netdev
[Top] [All Lists]

Re: missing icmp errors for udp packets

To: therapy@xxxxxxxxxxxxx (clemens)
Subject: Re: missing icmp errors for udp packets
From: Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>
Date: Mon, 30 Jul 2001 02:20:27 +0400 (MSD)
Cc: netdev@xxxxxxxxxxx
In-reply-to: <20010729131615.A382@xxxxxxxxxxxxxxxxxxxxx> from "clemens" at Jul 29, 1 04:15:00 pm
Sender: owner-netdev@xxxxxxxxxxx
Hello!

> does this somehow explain why this whole issue doesn't apply to the loopback
> devices?

Ratelimit checks are simply skipped for it, they apply only to icmps,
which are going to be sent to network.

Source of the problem was that icmp holds single variable for rate, but still
pretends to allow setting different rates for different types of messages.
Algo solves this assigning different costs to different types, but
it breaks when costs are strongly different, so that low cost one (echo reply
in this case) suppresses high cost (icmp errors) too strongly
for some short time. nmap sends tight burst of udp messages (which is crazy
anyway, icmp errors except for a few will be dropped in any case),
after echo and all the icmp errors inevitably fall to this dead interval.

Alexey


<Prev in Thread] Current Thread [Next in Thread>