• Gerrit Renker's avatar
    [DCCP]: Rate-limit DCCP-Syncs · a94f0f97
    Gerrit Renker authored
    This implements a SHOULD from RFC 4340, 7.5.4:
     "To protect against denial-of-service attacks, DCCP implementations SHOULD
      impose a rate limit on DCCP-Syncs sent in response to sequence-invalid packets,
      such as not more than eight DCCP-Syncs per second."
    
    The rate-limit is maintained on a per-socket basis. This is a more stringent
    policy than enforcing the rate-limit on a per-source-address basis and
    protects against attacks with forged source addresses.
    
    Moreover, the mechanism is deliberately kept simple. In contrast to
    xrlim_allow(), bursts of Sync packets in reply to sequence-invalid packets
    are not supported.  This foils such attacks where the receipt of a Sync
    triggers further sequence-invalid packets. (I have tested this mechanism against
    xrlim_allow algorithm for Syncs, permitting bursts just increases the problems.)
    
    In order to keep flexibility, the timeout parameter can be set via sysctl; and
    the whole mechanism can even be disabled (which is however not recommended).
    
    The algorithm in this patch has been improved with regard to wrapping issues
    thanks to a suggestion by Arnaldo.
    
    Commiter note: Rate limited the step 6 DCCP_WARN too, as it says we're
                   sending a sync.
    Signed-off-by: default avatarGerrit Renker <gerrit@erg.abdn.ac.uk>
    Signed-off-by: default avatarIan McDonald <ian.mcdonald@jandi.co.nz>
    Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@ghostprotocols.net>
    a94f0f97
proto.c 26.3 KB