linux-stable/net
Eric Dumazet 8df0ffe2f3 icmp: randomize the global rate limiter
[ Upstream commit b38e7819ca ]

Keyu Man reported that the ICMP rate limiter could be used
by attackers to get useful signal. Details will be provided
in an upcoming academic publication.

Our solution is to add some noise, so that the attackers
no longer can get help from the predictable token bucket limiter.

Fixes: 4cdf507d54 ("icmp: add a global rate limitation")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Keyu Man <kman001@ucr.edu>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-10-29 09:57:27 +01:00
..
6lowpan
9p net/9p: validate fds in p9_fd_open 2020-08-11 15:33:36 +02:00
802
8021q vlan: vlan_changelink() should propagate errors 2020-01-12 12:21:50 +01:00
appletalk appletalk: Fix atalk_proc_init() return path 2020-08-11 15:33:40 +02:00
atm atm: fix a memory leak of vcc->user_back 2020-10-01 13:17:58 +02:00
ax25 AX.25: Prevent integer overflows in connect and sendmsg 2020-07-31 18:39:31 +02:00
batman-adv batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh 2020-10-01 13:18:19 +02:00
bluetooth Bluetooth: Disconnect if E0 is used for Level 4 2020-10-17 10:11:22 +02:00
bpf
bpfilter net/bpfilter: remove superfluous testing message 2020-04-21 09:04:53 +02:00
bridge net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under RCU 2020-09-26 18:03:12 +02:00
caif net: use skb_queue_empty_lockless() in poll() handlers 2019-10-28 13:33:41 -07:00
can net: j1939: j1939_session_fresh_new(): fix missing initialization of skbcnt 2020-10-29 09:57:24 +01:00
ceph libceph: don't omit recovery_deletes in target_copy() 2020-07-22 09:33:17 +02:00
core net: Properly typecast int values to set sk_max_pacing_rate 2020-10-29 09:57:26 +01:00
dcb net: DCB: Validate DCB_ATTR_DCB_BUFFER argument 2020-09-26 18:03:12 +02:00
dccp dccp: Fix possible memleak in dccp_init and dccp_fini 2020-06-17 16:40:32 +02:00
decnet net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 19:18:58 +01:00
dns_resolver KEYS: Don't write out to userspace while holding key semaphore 2020-04-23 10:36:45 +02:00
dsa dsa: Allow forwarding of redirected IGMP traffic 2020-09-23 12:40:33 +02:00
ethernet net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:20:06 +01:00
hsr hsr: check protocol version in hsr_newlink() 2020-04-21 09:04:44 +02:00
ieee802154 nl802154: add missing attribute validation for dev_type 2020-03-18 07:17:44 +01:00
ife net: Fix Kconfig indentation 2019-09-26 08:56:17 +02:00
ipv4 icmp: randomize the global rate limiter 2020-10-29 09:57:27 +01:00
ipv6 net: fix pos incrementment in ipv6_route_seq_next 2020-10-29 09:57:23 +01:00
iucv
kcm kcm: disable preemption in kcm_parse_func_strparser() 2019-09-27 10:27:14 +02:00
key af_key: pfkey_dump needs parameter validation 2020-09-26 18:03:10 +02:00
l2tp l2tp: remove skb_dst_set() from l2tp_xmit_skb() 2020-07-22 09:32:47 +02:00
l3mdev
lapb
llc net: silence data-races on sk_backlog.tail 2020-10-01 13:17:15 +02:00
mac80211 mac80211: do not allow bigger VHT MPDUs than the hardware supports 2020-10-07 08:01:27 +02:00
mac802154 mac802154: tx: fix use-after-free 2020-10-01 13:18:17 +02:00
mpls net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 2019-12-18 16:08:42 +01:00
ncsi net/ncsi: Disable global multicast filter 2019-09-19 18:04:40 -07:00
netfilter netfilter: ctnetlink: add a range check for l3/l4 protonum 2020-10-07 08:01:31 +02:00
netlabel netlabel: fix problems with mapping removal 2020-09-12 14:18:55 +02:00
netlink genetlink: remove genl_bind 2020-07-22 09:32:46 +02:00
netrom net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node 2020-04-29 16:33:08 +02:00
nfc nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() 2020-10-29 09:57:26 +01:00
nsh
openvswitch openvswitch: handle DNAT tuple collision 2020-10-14 10:33:02 +02:00
packet net/packet: fix overflow in tpacket_rcv 2020-09-09 19:12:29 +02:00
phonet net: use skb_queue_empty_lockless() in poll() handlers 2019-10-28 13:33:41 -07:00
psample net: psample: fix skb_over_panic 2019-12-04 22:30:54 +01:00
qrtr net: qrtr: check skb_put_padto() return value 2020-09-26 18:03:15 +02:00
rds rds: Prevent kernel-infoleak in rds_notify_queue_get() 2020-08-05 09:59:44 +02:00
rfkill rfkill: Fix incorrect check to avoid NULL pointer dereference 2020-01-12 12:21:33 +01:00
rose net: core: add generic lockdep keys 2019-10-24 14:53:48 -07:00
rxrpc rxrpc: Fix server keyring leak 2020-10-14 10:33:05 +02:00
sched net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels 2020-10-29 09:57:26 +01:00
sctp sctp: fix sctp_auth_init_hmacs() error path 2020-10-14 10:33:01 +02:00
smc net/smc: fix valid DMBE buffer sizes 2020-10-29 09:57:23 +01:00
strparser
sunrpc svcrdma: Fix backchannel return code 2020-10-01 13:18:01 +02:00
switchdev
tipc tipc: fix the skb_unshare() in tipc_buf_append() 2020-10-29 09:57:24 +01:00
tls net/tls: sendfile fails with ktls offload 2020-10-29 09:57:23 +01:00
unix skbuff: fix a data race in skb_queue_len() 2020-10-01 13:17:31 +02:00
vmw_vsock net: virtio_vsock: Enhance connection semantics 2020-10-07 08:01:24 +02:00
wimax
wireless net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() 2020-10-14 10:32:57 +02:00
x25 net/x25: Fix null-ptr-deref in x25_disconnect 2020-08-05 09:59:44 +02:00
xdp xdp: Fix xsk_generic_xmit errno 2020-06-24 17:50:44 +02:00
xfrm xfrm: Use correct address family in xfrm_state_find 2020-10-14 10:33:03 +02:00
compat.c net/compat: Add missing sock updates for SCM_RIGHTS 2020-08-21 13:05:25 +02:00
Kconfig net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build 2020-04-01 11:02:18 +02:00
Makefile
socket.c net: Set fput_needed iff FDPUT_FPUT is set 2020-08-19 08:16:22 +02:00
sysctl_net.c