1);

		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK);

		tcp_send_ack(sk);

	}