summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/platform/kvm
diff options
context:
space:
mode:
authorBhasker Hariharan <bhaskerh@google.com>2020-07-27 15:12:36 -0700
committergVisor bot <gvisor-bot@google.com>2020-07-27 15:14:34 -0700
commitca6bded95dbce07f9683904b4b768dfc2d4a09b2 (patch)
tree374f9b25e61e203099d25237617f985546e10712 /pkg/sentry/platform/kvm
parent9a4ad9d5e74ae06040b115026ef8ef6421d5a7b1 (diff)
Fix memory accounting in TCP pending segment queue.
TCP now tracks the overhead of the segment structure itself in it's out-of-order queue (pending). This is required to ensure that a malicious sender sending 1 byte out-of-order segments cannot queue like 1000's of segments which bloat up memory usage. We also reduce the default receive window to 32KB. With TCP moderation there is no need to keep this window at 1MB which means that for new connections the default out-of-order queue will be small unless the application actually reads the data that is being sent. This prevents a sender from just maliciously filling up pending buf with lots of tiny out-of-order segments. PiperOrigin-RevId: 323450913
Diffstat (limited to 'pkg/sentry/platform/kvm')
0 files changed, 0 insertions, 0 deletions