Message ID | 52FDE10F.5010903@cn.fujitsu.com |
---|---|
State | Rejected, archived |
Delegated to: | David Miller |
Headers | show |
On Fri, Feb 14, 2014 at 05:25:35PM +0800, Duan Jiong wrote: > > since commit 1d861aa4("inet: Minimize use of cached route inetpeer"), > ip_error() uses saddr to get inet_peer, so ip_error() and icmpv4_xrlim_allow() > use the same inet_peer to limit icmp error message twice. > > In ip_error(), peer->rate_tokens is set to ip_rt_error_burst, but in > inet_peer_xrlim_allow() peer->rate_tokens is set to XRLIM_BURST_FACTOR. > XRLIM_BURST_FACTOR is defined to 6, so user seting ip_rt_error_burst makes > no sense. > > In my opinion, the ip_rt_error_burst is used to limit icmp error messages > for daddr instead of saddr. Hmmm... ip_error is a dst_input function, as such it gets called with the incoming packet. saddr is the address we send the reply back (see icmp_send->icmp_route_lookup). Sorry, I don't think the patch is correct. Bye, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
于 2014年02月14日 17:41, Hannes Frederic Sowa 写道: > On Fri, Feb 14, 2014 at 05:25:35PM +0800, Duan Jiong wrote: >> >> since commit 1d861aa4("inet: Minimize use of cached route inetpeer"), >> ip_error() uses saddr to get inet_peer, so ip_error() and icmpv4_xrlim_allow() >> use the same inet_peer to limit icmp error message twice. >> >> In ip_error(), peer->rate_tokens is set to ip_rt_error_burst, but in >> inet_peer_xrlim_allow() peer->rate_tokens is set to XRLIM_BURST_FACTOR. >> XRLIM_BURST_FACTOR is defined to 6, so user seting ip_rt_error_burst makes >> no sense. >> >> In my opinion, the ip_rt_error_burst is used to limit icmp error messages >> for daddr instead of saddr. > > Hmmm... > > ip_error is a dst_input function, as such it gets called with the incoming > packet. saddr is the address we send the reply back (see > icmp_send->icmp_route_lookup). > But if we still use saddr to get inet_peer, seting ip_rt_error_burst will make no sense, because it will be overwrited by XRLIM_BURST_FACTOR. Thanks, Duan > Sorry, I don't think the patch is correct. > > Bye, > > Hannes > > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Feb 14, 2014 at 05:51:07PM +0800, Duan Jiong wrote: > 于 2014年02月14日 17:41, Hannes Frederic Sowa 写道: > > On Fri, Feb 14, 2014 at 05:25:35PM +0800, Duan Jiong wrote: > >> > >> since commit 1d861aa4("inet: Minimize use of cached route inetpeer"), > >> ip_error() uses saddr to get inet_peer, so ip_error() and icmpv4_xrlim_allow() > >> use the same inet_peer to limit icmp error message twice. > >> > >> In ip_error(), peer->rate_tokens is set to ip_rt_error_burst, but in > >> inet_peer_xrlim_allow() peer->rate_tokens is set to XRLIM_BURST_FACTOR. > >> XRLIM_BURST_FACTOR is defined to 6, so user seting ip_rt_error_burst makes > >> no sense. > >> > >> In my opinion, the ip_rt_error_burst is used to limit icmp error messages > >> for daddr instead of saddr. > > > > Hmmm... > > > > ip_error is a dst_input function, as such it gets called with the incoming > > packet. saddr is the address we send the reply back (see > > icmp_send->icmp_route_lookup). > > > > But if we still use saddr to get inet_peer, seting ip_rt_error_burst will make > no sense, because it will be overwrited by XRLIM_BURST_FACTOR. Sorry, I cannot follow you. On output we refetch the inetpeer with the destination address. I don't see how the patch helps. Greetings, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 25071b4..4da5588 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -933,7 +933,7 @@ static int ip_error(struct sk_buff *skb) break; } - peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1); + peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->daddr, 1); send = true; if (peer) {
since commit 1d861aa4("inet: Minimize use of cached route inetpeer"), ip_error() uses saddr to get inet_peer, so ip_error() and icmpv4_xrlim_allow() use the same inet_peer to limit icmp error message twice. In ip_error(), peer->rate_tokens is set to ip_rt_error_burst, but in inet_peer_xrlim_allow() peer->rate_tokens is set to XRLIM_BURST_FACTOR. XRLIM_BURST_FACTOR is defined to 6, so user seting ip_rt_error_burst makes no sense. In my opinion, the ip_rt_error_burst is used to limit icmp error messages for daddr instead of saddr. Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com> --- net/ipv4/route.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)