mirror of
https://github.com/torvalds/linux
synced 2024-11-05 18:23:50 +00:00
a94f0f9705
This implements a SHOULD from RFC 4340, 7.5.4:
"To protect against denial-of-service attacks, DCCP implementations SHOULD
impose a rate limit on DCCP-Syncs sent in response to sequence-invalid packets,
such as not more than eight DCCP-Syncs per second."
The rate-limit is maintained on a per-socket basis. This is a more stringent
policy than enforcing the rate-limit on a per-source-address basis and
protects against attacks with forged source addresses.
Moreover, the mechanism is deliberately kept simple. In contrast to
xrlim_allow(), bursts of Sync packets in reply to sequence-invalid packets
are not supported. This foils such attacks where the receipt of a Sync
triggers further sequence-invalid packets. (I have tested this mechanism against
xrlim_allow algorithm for Syncs, permitting bursts just increases the problems.)
In order to keep flexibility, the timeout parameter can be set via sysctl; and
the whole mechanism can even be disabled (which is however not recommended).
The algorithm in this patch has been improved with regard to wrapping issues
thanks to a suggestion by Arnaldo.
Commiter note: Rate limited the step 6 DCCP_WARN too, as it says we're
sending a sync.
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
|
||
|---|---|---|
| .. | ||
| ccids | ||
| ackvec.c | ||
| ackvec.h | ||
| ccid.c | ||
| ccid.h | ||
| dccp.h | ||
| diag.c | ||
| feat.c | ||
| feat.h | ||
| input.c | ||
| ipv4.c | ||
| ipv6.c | ||
| ipv6.h | ||
| Kconfig | ||
| Makefile | ||
| minisocks.c | ||
| options.c | ||
| output.c | ||
| probe.c | ||
| proto.c | ||
| sysctl.c | ||
| timer.c | ||