[PATCH] ipv4: use daddr to get inet_peer

[PATCH] ipv4: use daddr to get inet_peer

[Duan Jiong]

since commit 1d861aa4("inet: Minimize use of cached route inetpeer"),
ip_error() uses saddr to get inet_peer, so ip_error() and icmpv4_xrlim_allow()
use the same inet_peer to limit icmp error message twice.

In ip_error(), peer->rate_tokens is set to ip_rt_error_burst, but in
inet_peer_xrlim_allow() peer->rate_tokens is set to XRLIM_BURST_FACTOR.
XRLIM_BURST_FACTOR is defined to 6, so user seting ip_rt_error_burst makes
no sense.

In my opinion, the ip_rt_error_burst is used to limit icmp error messages
for daddr instead of saddr.

Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
---
 net/ipv4/route.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 25071b4..4da5588 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -933,7 +933,7 @@ static int ip_error(struct sk_buff *skb)
 		break;
 	}
 
-	peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
+	peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->daddr, 1);
 
 	send = true;
 	if (peer) {
-- 
1.8.3.1

Re: [PATCH] ipv4: use daddr to get inet_peer

[Hannes Frederic Sowa]

On Fri, Feb 14, 2014 at 05:25:35PM +0800, Duan Jiong wrote:
> 
> since commit 1d861aa4("inet: Minimize use of cached route inetpeer"),
> ip_error() uses saddr to get inet_peer, so ip_error() and icmpv4_xrlim_allow()
> use the same inet_peer to limit icmp error message twice.
> 
> In ip_error(), peer->rate_tokens is set to ip_rt_error_burst, but in
> inet_peer_xrlim_allow() peer->rate_tokens is set to XRLIM_BURST_FACTOR.
> XRLIM_BURST_FACTOR is defined to 6, so user seting ip_rt_error_burst makes
> no sense.
> 
> In my opinion, the ip_rt_error_burst is used to limit icmp error messages
> for daddr instead of saddr.

Hmmm...

ip_error is a dst_input function, as such it gets called with the incoming
packet. saddr is the address we send the reply back (see
icmp_send->icmp_route_lookup).

Sorry, I don't think the patch is correct.

Bye,

  Hannes

Re: [PATCH] ipv4: use daddr to get inet_peer

[Duan Jiong]

于 2014年02月14日 17:41, Hannes Frederic Sowa 写道:
> On Fri, Feb 14, 2014 at 05:25:35PM +0800, Duan Jiong wrote:
>>
>> since commit 1d861aa4("inet: Minimize use of cached route inetpeer"),
>> ip_error() uses saddr to get inet_peer, so ip_error() and icmpv4_xrlim_allow()
>> use the same inet_peer to limit icmp error message twice.
>>
>> In ip_error(), peer->rate_tokens is set to ip_rt_error_burst, but in
>> inet_peer_xrlim_allow() peer->rate_tokens is set to XRLIM_BURST_FACTOR.
>> XRLIM_BURST_FACTOR is defined to 6, so user seting ip_rt_error_burst makes
>> no sense.
>>
>> In my opinion, the ip_rt_error_burst is used to limit icmp error messages
>> for daddr instead of saddr.
> 
> Hmmm...
> 
> ip_error is a dst_input function, as such it gets called with the incoming
> packet. saddr is the address we send the reply back (see
> icmp_send->icmp_route_lookup).
> 

But if we still use saddr to get inet_peer, seting ip_rt_error_burst will make
no sense, because it will be overwrited by XRLIM_BURST_FACTOR.

Thanks,
  Duan


> Sorry, I don't think the patch is correct.
> 
> Bye,
> 
>   Hannes
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

Re: [PATCH] ipv4: use daddr to get inet_peer

[Hannes Frederic Sowa]

On Fri, Feb 14, 2014 at 05:51:07PM +0800, Duan Jiong wrote:
> 于 2014年02月14日 17:41, Hannes Frederic Sowa 写道:
> > On Fri, Feb 14, 2014 at 05:25:35PM +0800, Duan Jiong wrote:
> >>
> >> since commit 1d861aa4("inet: Minimize use of cached route inetpeer"),
> >> ip_error() uses saddr to get inet_peer, so ip_error() and icmpv4_xrlim_allow()
> >> use the same inet_peer to limit icmp error message twice.
> >>
> >> In ip_error(), peer->rate_tokens is set to ip_rt_error_burst, but in
> >> inet_peer_xrlim_allow() peer->rate_tokens is set to XRLIM_BURST_FACTOR.
> >> XRLIM_BURST_FACTOR is defined to 6, so user seting ip_rt_error_burst makes
> >> no sense.
> >>
> >> In my opinion, the ip_rt_error_burst is used to limit icmp error messages
> >> for daddr instead of saddr.
> > 
> > Hmmm...
> > 
> > ip_error is a dst_input function, as such it gets called with the incoming
> > packet. saddr is the address we send the reply back (see
> > icmp_send->icmp_route_lookup).
> > 
> 
> But if we still use saddr to get inet_peer, seting ip_rt_error_burst will make
> no sense, because it will be overwrited by XRLIM_BURST_FACTOR.

Sorry, I cannot follow you.

On output we refetch the inetpeer with the destination address. I don't
see how the patch helps.

Greetings,

  Hannes