TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36d84fb451
twx-linux/net/ipv4
History
Jesper Dangaard Brouer 849a44de91 net: don't global ICMP rate limit packets originating from loopback 
Florian Weimer seems to have a glibc test-case which requires that
loopback interfaces does not get ICMP ratelimited.  This was broken by
commit c0303efeab73 ("net: reduce cycles spend on ICMP replies that
gets rate limited").

An ICMP response will usually be routed back-out the same incoming
interface.  Thus, take advantage of this and skip global ICMP
ratelimit when the incoming device is loopback.  In the unlikely event
that the outgoing it not loopback, due to strange routing policy
rules, ICMP rate limiting still works via peer ratelimiting via
icmpv4_xrlim_allow().  Thus, we should still comply with RFC1812
(section 4.3.2.8 "Rate Limiting").

This seems to fix the reproducer given by Florian.  While still
avoiding to perform expensive and unneeded outgoing route lookup for
rate limited packets (in the non-loopback case).

Fixes: c0303efeab73 ("net: reduce cycles spend on ICMP replies that gets rate limited")
Reported-by: Florian Weimer <fweimer@redhat.com>
Reported-by: "H.J. Lu" <hjl.tools@gmail.com>
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-14 15:33:58 -04:00
..
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
af_inet.c net: ping: do not abuse udp_poll() 2017-06-04 22:56:55 -04:00
ah4.c
arp.c arp: fixed -Wuninitialized compiler warning 2017-05-25 13:38:20 -04:00
cipso_ipv4.c
datagram.c
devinet.c net: rtnetlink: plumb extended ack to doit function 2017-04-17 15:35:38 -04:00
esp4_offload.c esp4/6: Fix GSO path for non-GSO SW-crypto packets 2017-04-19 07:48:57 +02:00
esp4.c esp4: Fix udpencap for local TCP packets. 2017-05-04 07:27:26 +02:00
fib_frontend.c net: Improve handling of failures on link and route dumps 2017-05-16 14:54:11 -04:00
fib_lookup.h
fib_notifier.c
fib_rules.c
fib_semantics.c ipv4: add reference counting to metrics 2017-05-26 14:57:07 -04:00
fib_trie.c net: Improve handling of failures on link and route dumps 2017-05-16 14:54:11 -04:00
fou.c
gre_demux.c
gre_offload.c
icmp.c net: don't global ICMP rate limit packets originating from loopback 2017-06-14 15:33:58 -04:00
igmp.c igmp: acquire pmc lock for ip_mc_clear_src() 2017-06-13 12:51:37 -04:00
inet_connection_sock.c dccp/tcp: do not inherit mc_list from parent 2017-05-09 15:17:49 -04:00
inet_diag.c
inet_fragment.c
inet_hashtables.c treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
inet_timewait_sock.c
inetpeer.c
ip_forward.c
ip_fragment.c inet: frag: release spinlock before calling icmp_send() 2017-03-22 15:40:45 -07:00
ip_gre.c ip_tunnel: Allow policy-based routing through tunnels 2017-04-21 13:21:31 -04:00
ip_input.c net: Add sysctl to toggle early demux for tcp and udp 2017-03-24 13:17:07 -07:00
ip_options.c
ip_output.c
ip_sockglue.c ipv4: get rid of ip_ra_lock 2017-04-30 22:44:04 -04:00
ip_tunnel_core.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
ip_tunnel.c net: Fix inconsistent teardown and release of private netdev state. 2017-06-07 15:53:24 -04:00
ip_vti.c vti: check nla_put_* return value 2017-05-08 15:10:31 -04:00
ipcomp.c
ipconfig.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-06 08:24:51 -07:00
ipip.c ip_tunnel: Allow policy-based routing through tunnels 2017-04-21 13:21:31 -04:00
ipmr.c net: ipmr: Fix some mroute forwarding issues in vrf's 2017-06-11 18:15:06 -04:00
Kconfig
Makefile
netfilter.c
ping.c ping: implement proper locking 2017-03-24 20:50:28 -07:00
proc.c net/tcp_fastopen: Add snmp counter for blackhole detection 2017-04-24 14:27:17 -04:00
protocol.c net: Add sysctl to toggle early demux for tcp and udp 2017-03-24 13:17:07 -07:00
raw_diag.c
raw.c ipv4, ipv6: ensure raw socket message is big enough to hold an IP header 2017-05-04 11:02:46 -04:00
route.c ipv4: add reference counting to metrics 2017-05-26 14:57:07 -04:00
syncookies.c tcp: randomize timestamps on syncookies 2017-05-05 12:00:11 -04:00
sysctl_net_ipv4.c net/tcp_fastopen: Disable active side TFO in certain scenarios 2017-04-24 14:27:17 -04:00
tcp_bbr.c
tcp_bic.c
tcp_cdg.c
tcp_cong.c tcp: disallow cwnd undo when switching congestion control 2017-06-02 14:18:13 -04:00
tcp_cubic.c tcp_cubic: fix typo in module param description 2017-04-20 16:16:44 -04:00
tcp_dctcp.c
tcp_diag.c
tcp_fastopen.c net/tcp_fastopen: Add snmp counter for blackhole detection 2017-04-24 14:27:17 -04:00
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: eliminate negative reordering in tcp_clean_rtx_queue 2017-05-16 12:45:21 -04:00
tcp_ipv4.c Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-10 10:30:46 -07:00
tcp_lp.c tcp: fix wraparound issue in tcp_lp 2017-05-02 15:07:02 -04:00
tcp_metrics.c treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
tcp_minisocks.c tcp: do not inherit fastopen_req from parent 2017-05-04 11:00:04 -04:00
tcp_nv.c
tcp_offload.c
tcp_output.c tcp: make congestion control optionally skip slow start after idle 2017-05-08 14:37:07 -04:00
tcp_probe.c
tcp_rate.c tcp: do not pass timestamp to tcp_rate_gen() 2017-04-26 14:44:38 -04:00
tcp_recovery.c tcp: tcp_rack_reo_timeout() must update tp->tcp_mstamp 2017-04-27 11:46:15 -04:00
tcp_scalable.c
tcp_timer.c net/tcp_fastopen: Remove mss check in tcp_write_timeout() 2017-04-24 14:27:17 -04:00
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tcp.c tcp: reinitialize MTU probing when setting MSS in a TCP repair 2017-05-31 12:28:59 -04:00
tunnel4.c
udp_diag.c
udp_impl.h udp: make *udp*_queue_rcv_skb() functions static 2017-05-18 10:23:33 -04:00
udp_offload.c udp: disable inner UDP checksum offloads in IPsec case 2017-04-24 13:48:54 -04:00
udp_tunnel.c
udp.c udp: make *udp*_queue_rcv_skb() functions static 2017-05-18 10:23:33 -04:00
udplite.c
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c xfrm: Add encapsulation header offsets while SKB is not encrypted 2017-04-14 10:07:39 +02:00
xfrm4_mode_tunnel.c xfrm: Add encapsulation header offsets while SKB is not encrypted 2017-04-14 10:07:39 +02:00
xfrm4_output.c xfrm: Add an IPsec hardware offloading API 2017-04-14 10:06:10 +02:00
xfrm4_policy.c
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c