icmp: randomize the global rate limiter
Keyu Man reported that the ICMP rate limiter could be used by attackers to get useful signal. Details will be provided in an upcoming academic publication. Our solution is to add some noise, so that the attackers no longer can get help from the predictable token bucket limiter. Fixes: 4cdf507d ("icmp: add a global rate limitation") Signed-off-by:Eric Dumazet <edumazet@google.com> Reported-by:
Keyu Man <kman001@ucr.edu> Signed-off-by:
Jakub Kicinski <kuba@kernel.org>
Loading
-
mentioned in commit 539859ca
-
mentioned in commit b713cc73
-
mentioned in commit e00da57b
-
mentioned in commit 56024141
-
mentioned in commit 97b221db
-
mentioned in commit e8a5716e
-
mentioned in commit 481d102a
-
mentioned in commit fe188b5e
-
mentioned in commit 89d089b9
-
mentioned in commit 6cfbe042
-
mentioned in commit ebd9d4f7
Please sign in to comment