diff options
author | Eric Dumazet <edumazet@google.com> | 2018-10-10 12:30:01 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-02-08 11:25:31 +0100 |
commit | f925a29652a00e312d373b19f177af17be4ba5be (patch) | |
tree | 4cd4d8d320b10b0aacbce1c372e6622c742b14c0 /net/ipv6 | |
parent | 567ef0554b91de121e9c1ad6b30d0077a5ea1fbf (diff) |
inet: frags: do not clone skb in ip_expire()
commit 1eec5d5670084ee644597bd26c25e22c69b9f748 upstream.
An skb_clone() was added in commit ec4fbd64751d ("inet: frag: release
spinlock before calling icmp_send()")
While fixing the bug at that time, it also added a very high cost
for DDOS frags, as the ICMP rate limit is applied after this
expensive operation (skb_clone() + consume_skb(), implying memory
allocations, copy, and freeing)
We can use skb_get(head) here, all we want is to make sure skb wont
be freed by another cpu.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/ipv6')
0 files changed, 0 insertions, 0 deletions