icmp: randomize the global rate limiter
[ Upstream commit b38e7819 ] Keyu Man reported that the ICMP rate limiter could be used by attackers to get useful signal. Details will be provided in an upcoming academic publication. Our solution is to add some noise, so that the attackers no longer can get help from the predictable token bucket limiter. Fixes: 4cdf507d ("icmp: add a global rate limitation") Signed-off-by:Eric Dumazet <edumazet@google.com> Reported-by:
Keyu Man <kman001@ucr.edu> Signed-off-by:
Jakub Kicinski <kuba@kernel.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Lee Jones <lee.jones@linaro.org> Change-Id: If5c425a9e67d4edf894684d6bda50d59438ab095
Loading
Please sign in to comment