icmp: randomize the global rate limiter
[ Upstream commit b38e7819 ] Keyu Man reported that the ICMP rate limiter could be used by attackers to get useful signal. Details will be provided in an upcoming academic publication. Our solution is to add some noise, so that the attackers no longer can get help from the predictable token bucket limiter. Fixes: 4cdf507d ("icmp: add a global rate limitation") Signed-off-by:Eric Dumazet <edumazet@google.com> Reported-by:
Keyu Man <kman001@ucr.edu> Signed-off-by:
Jakub Kicinski <kuba@kernel.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Change-Id: I999a3c434112e04a4307fbcc7ea17729b8f081ae Git-commit: d6c55250 Git-repo: https://android.googlesource.com/kernel/msm Signed-off-by:
urevanth <urevanth@codeaurora.org>
Loading
Please sign in to comment