]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 63260a1) | patch
receiver: Use a time based limit to switch COOKIE secrets
authorTobias Brunner <tobias@strongswan.org>
Fri, 4 Jun 2021 11:41:31 +0000 (13:41 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 14 Apr 2022 13:28:07 +0000 (15:28 +0200)
commit902fbd16e8404dcd19d647d0035bcb1f35ba10a5
tree3d4c4f403bb1e87de388f201096960071f36f1e4tree
parent63260a11ca9548fd70796bc2fec114ca66d88315commit | diff
receiver: Use a time based limit to switch COOKIE secrets

If we are under attack and there are lots of requests, we might hit
the previous use count limit pretty quickly and may switch secrets multiple
times a second, which renders the 10 second default lifetime of COOKIEs
pointless and prevents legitimate clients from sending requests with valid
COOKIEs.
src/libcharon/network/receiver.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.