netdev
[Top] [All Lists]

final words on udp/ICMP dest unreach issue [+PATCH]

To: netdev@xxxxxxxxxxx
Subject: final words on udp/ICMP dest unreach issue [+PATCH]
From: clemens <therapy@xxxxxxxxxxxxx>
Date: Mon, 30 Jul 2001 14:13:59 +0200
Cc: alan@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
Sender: owner-netdev@xxxxxxxxxxx
User-agent: Mutt/1.3.18i
hi!

concerning the bug discussed in the "missing icmp errors for udp
packets"-thread on netdev a solution has been found.

here comes the bug (see net/ipv4/icmp.c): 

#define XRLIM_BURST_FACTOR 6
int xrlim_allow(struct dst_entry *dst, int timeout)
{
        unsigned long now;

        now = jiffies;
        dst->rate_tokens += now - dst->rate_last;
        dst->rate_last = now;
#1:     if (dst->rate_tokens > XRLIM_BURST_FACTOR*timeout)    
#2:             dst->rate_tokens = XRLIM_BURST_FACTOR*timeout;
#3:     if (dst->rate_tokens >= timeout) {
                dst->rate_tokens -= timeout;
                return 1;   
        }
        return 0;
}

for timeout=0 rate_tokens will be reset to 0 tokens (#2), since #1 always
holds.
(icmp ping does have timeout=0, for instance)
this doesn't cause the packet to be filtered, since in #2
holds, but will cause the following packet to be filtered, if sent
before (now - dst->rate_last) < timeout.
(note: timeout is not 0 in this inequation, since it's the 
timeout of the icmp type of the following packet)

a patch is attached.

thanks to all contributors, especially pekka savola, for discovering
that pinging before udp scanning will cause the troubles, and alexey 
for suppling an alternative patch (for those intrested:
http://therapy.endorphin.org/alexey.patch)

alan, please take care of that. 

greets, clemens

Attachment: icmp-xrlim_allow.patch
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>
  • final words on udp/ICMP dest unreach issue [+PATCH], clemens <=