• Jason Baron's avatar
    tcp: enable per-socket rate limiting of all 'challenge acks' · 2dd916fc
    Jason Baron authored
    [ Upstream commit 083ae308 ]
    
    The per-socket rate limit for 'challenge acks' was introduced in the
    context of limiting ack loops:
    
    commit f2b2c582 ("tcp: mitigate ACK loops for connections as tcp_sock")
    
    And I think it can be extended to rate limit all 'challenge acks' on a
    per-socket basis.
    
    Since we have the global tcp_challenge_ack_limit, this patch allows for
    tcp_challenge_ack_limit to be set to a large value and effectively rely on
    the per-socket limit, or set tcp_challenge_ack_limit to a lower value and
    still prevents a single connections from consuming the entire challenge ack
    quota.
    
    It further moves in the direction of eliminating the global limit at some
    point, as Eric Dumazet has suggested. This a follow-up to:
    Subject: tcp: make challenge acks less predictable
    
    Cc: Eric Dumazet <edumazet@google.com>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: Neal Cardwell <ncardwell@google.com>
    Cc: Yuchung Cheng <ycheng@google.com>
    Cc: Yue Cao <ycao009@ucr.edu>
    Signed-off-by: default avatarJason Baron <jbaron@akamai.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
    2dd916fc
tcp_input.c 177 KB