tcp: detect malicious patterns in tcp_collapse_ofo_queue()
authorEric Dumazet <edumazet@google.com>
Mon, 23 Jul 2018 16:28:19 +0000 (09:28 -0700)
committerDavid S. Miller <davem@davemloft.net>
Mon, 23 Jul 2018 19:01:36 +0000 (12:01 -0700)
commit3d4bf93ac12003f9b8e1e2de37fe27983deebdcf
treef133ddfef1cad281067830449ce844e03cf15ba0
parentf4a3313d8e2ca9fd8d8f45e40a2903ba782607e7
tcp: detect malicious patterns in tcp_collapse_ofo_queue()

In case an attacker feeds tiny packets completely out of order,
tcp_collapse_ofo_queue() might scan the whole rb-tree, performing
expensive copies, but not changing socket memory usage at all.

1) Do not attempt to collapse tiny skbs.
2) Add logic to exit early when too many tiny skbs are detected.

We prefer not doing aggressive collapsing (which copies packets)
for pathological flows, and revert to tcp_prune_ofo_queue() which
will be less expensive.

In the future, we might add the possibility of terminating flows
that are proven to be malicious.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/tcp_input.c