From: Eric Dumazet <[email protected]> Date: Thu, 14 May 2015 14:26:56 -0700
> From: Eric Dumazet <[email protected]> > > Now we allow storing more request socks per listener, we might > hit syncookie mode less often and hit following bug in our stack : > > When we send a burst of syncookies, then exit this mode, > tcp_synq_no_recent_overflow() can return false if the ACK packets coming > from clients are coming three seconds after the end of syncookie > episode. > > This is a way too strong requirement and conflicts with rest of > syncookie code which allows ACK to be aged up to 2 minutes. > > Perfectly valid ACK packets are dropped just because clients might be > in a crowded wifi environment or on another planet. > > So let's fix this, and also change tcp_synq_overflow() to not > dirty a cache line for every syncookie we send, as we are under attack. > > Signed-off-by: Eric Dumazet <[email protected]> Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
