• Lorenzo Bianconi's avatar
    net: ipv4: use a dedicated counter for icmp_v4 redirect packets · 1764111c
    Lorenzo Bianconi authored
    [ Upstream commit c09551c6 ]
    
    According to the algorithm described in the comment block at the
    beginning of ip_rt_send_redirect, the host should try to send
    'ip_rt_redirect_number' ICMP redirect packets with an exponential
    backoff and then stop sending them at all assuming that the destination
    ignores redirects.
    If the device has previously sent some ICMP error packets that are
    rate-limited (e.g TTL expired) and continues to receive traffic,
    the redirect packets will never be transmitted. This happens since
    peer->rate_tokens will be typically greater than 'ip_rt_redirect_number'
    and so it will never be reset even if the redirect silence timeout
    (ip_rt_redirect_silence) has elapsed without receiving any packet
    requiring redirects.
    
    Fix it by using a dedicated counter for the number of ICMP redirect
    packets that has been sent by the host
    
    I have not been able to identify a given commit that introduced the
    issue since ip_rt_send_redirect implements the same rate-limiting
    algorithm from commit 1da177e4 ("Linux-2.6.12-rc2")
    Signed-off-by: default avatarLorenzo Bianconi <lorenzo.bianconi@redhat.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    1764111c
route.c 78.8 KB