diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2017-06-21 14:22:21 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-06-24 02:06:26 +0200 |
| commit | 196f55e857bfa688ad8f010c86a94ca0b28fc101 (patch) | |
| tree | ec78d85e3c6e58078751e959acf1917975652d41 /src | |
| parent | device: only use one sleep notifier (diff) | |
| download | wireguard-monolithic-historical-196f55e857bfa688ad8f010c86a94ca0b28fc101.tar.xz wireguard-monolithic-historical-196f55e857bfa688ad8f010c86a94ca0b28fc101.zip | |
receive: extend rate limiting to 1 second after under load detection
Diffstat (limited to 'src')
| -rw-r--r-- | src/receive.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/receive.c b/src/receive.c index 5807465..95d4bb6 100644 --- a/src/receive.c +++ b/src/receive.c @@ -89,6 +89,7 @@ static inline int skb_prepare_header(struct sk_buff *skb, struct wireguard_devic static void receive_handshake_packet(struct wireguard_device *wg, struct sk_buff *skb) { + static unsigned long last_under_load = 0; /* Yes this is global, so that our load calculation applies to the whole system. */ struct wireguard_peer *peer = NULL; enum message_type message_type; bool under_load; @@ -104,6 +105,10 @@ static void receive_handshake_packet(struct wireguard_device *wg, struct sk_buff } under_load = skb_queue_len(&wg->incoming_handshakes) >= MAX_QUEUED_INCOMING_HANDSHAKES / 8; + if (under_load) + last_under_load = jiffies; + else + under_load = time_is_after_jiffies(last_under_load + HZ); mac_state = cookie_validate_packet(&wg->cookie_checker, skb, under_load); if ((under_load && mac_state == VALID_MAC_WITH_COOKIE) || (!under_load && mac_state == VALID_MAC_BUT_NO_COOKIE)) packet_needs_cookie = false; |