Replace send_unreach with icmp

netdev

Replace send_unreach with icmp_send

To:	Patrick McHardy <kaber@xxxxxxxxx>
Subject:	Replace send_unreach with icmp_send
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Wed, 16 Mar 2005 07:40:06 +1100
Cc:	"David S. Miller" <davem@xxxxxxxxxxxxx>, kuznet@xxxxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to:	<42373142.6090902@xxxxxxxxx>
References:	<20050307103536.GB7137@xxxxxxxxxxxxxxxxxxx> <20050308102741.GA23468@xxxxxxxxxxxxxxxxxxx> <20050314102614.GA9610@xxxxxxxxxxxxxxxxxxx> <20050314105313.GA21001@xxxxxxxxxxxxxxxxxxx> <20050314111002.GA29156@xxxxxxxxxxxxxxxxxxx> <20050315091904.GA6256@xxxxxxxxxxxxxxxxxxx> <20050315095837.GA7130@xxxxxxxxxxxxxxxxxxx> <20050315100522.GA7275@xxxxxxxxxxxxxxxxxxx> <20050315102450.0f3f1618.davem@xxxxxxxxxxxxx> <42373142.6090902@xxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.6+20040907i

On Tue, Mar 15, 2005 at 08:02:26PM +0100, Patrick McHardy wrote:
> 
> I would prefer to keep it seperately. I have planned to remove xrlim
> from ipt_REJECT so it behaves similar for TCP and ICMP. Limits should
> then be handled by the limit match. This can't be done if we switch to
> icmp_send().

Well it isn't terribly difficult to create a new version of icmp_send
that does xrlim conditionally.  icmp_send/ipt_REJECT can then call that
function.

The main reason I'm looking at getting rid of send_unreach is because
having two implementations of the same code often leads to bugs.  In
fact, as it is there are multiple IPsec-related bugs in the ipt_REJECT
code.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
*Re: [11/] [NET] Move dst_release out of dst->ops->check*, (continued)* *Re: [11/] [NET] Move dst_release out of dst->ops->check*, David S. Miller* *[12/] [IPSEC] Handle local_df in IPv4*, Herbert Xu* *[13/] [IPV4] Fix room calculation in icmp_send*, Herbert Xu* *[14/] [IPV6] Reload skb->dst after xfrm6_route_forward*, Herbert Xu* *Re: [14/] [IPV6] Reload skb->dst after xfrm6_route_forward*, David S. Miller* *[15/] [INET] Fix IPsec calculation in ip_append_data/ip6_append_data*, Herbert Xu* *[16/] [INET] Take IPsec overhead into account in tunnels*, Herbert Xu* *[17/] [NET] Replace dst_pmtu with dst_mtu*, Herbert Xu* *Re: [17/] [NET] Replace dst_pmtu with dst_mtu*, David S. Miller* *Re: [17/] [NET] Replace dst_pmtu with dst_mtu*, Patrick McHardy* Replace send_unreach with icmp_send, Herbert Xu <= Re: Replace send_unreach with icmp_send, Patrick McHardy [IPV4] Make ipt_REJECT use icmp_send again, Herbert Xu Re: [IPV4] Make ipt_REJECT use icmp_send again, Patrick McHardy Re: [IPV4] Make ipt_REJECT use icmp_send again, David S. Miller [IPV4] Send TCP reset through dst_output in ipt_REJECT, Herbert Xu Re: [IPV4] Send TCP reset through dst_output in ipt_REJECT, David S. Miller *Re: [17/] [NET] Replace dst_pmtu with dst_mtu*, Herbert Xu* *Re: [16/] [INET] Take IPsec overhead into account in tunnels*, Lennert Buytenhek* *Re: [16/] [INET] Take IPsec overhead into account in tunnels*, Herbert Xu* *Re: [16/] [INET] Take IPsec overhead into account in tunnels*, David S. Miller*

Previous by Date:	*Re: [17/] [NET] Replace dst_pmtu with dst_mtu*, Herbert Xu*
Next by Date:	Re: Replace send_unreach with icmp_send, Patrick McHardy
Previous by Thread:	*Re: [17/] [NET] Replace dst_pmtu with dst_mtu*, Patrick McHardy*
Next by Thread:	Re: Replace send_unreach with icmp_send, Patrick McHardy
Indexes:	[Date] [Thread] [Top] [All Lists]