lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 May 2020 22:57:04 -0700 From: Jakub Kicinski <kuba@...nel.org> To: Paolo Abeni <pabeni@...hat.com> Cc: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>, Colin Walters <walters@...hat.com> Subject: Re: [PATCH net] net: ipv4: really enforce backoff for redirects On Fri, 8 May 2020 19:28:34 +0200 Paolo Abeni wrote: > In commit b406472b5ad7 ("net: ipv4: avoid mixed n_redirects and > rate_tokens usage") I missed the fact that a 0 'rate_tokens' will > bypass the backoff algorithm. > > Since rate_tokens is cleared after a redirect silence, and never > incremented on redirects, if the host keeps receiving packets > requiring redirect it will reply ignoring the backoff. > > Additionally, the 'rate_last' field will be updated with the > cadence of the ingress packet requiring redirect. If that rate is > high enough, that will prevent the host from generating any > other kind of ICMP messages > > The check for a zero 'rate_tokens' value was likely a shortcut > to avoid the more complex backoff algorithm after a redirect > silence period. Address the issue checking for 'n_redirects' > instead, which is incremented on successful redirect, and > does not interfere with other ICMP replies. > > Fixes: b406472b5ad7 ("net: ipv4: avoid mixed n_redirects and rate_tokens usage") Looks like this one got backported all the way back to 3.16.. > Reported-and-tested-by: Colin Walters <walters@...hat.com> > Signed-off-by: Paolo Abeni <pabeni@...hat.com> Applied, thanks!
Powered by blists - more mailing lists