iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
61626b64775937699fdf6cf8ec1ca09263964fd4
linux/net/ipv4
History
Eric Dumazet df838165a1 icmp: randomize the global rate limiter 
[ Upstream commit b38e7819ca ]

Keyu Man reported that the ICMP rate limiter could be used
by attackers to get useful signal. Details will be provided
in an upcoming academic publication.

Our solution is to add some noise, so that the attackers
no longer can get help from the predictable token bucket limiter.

Fixes: 4cdf507d54 ("icmp: add a global rate limitation")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Keyu Man <kman001@ucr.edu>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-10-29 09:05:32 +01:00
..
netfilter
netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
2020-06-03 08:16:46 +02:00
af_inet.c
gso_segment: Reset skb->mac_len after modifying network header
2018-09-29 03:07:32 -07:00
ah4.c
ipsec: check return value of skb_to_sgvec always
2018-04-13 19:48:31 +02:00
arp.c
arp: fix arp_filter on l3slave devices
2018-04-13 19:48:32 +02:00
cipso_ipv4.c
netlabel: cope with NULL catmap
2020-05-20 08:15:39 +02:00
datagram.c
inet: stop leaking jiffies on the wire
2019-11-10 11:23:29 +01:00
devinet.c
devinet: fix memleak in inetdev_init()
2020-06-11 09:22:21 +02:00
esp4.c
ipsec: check return value of skb_to_sgvec always
2018-04-13 19:48:31 +02:00
fib_frontend.c
net: ipv4: Fix memory leak in network namespace dismantle
2019-01-31 08:12:33 +01:00
fib_lookup.h
fib_rules.c
switchdev: remove FIB offload infrastructure
2016-09-28 04:48:00 -04:00
fib_semantics.c
net: Fix the arp error in some cases
2020-06-30 15:38:39 -04:00
fib_trie.c
ipv4: Silence suspicious RCU usage warning
2020-08-21 11:01:55 +02:00
fou.c
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
2019-04-27 09:34:40 +02:00
gre_demux.c
gre: fix uninit-value in __iptunnel_pull_header
2020-03-20 09:07:38 +01:00
gre_offload.c
gso: fix payload length when gso_size is zero
2017-11-18 11:22:20 +01:00
icmp.c
icmp: randomize the global rate limiter
2020-10-29 09:05:32 +01:00
igmp.c
igmp: fix memory leak in igmpv3_del_delrec()
2019-08-04 09:33:33 +02:00
inet_connection_sock.c
net: refactor bind_bucket fastreuse into helper
2020-09-12 11:47:38 +02:00
inet_diag.c
tcp/dccp: fix possible race __inet_lookup_established()
2020-01-04 13:41:12 +01:00
inet_fragment.c
net: IP defrag: encapsulate rbtree defrag code into callable functions
2019-05-02 09:32:06 +02:00
inet_hashtables.c
net: initialize fastreuse on inet_inherit_port
2020-09-12 11:47:38 +02:00
inet_timewait_sock.c
soreuseport: initialise timewait reuseport field
2018-05-16 10:08:41 +02:00
inetpeer.c
net: ipv4: use a dedicated counter for icmp_v4 redirect packets
2019-02-23 09:05:59 +01:00
ip_forward.c
ipv4: allow local fragmentation in ip_finish_output_gso()
2016-11-03 16:10:26 -04:00
ip_fragment.c
net: IP defrag: encapsulate rbtree defrag code into callable functions
2019-05-02 09:32:06 +02:00
ip_gre.c
ip_gre: fix parsing gre header in ipgre_err
2019-11-25 09:52:23 +01:00
ip_input.c
vrf: check accept_source_route on the original netdevice
2019-04-17 08:36:45 +02:00
ip_options.c
vrf: check accept_source_route on the original netdevice
2019-04-17 08:36:45 +02:00
ip_output.c
ip: fix tos reflection in ack and reset packets
2020-10-01 20:40:00 +02:00
ip_sockglue.c
ip: on queued skb use skb_header_pointer instead of pskb_may_pull
2019-01-23 08:10:54 +01:00
ip_tunnel_core.c
ip_tunnel: don't force DF when MTU is locked
2018-11-23 08:20:34 +01:00
ip_tunnel.c
ip_tunnel: fix use-after-free in ip_tunnel_lookup()
2020-06-30 15:38:38 -04:00
ip_vti.c
ip_vti: receive ipip packet by calling ip_tunnel_rcv
2020-06-03 08:16:45 +02:00
ipcomp.c
ipconfig.c
ipconfig: Correctly initialise ic_nameservers
2018-08-03 07:55:24 +02:00
ipip.c
net: ipip: fix wrong address family in init error path
2020-06-03 08:16:23 +02:00
ipmr.c
ipv4: Fix potential Spectre v1 vulnerability
2019-01-09 16:16:39 +01:00
Kconfig
vti[6]: fix packet tx through bpf_redirect() in XinY cases
2020-04-02 17:20:34 +02:00
Makefile
tcp_bbr: add BBR congestion control
2016-09-21 00:23:01 -04:00
netfilter.c
netfilter: use skb_to_full_sk in ip_route_me_harder
2017-07-05 14:40:28 +02:00
ping.c
ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
2020-07-22 09:10:47 +02:00
proc.c
tcp: tcp_fragment() should apply sane memory limits
2019-06-17 19:53:32 +02:00
protocol.c
raw.c
net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
2020-05-02 17:22:56 +02:00
route.c
rt_cpu_seq_next should increase position index
2020-10-01 20:40:04 +02:00
syncookies.c
tcp: handle inet_csk_reqsk_queue_add() failures
2019-03-19 13:14:09 +01:00
sysctl_net_ipv4.c
tcp: add tcp_min_snd_mss sysctl
2019-06-17 19:53:33 +02:00
tcp_bbr.c
tcp_bbr: improve arithmetic division in bbr_update_bw()
2020-01-29 10:24:37 +01:00
tcp_bic.c
tcp: replace cnt & rtt with struct in pkts_acked()
2016-05-11 14:43:19 -04:00
tcp_cdg.c
tcp: cdg: rename struct minmax in tcp_cdg.c to avoid a naming conflict
2016-09-21 00:22:59 -04:00
tcp_cong.c
tcp: make sure listeners don't initialize congestion-control state
2020-07-22 09:10:48 +02:00
tcp_cubic.c
tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
2020-06-30 15:38:39 -04:00
tcp_dctcp.c
tcp: Ensure DCTCP reacts to losses
2019-04-17 08:36:45 +02:00
tcp_diag.c
net: diag: Fix refcnt leak in error path destroying socket
2016-08-23 23:11:36 -07:00
tcp_fastopen.c
tcp: initialize max window for a new fastopen socket
2017-02-04 09:47:10 +01:00
tcp_highspeed.c
tcp_htcp.c
tcp: replace cnt & rtt with struct in pkts_acked()
2016-05-11 14:43:19 -04:00
tcp_hybla.c
tcp_illinois.c
net/tcp/illinois: replace broken algorithm reference link
2018-05-30 07:50:33 +02:00
tcp_input.c
tcp: fix to update snd_wl1 in bulk receiver fast path
2020-10-29 09:05:32 +01:00
tcp_ipv4.c
tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
2020-07-22 09:10:48 +02:00
tcp_lp.c
tcp: fix wraparound issue in tcp_lp
2017-05-14 14:00:21 +02:00
tcp_metrics.c
tcp: make nla_policy const
2016-09-01 14:09:01 -07:00
tcp_minisocks.c
tcp: do not restart timewait timer on rst reception
2018-09-15 09:42:56 +02:00
tcp_nv.c
tcp_nv: fix potential integer overflow in tcpnv_acked
2018-05-30 07:50:22 +02:00
tcp_offload.c
gso: validate gso_type in GSO handlers
2018-01-31 12:55:55 +01:00
tcp_output.c
tcp: allow at most one TLP probe per flight
2020-07-31 16:44:06 +02:00
tcp_probe.c
tcp: Revert "tcp: tcp_probe: use spin_lock_bh()"
2018-09-15 09:43:01 +02:00
tcp_rate.c
tcp: invalidate rate samples during SACK reneging
2018-01-02 20:35:13 +01:00
tcp_recovery.c
tcp: do not assume TCP code is non preemptible
2016-05-02 17:02:25 -04:00
tcp_scalable.c
tcp_timer.c
tcp: fix SNMP TCP timeout under-estimation
2019-12-21 10:41:17 +01:00
tcp_vegas.c
tcp: fix under-evaluated ssthresh in TCP Vegas
2017-12-25 14:23:45 +01:00
tcp_vegas.h
tcp: replace cnt & rtt with struct in pkts_acked()
2016-05-11 14:43:19 -04:00
tcp_veno.c
tcp: replace cnt & rtt with struct in pkts_acked()
2016-05-11 14:43:19 -04:00
tcp_westwood.c
tcp: replace cnt & rtt with struct in pkts_acked()
2016-05-11 14:43:19 -04:00
tcp_yeah.c
tcp: cwnd does not increase in TCP YeAH
2016-09-08 17:16:12 -07:00
tcp.c
tcp: md5: allow changing MD5 keys in all socket states
2020-07-22 09:10:48 +02:00
tunnel4.c
tunnels: correct conditional build of MPLS and IPv6
2016-07-11 13:27:06 -07:00
udp_diag.c
net: inet: diag: expose the socket mark to privileged processes.
2016-09-08 16:13:09 -07:00
udp_impl.h
udplite: call proper backlog handlers
2016-11-24 15:32:14 -05:00
udp_offload.c
gso: validate gso_type in GSO handlers
2018-01-31 12:55:55 +01:00
udp_tunnel.c
net: Remove deprecated tunnel specific UDP offload functions
2016-06-17 20:23:32 -07:00
udp.c
net: udp: Fix wrong clean up for IS_UDPLITE macro
2020-07-31 16:44:06 +02:00
udplite.c
udplite: call proper backlog handlers
2016-11-24 15:32:14 -05:00
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
2020-05-02 17:23:09 +02:00
xfrm4_policy.c
xfrm4: Fix uninitialized memory read in _decode_session4
2019-05-25 18:26:55 +02:00
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c