On Mon, 2018-07-23 at 12:03 -0700, David Miller wrote: > From: Eric Dumazet <eduma...@google.com> > Date: Mon, 23 Jul 2018 09:28:16 -0700 > > > Juha-Matti Tilli reported that malicious peers could inject tiny > > packets in out_of_order_queue, forcing very expensive calls > > to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for > > every incoming packet. > > > > With tcp_rmem[2] default of 6MB, the ooo queue could > > contain ~7000 nodes. > > > > This patch series makes sure we cut cpu cycles enough to > > render the attack not critical. > > > > We might in the future go further, like disconnecting > > or black-holing proven malicious flows. > > Sucky... > > It took me a while to understand the sums_tiny logic, every > time I read that function I forget that we reset all of the > state and restart the loop after a coalesce inside the loop. > > Series applied, and queued up for -stable.
I see the first four in 4.9.116 but not the fifth (adding tcp_ooo_try_coalesce()). Is that intentional?
smime.p7s
Description: S/MIME cryptographic signature
