lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 8 May 2020 22:57:04 -0700
From:   Jakub Kicinski <>
To:     Paolo Abeni <>
Cc:, "David S. Miller" <>,
        Colin Walters <>
Subject: Re: [PATCH net] net: ipv4: really enforce backoff for redirects

On Fri,  8 May 2020 19:28:34 +0200 Paolo Abeni wrote:
> In commit b406472b5ad7 ("net: ipv4: avoid mixed n_redirects and
> rate_tokens usage") I missed the fact that a 0 'rate_tokens' will
> bypass the backoff algorithm.
> Since rate_tokens is cleared after a redirect silence, and never
> incremented on redirects, if the host keeps receiving packets
> requiring redirect it will reply ignoring the backoff.
> Additionally, the 'rate_last' field will be updated with the
> cadence of the ingress packet requiring redirect. If that rate is
> high enough, that will prevent the host from generating any
> other kind of ICMP messages
> The check for a zero 'rate_tokens' value was likely a shortcut
> to avoid the more complex backoff algorithm after a redirect
> silence period. Address the issue checking for 'n_redirects'
> instead, which is incremented on successful redirect, and
> does not interfere with other ICMP replies.
> Fixes: b406472b5ad7 ("net: ipv4: avoid mixed n_redirects and rate_tokens usage")

Looks like this one got backported all the way back to 3.16..

> Reported-and-tested-by: Colin Walters <>
> Signed-off-by: Paolo Abeni <>

Applied, thanks!

Powered by blists - more mailing lists