| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Jul 2016 14:18:42 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: jbaron@...mai.com
Cc: edumazet@...gle.com, netdev@...r.kernel.org, ncardwell@...gle.com,
ycheng@...gle.com, ycao009@....edu
Subject: Re: [PATCH net] tcp: enable per-socket rate limiting of all
'challenge acks'
From: Jason Baron <jbaron@...mai.com>
Date: Thu, 14 Jul 2016 11:38:40 -0400
> From: Jason Baron <jbaron@...mai.com>
>
> The per-socket rate limit for 'challenge acks' was introduced in the
> context of limiting ack loops:
>
> commit f2b2c582e824 ("tcp: mitigate ACK loops for connections as tcp_sock")
>
> And I think it can be extended to rate limit all 'challenge acks' on a
> per-socket basis.
>
> Since we have the global tcp_challenge_ack_limit, this patch allows for
> tcp_challenge_ack_limit to be set to a large value and effectively rely on
> the per-socket limit, or set tcp_challenge_ack_limit to a lower value and
> still prevents a single connections from consuming the entire challenge ack
> quota.
>
> It further moves in the direction of eliminating the global limit at some
> point, as Eric Dumazet has suggested. This a follow-up to:
> Subject: tcp: make challenge acks less predictable
>
> Cc: Eric Dumazet <edumazet@...gle.com>
> Cc: David S. Miller <davem@...emloft.net>
> Cc: Neal Cardwell <ncardwell@...gle.com>
> Cc: Yuchung Cheng <ycheng@...gle.com>
> Cc: Yue Cao <ycao009@....edu>
> Signed-off-by: Jason Baron <jbaron@...mai.com>
Applied, thanks.
Powered by blists - more mailing lists