| commit | 3e7a445bf42b2e561241ba03bf98fc320ea58814 | [log] [tgz] |
|---|---|---|
| author | Damien Neil <dneil@google.com> | Tue Apr 08 17:01:09 2025 -0700 |
| committer | Gopher Robot <gobot@golang.org> | Thu Apr 10 11:38:36 2025 -0700 |
| tree | 9d9559352d27e9cab648849800d506004b169940 | |
| parent | 3f563d3b0dee482b8cc70bae68346d9a6d4609a6 [diff] |
quic: skip packet numbers for optimistic ack defense An "optimistic ACK attack" involves an attacker sending ACKs for packets it hasn't received, causing the victim's congestion controller to improperly send at a higher rate. The standard defense against this attack is to skip the occasional packet number, and to close the connection with an error if the peer ACKs an unsent packet. Implement this defense, increasing the gap between skipped packet numbers as a connection's lifetime grows and correspondingly the amount of work required on the part of the attacker. Change-Id: I01f44f13367821b86af6535ffb69d380e2b4d7b7 Reviewed-on: https://go-review.googlesource.com/c/net/+/664298 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Jonathan Amsterdam <jba@google.com> Auto-Submit: Damien Neil <dneil@google.com>
This repository holds supplementary Go networking packages.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://go.dev/doc/contribute.
The git repository is https://go.googlesource.com/net.
The main issue tracker for the net repository is located at https://go.dev/issues. Prefix your issue with “x/net:” in the subject line, so it is easy to find.