Skip to content
Commit 79e3602c authored by Eric Dumazet's avatar Eric Dumazet Committed by Jakub Kicinski
Browse files

tcp: make global challenge ack rate limitation per net-ns and default disabled 



Because per host rate limiting has been proven problematic (side channel
attacks can be based on it), per host rate limiting of challenge acks ideally
should be per netns and turned off by default.

This is a long due followup of following commits:

083ae308 ("tcp: enable per-socket rate limiting of all 'challenge acks'")
f2b2c582 ("tcp: mitigate ACK loops for connections as tcp_sock")
75ff39cc ("tcp: make challenge acks less predictable")

Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Cc: Jason Baron <jbaron@akamai.com>
Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 8c705212
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment