xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

inetpeer: Move ICMP rate limiting state into inet_peer entries.

Browse Source 
Like metrics, the ICMP rate limiting bits are cached state about
a destination.  So move it into the inet_peer entries.

If an inet_peer cannot be bound (the reason is memory allocation
failure or similar), the policy is to allow.

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
2011-02-04 15:55:25 -08:00
parent 0131ba451e
commit 92d8682926
9 changed files with 108 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
net/ipv6/icmp.c
View File

@@ -157,20 +157,20 @@ static int is_ineligible(struct sk_buff *skb)
/*
* Check the ICMP output rate limit
*/
static inline int icmpv6_xrlim_allow(struct sock *sk, u8 type,
struct flowi *fl)
static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
struct flowi *fl)
{
struct dst_entry *dst;
struct net *net = sock_net(sk);
int res = 0;
bool res = false;
/* Informational messages are not limited. */
if (type & ICMPV6_INFOMSG_MASK)
return 1;
return true;
/* Do not limit pmtu discovery, it would break it. */
if (type == ICMPV6_PKT_TOOBIG)
return 1;
return true;
/*
* Look up the output route.
@@ -182,7 +182,7 @@ static inline int icmpv6_xrlim_allow(struct sock *sk, u8 type,
IP6_INC_STATS(net, ip6_dst_idev(dst),
IPSTATS_MIB_OUTNOROUTES);
} else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
res = 1;
res = true;
} else {
struct rt6_info *rt = (struct rt6_info *)dst;
int tmo = net->ipv6.sysctl.icmpv6_time;
@@ -191,7 +191,9 @@ static inline int icmpv6_xrlim_allow(struct sock *sk, u8 type,
if (rt->rt6i_dst.plen < 128)
tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
res = xrlim_allow(dst, tmo);
if (!rt->rt6i_peer)
rt6_bind_peer(rt, 1);
res = inet_peer_xrlim_allow(rt->rt6i_peer, tmo);
}
dst_release(dst);
return res;

5
net/ipv6/ip6_output.c
View File

@@ -479,10 +479,13 @@ int ip6_forward(struct sk_buff *skb)
else
target = &hdr->daddr;
if (!rt->rt6i_peer)
rt6_bind_peer(rt, 1);
/* Limit redirects both by destination (here)
and by source (inside ndisc_send_redirect)
*/
if (xrlim_allow(dst, 1*HZ))
if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
ndisc_send_redirect(skb, n, target);
} else {
int addrtype = ipv6_addr_type(&hdr->saddr);

4
net/ipv6/ndisc.c
View File

@@ -1553,7 +1553,9 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
"ICMPv6 Redirect: destination is not a neighbour.\n");
goto release;
}
if (!xrlim_allow(dst, 1*HZ))
if (!rt->rt6i_peer)
rt6_bind_peer(rt, 1);
if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
goto release;
if (dev->addr_len) {