diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-06-21 14:22:21 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-06-24 02:06:26 +0200 |
| commit | 44e1a7e62d6c89e946a6e7d048cb187a8eef8a3f (patch) | |
| tree | 210c03b4789fdae3e7570a64185ea49c2da40d12 | |
| parent | 2bf7d83e93dbdcc622a202d36ab7daa69b9a9ed5 (diff) | |
receive: extend rate limiting to 1 second after under load detection
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| -rw-r--r-- | src/receive.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/receive.c b/src/receive.c index 5807465..95d4bb6 100644 --- a/src/receive.c +++ b/src/receive.c @@ -89,6 +89,7 @@ static inline int skb_prepare_header(struct sk_buff *skb, struct wireguard_devic static void receive_handshake_packet(struct wireguard_device *wg, struct sk_buff *skb) { + static unsigned long last_under_load = 0; /* Yes this is global, so that our load calculation applies to the whole system. */ struct wireguard_peer *peer = NULL; enum message_type message_type; bool under_load; @@ -104,6 +105,10 @@ static void receive_handshake_packet(struct wireguard_device *wg, struct sk_buff } under_load = skb_queue_len(&wg->incoming_handshakes) >= MAX_QUEUED_INCOMING_HANDSHAKES / 8; + if (under_load) + last_under_load = jiffies; + else + under_load = time_is_after_jiffies(last_under_load + HZ); mac_state = cookie_validate_packet(&wg->cookie_checker, skb, under_load); if ((under_load && mac_state == VALID_MAC_WITH_COOKIE) || (!under_load && mac_state == VALID_MAC_BUT_NO_COOKIE)) packet_needs_cookie = false; |