From: David S. Miller <davem@davemloft.net>
Date: Mon, 23 Jul 2018 19:01:36 +0000 (-0700)
Subject: Merge branch 'tcp-robust-ooo'
X-Git-Tag: v4.18-rc7~23^2~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1a4f14bab1868b443f0dd3c55b689a478f82e72e;p=thirdparty%2Fkernel%2Flinux.git

Merge branch 'tcp-robust-ooo'

Eric Dumazet says:

====================
Juha-Matti Tilli reported that malicious peers could inject tiny
packets in out_of_order_queue, forcing very expensive calls
to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for
every incoming packet.

With tcp_rmem[2] default of 6MB, the ooo queue could
contain ~7000 nodes.

This patch series makes sure we cut cpu cycles enough to
render the attack not critical.

We might in the future go further, like disconnecting
or black-holing proven malicious flows.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
---

1a4f14bab1868b443f0dd3c55b689a478f82e72e