git.baikalelectronics.ru Git - kernel.git/commit

author	Paolo Abeni <pabeni@redhat.com>
	Fri, 8 May 2020 17:28:34 +0000 (19:28 +0200)
committer	Jakub Kicinski <kuba@kernel.org>
	Sat, 9 May 2020 05:52:57 +0000 (22:52 -0700)
commit	76047d27e056b2b6e01b53c079a8ea5e798b043d
tree	13cdf95f875974db0c04606c580fa9bd999edfd8	tree \| snapshot
parent	0a7ddf3e4a882860604562dcc40a4abeee869527	commit \| diff

net: ipv4: really enforce backoff for redirects

In commit 8f91cd538a1f ("net: ipv4: avoid mixed n_redirects and
rate_tokens usage") I missed the fact that a 0 'rate_tokens' will
bypass the backoff algorithm.

Since rate_tokens is cleared after a redirect silence, and never
incremented on redirects, if the host keeps receiving packets
requiring redirect it will reply ignoring the backoff.

Additionally, the 'rate_last' field will be updated with the
cadence of the ingress packet requiring redirect. If that rate is
high enough, that will prevent the host from generating any
other kind of ICMP messages

The check for a zero 'rate_tokens' value was likely a shortcut
to avoid the more complex backoff algorithm after a redirect
silence period. Address the issue checking for 'n_redirects'
instead, which is incremented on successful redirect, and
does not interfere with other ICMP replies.

Fixes: 8f91cd538a1f ("net: ipv4: avoid mixed n_redirects and rate_tokens usage")
Reported-and-tested-by: Colin Walters <walters@redhat.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>