linux/net
Jesper Dangaard Brouer 849a44de91 net: don't global ICMP rate limit packets originating from loopback
Florian Weimer seems to have a glibc test-case which requires that
loopback interfaces does not get ICMP ratelimited.  This was broken by
commit c0303efeab ("net: reduce cycles spend on ICMP replies that
gets rate limited").

An ICMP response will usually be routed back-out the same incoming
interface.  Thus, take advantage of this and skip global ICMP
ratelimit when the incoming device is loopback.  In the unlikely event
that the outgoing it not loopback, due to strange routing policy
rules, ICMP rate limiting still works via peer ratelimiting via
icmpv4_xrlim_allow().  Thus, we should still comply with RFC1812
(section 4.3.2.8 "Rate Limiting").

This seems to fix the reproducer given by Florian.  While still
avoiding to perform expensive and unneeded outgoing route lookup for
rate limited packets (in the non-loopback case).

Fixes: c0303efeab ("net: reduce cycles spend on ICMP replies that gets rate limited")
Reported-by: Florian Weimer <fweimer@redhat.com>
Reported-by: "H.J. Lu" <hjl.tools@gmail.com>
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-14 15:33:58 -04:00
..
6lowpan
9p xen: fixes for 4.12 rc2 2017-05-19 15:06:48 -07:00
802
8021q net: Fix inconsistent teardown and release of private netdev state. 2017-06-07 15:53:24 -04:00
appletalk
atm
ax25
batman-adv Here are two batman-adv bugfixes: 2017-06-13 13:46:01 -04:00
bluetooth net: Fix inconsistent teardown and release of private netdev state. 2017-06-07 15:53:24 -04:00
bpf bpf: Align packet data properly in program testing framework. 2017-05-02 11:46:28 -04:00
bridge net: Fix inconsistent teardown and release of private netdev state. 2017-06-07 15:53:24 -04:00
caif caif: Add sockaddr length check before accessing sa_family in connect handler 2017-06-13 16:16:11 -04:00
can can: af_can: namespace support: fix lockdep splat: properly initialize spin_lock 2017-06-09 11:39:23 +02:00
ceph libceph: cleanup old messages according to reconnect seq 2017-05-24 18:10:51 +02:00
core net: rps: fix uninitialized symbol warning 2017-06-13 11:31:22 -04:00
dcb
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-05-15 15:50:49 -07:00
decnet decnet: dn_rtmsg: Improve input length sanitization in dnrmg_receive_user_skb 2017-06-08 10:51:22 -04:00
dns_resolver
dsa net: dsa: Fix stale cpu_switch reference after unbind then bind 2017-06-04 22:55:17 -04:00
ethernet
hsr hsr: fix incorrect warning 2017-06-12 15:21:20 -04:00
ieee802154 net: Fix inconsistent teardown and release of private netdev state. 2017-06-07 15:53:24 -04:00
ife
ipv4 net: don't global ICMP rate limit packets originating from loopback 2017-06-14 15:33:58 -04:00
ipv6 net: don't global ICMP rate limit packets originating from loopback 2017-06-14 15:33:58 -04:00
ipx ipx: call ipxitf_put() in ioctl error path 2017-05-02 15:34:53 -04:00
irda net: Fix inconsistent teardown and release of private netdev state. 2017-06-07 15:53:24 -04:00
iucv
kcm
key af_key: Fix slab-out-of-bounds in pfkey_compile_policy. 2017-05-08 08:03:01 +02:00
l2tp l2tp: cast l2tp traffic counter to unsigned 2017-06-10 16:14:27 -04:00
l3mdev
lapb
llc net: llc: add lock_sock in llc_ui_bind to avoid a race condition 2017-05-26 14:20:29 -04:00
mac80211 Some fixes: 2017-06-13 13:34:13 -04:00
mac802154 net: Fix inconsistent teardown and release of private netdev state. 2017-06-07 15:53:24 -04:00
mpls mpls: fix clearing of dead nh_flags on link up 2017-05-31 14:48:24 -04:00
ncsi
netfilter netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize 2017-05-24 11:26:01 +02:00
netlabel
netlink netlink: don't send unknown nsid 2017-06-01 11:49:39 -04:00
netrom
nfc
openvswitch net: Fix inconsistent teardown and release of private netdev state. 2017-06-07 15:53:24 -04:00
packet net/packet: fix missing net_device reference release 2017-05-15 14:22:12 -04:00
phonet net: Fix inconsistent teardown and release of private netdev state. 2017-06-07 15:53:24 -04:00
psample
qrtr
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-05-02 16:40:27 -07:00
rfkill
rose
rxrpc
sched net/act_pedit: fix an error code 2017-06-14 15:24:18 -04:00
sctp sctp: disable BH in sctp_for_each_endpoint 2017-06-10 16:18:10 -04:00
smc net/smc: Add warning about remote memory exposure 2017-05-16 14:49:43 -04:00
strparser
sunrpc SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() 2017-05-31 12:26:44 -04:00
switchdev
tipc net: tipc: Fix a sleep-in-atomic bug in tipc_msg_reverse 2017-06-10 18:20:38 -04:00
unix af_unix: Add sockaddr length checks before accessing sa_family in bind and connect handlers 2017-06-09 10:10:24 -04:00
vmw_vsock vsock: use new wait API for vsock_stream_sendmsg() 2017-05-22 14:39:36 -04:00
wimax
wireless cfg80211: make cfg80211_sched_scan_results() work from atomic context 2017-05-23 14:36:46 +02:00
x25 net: x25: fix one potential use-after-free issue 2017-05-18 10:05:40 -04:00
xfrm xfrm: fix state migration copy replay sequence numbers 2017-05-19 12:49:13 +02:00
compat.c
Kconfig
Makefile
socket.c
sysctl_net.c