* [PATCH] ipv4: use daddr to get inet_peer
@ 2014-02-14 9:25 Duan Jiong
2014-02-14 9:41 ` Hannes Frederic Sowa
0 siblings, 1 reply; 4+ messages in thread
From: Duan Jiong @ 2014-02-14 9:25 UTC (permalink / raw)
To: David Miller; +Cc: netdev, hannes
since commit 1d861aa4("inet: Minimize use of cached route inetpeer"),
ip_error() uses saddr to get inet_peer, so ip_error() and icmpv4_xrlim_allow()
use the same inet_peer to limit icmp error message twice.
In ip_error(), peer->rate_tokens is set to ip_rt_error_burst, but in
inet_peer_xrlim_allow() peer->rate_tokens is set to XRLIM_BURST_FACTOR.
XRLIM_BURST_FACTOR is defined to 6, so user seting ip_rt_error_burst makes
no sense.
In my opinion, the ip_rt_error_burst is used to limit icmp error messages
for daddr instead of saddr.
Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
---
net/ipv4/route.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 25071b4..4da5588 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -933,7 +933,7 @@ static int ip_error(struct sk_buff *skb)
break;
}
- peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
+ peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->daddr, 1);
send = true;
if (peer) {
--
1.8.3.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] ipv4: use daddr to get inet_peer
2014-02-14 9:25 [PATCH] ipv4: use daddr to get inet_peer Duan Jiong
@ 2014-02-14 9:41 ` Hannes Frederic Sowa
2014-02-14 9:51 ` Duan Jiong
0 siblings, 1 reply; 4+ messages in thread
From: Hannes Frederic Sowa @ 2014-02-14 9:41 UTC (permalink / raw)
To: Duan Jiong; +Cc: David Miller, netdev
On Fri, Feb 14, 2014 at 05:25:35PM +0800, Duan Jiong wrote:
>
> since commit 1d861aa4("inet: Minimize use of cached route inetpeer"),
> ip_error() uses saddr to get inet_peer, so ip_error() and icmpv4_xrlim_allow()
> use the same inet_peer to limit icmp error message twice.
>
> In ip_error(), peer->rate_tokens is set to ip_rt_error_burst, but in
> inet_peer_xrlim_allow() peer->rate_tokens is set to XRLIM_BURST_FACTOR.
> XRLIM_BURST_FACTOR is defined to 6, so user seting ip_rt_error_burst makes
> no sense.
>
> In my opinion, the ip_rt_error_burst is used to limit icmp error messages
> for daddr instead of saddr.
Hmmm...
ip_error is a dst_input function, as such it gets called with the incoming
packet. saddr is the address we send the reply back (see
icmp_send->icmp_route_lookup).
Sorry, I don't think the patch is correct.
Bye,
Hannes
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] ipv4: use daddr to get inet_peer
2014-02-14 9:41 ` Hannes Frederic Sowa
@ 2014-02-14 9:51 ` Duan Jiong
2014-02-14 10:35 ` Hannes Frederic Sowa
0 siblings, 1 reply; 4+ messages in thread
From: Duan Jiong @ 2014-02-14 9:51 UTC (permalink / raw)
To: hannes; +Cc: David Miller, netdev
于 2014年02月14日 17:41, Hannes Frederic Sowa 写道:
> On Fri, Feb 14, 2014 at 05:25:35PM +0800, Duan Jiong wrote:
>>
>> since commit 1d861aa4("inet: Minimize use of cached route inetpeer"),
>> ip_error() uses saddr to get inet_peer, so ip_error() and icmpv4_xrlim_allow()
>> use the same inet_peer to limit icmp error message twice.
>>
>> In ip_error(), peer->rate_tokens is set to ip_rt_error_burst, but in
>> inet_peer_xrlim_allow() peer->rate_tokens is set to XRLIM_BURST_FACTOR.
>> XRLIM_BURST_FACTOR is defined to 6, so user seting ip_rt_error_burst makes
>> no sense.
>>
>> In my opinion, the ip_rt_error_burst is used to limit icmp error messages
>> for daddr instead of saddr.
>
> Hmmm...
>
> ip_error is a dst_input function, as such it gets called with the incoming
> packet. saddr is the address we send the reply back (see
> icmp_send->icmp_route_lookup).
>
But if we still use saddr to get inet_peer, seting ip_rt_error_burst will make
no sense, because it will be overwrited by XRLIM_BURST_FACTOR.
Thanks,
Duan
> Sorry, I don't think the patch is correct.
>
> Bye,
>
> Hannes
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] ipv4: use daddr to get inet_peer
2014-02-14 9:51 ` Duan Jiong
@ 2014-02-14 10:35 ` Hannes Frederic Sowa
0 siblings, 0 replies; 4+ messages in thread
From: Hannes Frederic Sowa @ 2014-02-14 10:35 UTC (permalink / raw)
To: Duan Jiong; +Cc: David Miller, netdev
On Fri, Feb 14, 2014 at 05:51:07PM +0800, Duan Jiong wrote:
> 于 2014年02月14日 17:41, Hannes Frederic Sowa 写道:
> > On Fri, Feb 14, 2014 at 05:25:35PM +0800, Duan Jiong wrote:
> >>
> >> since commit 1d861aa4("inet: Minimize use of cached route inetpeer"),
> >> ip_error() uses saddr to get inet_peer, so ip_error() and icmpv4_xrlim_allow()
> >> use the same inet_peer to limit icmp error message twice.
> >>
> >> In ip_error(), peer->rate_tokens is set to ip_rt_error_burst, but in
> >> inet_peer_xrlim_allow() peer->rate_tokens is set to XRLIM_BURST_FACTOR.
> >> XRLIM_BURST_FACTOR is defined to 6, so user seting ip_rt_error_burst makes
> >> no sense.
> >>
> >> In my opinion, the ip_rt_error_burst is used to limit icmp error messages
> >> for daddr instead of saddr.
> >
> > Hmmm...
> >
> > ip_error is a dst_input function, as such it gets called with the incoming
> > packet. saddr is the address we send the reply back (see
> > icmp_send->icmp_route_lookup).
> >
>
> But if we still use saddr to get inet_peer, seting ip_rt_error_burst will make
> no sense, because it will be overwrited by XRLIM_BURST_FACTOR.
Sorry, I cannot follow you.
On output we refetch the inetpeer with the destination address. I don't
see how the patch helps.
Greetings,
Hannes
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-02-14 10:35 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-02-14 9:25 [PATCH] ipv4: use daddr to get inet_peer Duan Jiong
2014-02-14 9:41 ` Hannes Frederic Sowa
2014-02-14 9:51 ` Duan Jiong
2014-02-14 10:35 ` Hannes Frederic Sowa
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.