diff options
author | Marcel Ziswiler <marcel.ziswiler@toradex.com> | 2021-07-07 01:19:43 +0200 |
---|---|---|
committer | Marcel Ziswiler <marcel.ziswiler@toradex.com> | 2021-07-07 01:19:43 +0200 |
commit | d900385139e5aa8d584dee92c87bb85d0226253e (patch) | |
tree | 26aa082f242221c535f2d8aa03b0c314c713e8ea /net/ipv4/icmp.c | |
parent | 56168452b2a2fa8b4efc664d9fcb08536486a1ba (diff) | |
parent | 200ecf5055dfba12b9bff6984830a7cdddee8ab1 (diff) |
Merge tag 'v4.4.274' into toradex_vf_4.4-next
Linux 4.4.274
Diffstat (limited to 'net/ipv4/icmp.c')
-rw-r--r-- | net/ipv4/icmp.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 9a9f49b55abd..c16c199d9cd9 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -246,7 +246,7 @@ static struct { /** * icmp_global_allow - Are we allowed to send one more ICMP message ? * - * Uses a token bucket to limit our ICMP messages to sysctl_icmp_msgs_per_sec. + * Uses a token bucket to limit our ICMP messages to ~sysctl_icmp_msgs_per_sec. * Returns false if we reached the limit and can not send another packet. * Note: called with BH disabled */ @@ -274,7 +274,10 @@ bool icmp_global_allow(void) } credit = min_t(u32, icmp_global.credit + incr, sysctl_icmp_msgs_burst); if (credit) { - credit--; + /* We want to use a credit of one in average, but need to randomize + * it for security reasons. + */ + credit = max_t(int, credit - prandom_u32_max(3), 0); rc = true; } WRITE_ONCE(icmp_global.credit, credit); |