diff options
| author | Eric Dumazet <[email protected]> | 2016-04-01 08:52:22 -0700 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2016-04-04 22:11:20 -0400 |
| commit | 4ce7e93cb3fe87db5b700050172dc41def9834b3 (patch) | |
| tree | 0a650d759c08cd171c4074553203b92f85e3fa29 /tools/perf/scripts/python/call-graph-from-postgresql.py | |
| parent | a9d6532b567489196dac4ce60c62343e43228759 (diff) | |
tcp: rate limit ACK sent by SYN_RECV request sockets
Attackers like to use SYNFLOOD targeting one 5-tuple, as they
hit a single RX queue (and cpu) on the victim.
If they use random sequence numbers in their SYN, we detect
they do not match the expected window and send back an ACK.
This patch adds a rate limitation, so that the effect of such
attacks is limited to ingress only.
We roughly double our ability to absorb such attacks.
Signed-off-by: Eric Dumazet <[email protected]>
Cc: Willem de Bruijn <[email protected]>
Cc: Neal Cardwell <[email protected]>
Cc: Maciej Żenczykowski <[email protected]>
Acked-by: Neal Cardwell <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/call-graph-from-postgresql.py')
0 files changed, 0 insertions, 0 deletions