linux/net
Matteo Croce 258bbb1b0e icmp: don't fail on fragment reassembly time exceeded
The ICMP implementation currently replies to an ICMP time exceeded message
(type 11) with an ICMP host unreachable message (type 3, code 1).

However, time exceeded messages can either represent "time to live exceeded
in transit" (code 0) or "fragment reassembly time exceeded" (code 1).

Unconditionally replying to "fragment reassembly time exceeded" with
host unreachable messages might cause unjustified connection resets
which are now easily triggered as UFO has been removed, because, in turn,
sending large buffers triggers IP fragmentation.

The issue can be easily reproduced by running a lot of UDP streams
which is likely to trigger IP fragmentation:

  # start netserver in the test namespace
  ip netns add test
  ip netns exec test netserver

  # create a VETH pair
  ip link add name veth0 type veth peer name veth0 netns test
  ip link set veth0 up
  ip -n test link set veth0 up

  for i in $(seq 20 29); do
      # assign addresses to both ends
      ip addr add dev veth0 192.168.$i.1/24
      ip -n test addr add dev veth0 192.168.$i.2/24

      # start the traffic
      netperf -L 192.168.$i.1 -H 192.168.$i.2 -t UDP_STREAM -l 0 &
  done

  # wait
  send_data: data send error: No route to host (errno 113)
  netperf: send_omni: send_data failed: No route to host

We need to differentiate instead: if fragment reassembly time exceeded
is reported, we need to silently drop the packet,
if time to live exceeded is reported, maintain the current behaviour.
In both cases increment the related error count "icmpInTimeExcds".

While at it, fix a typo in a comment, and convert the if statement
into a switch to mate it more readable.

Signed-off-by: Matteo Croce <mcroce@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-14 11:05:26 -07:00
..
6lowpan
9p net/9p: switch p9_fd_read to kernel_write 2017-09-04 19:05:16 -04:00
802
8021q Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-05 18:19:22 -07:00
appletalk
atm
ax25
batman-adv This cleanup patchset includes the following patches: 2017-10-06 10:12:52 -07:00
bluetooth Revert "Bluetooth: Add option for disabling legacy ioctl interfaces" 2017-09-28 13:20:32 -07:00
bpf bpf: add meta pointer for direct access 2017-09-26 13:36:44 -07:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-09 20:11:09 -07:00
caif
can
ceph libceph: don't allow bidirectional swap of pg-upmap-items 2017-09-19 20:34:29 +02:00
core net: dst: move cpu inside ifdef to avoid compilation warning 2017-10-10 15:55:58 -07:00
dcb
dccp net: dccp: Add handling of IPV6_PKTOPTIONS to dccp_v6_do_rcv() 2017-08-31 11:43:47 -07:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-09-03 17:08:42 -07:00
dns_resolver
dsa net: dsa: tag_brcm: Indicate to master netdevice port + queue 2017-10-12 12:10:02 -07:00
ethernet
hsr net/hsr: Check skb_put_padto() return value 2017-08-22 13:40:23 -07:00
ieee802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-05 20:03:35 -07:00
ife
ipv4 icmp: don't fail on fragment reassembly time exceeded 2017-10-14 11:05:26 -07:00
ipv6 ipv6: addrconf: don't use rtnl mutex in RTM_GETADDR 2017-10-11 20:17:03 -07:00
ipx
iucv
kcm kcm: Remove redundant unlikely() 2017-09-26 09:54:06 -07:00
key
l2tp l2tp: fix l2tp_eth module loading 2017-10-01 22:35:07 -07:00
l3mdev
lapb
llc
mac80211 mac80211: only remove AP VLAN frames from TXQ 2017-10-11 09:49:40 +02:00
mac802154 mac802154: Fix MAC header and payload encrypted 2017-09-20 13:37:16 +02:00
mpls ip_tunnel: fix building with NET_IP_TUNNEL=m 2017-10-12 12:21:11 -07:00
ncsi net/ncsi: fix ncsi_vlan_rx_{add,kill}_vid references 2017-09-05 09:11:45 -07:00
netfilter netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1' 2017-10-09 15:18:04 +02:00
netlabel
netlink netlink: do not set cb_running if dump's start() errs 2017-10-09 10:27:49 -07:00
netrom
nfc net: nfc: llcp_core: use setup_timer() helper. 2017-09-25 13:19:20 -07:00
nsh nsh: add GSO support 2017-08-29 15:16:52 -07:00
openvswitch openvswitch: add ct_clear action 2017-10-10 16:38:34 -07:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-05 18:19:22 -07:00
phonet net: phonet: mark phonet_protocol as const 2017-10-07 23:15:08 +01:00
psample
qrtr net: qrtr: Support decoding incoming v2 packets 2017-10-11 15:28:39 -07:00
rds RDS: IB: Initialize max_items based on underlying device attributes 2017-10-05 21:16:33 -07:00
rfkill
rose
rxrpc rxrpc: Make service connection lookup always check for retry 2017-09-05 14:39:17 -07:00
sched sched: act: ife: update parameters via rcu handling 2017-10-12 22:23:03 -07:00
sctp sctp: make array sctp_sched_ops static 2017-10-11 20:18:25 -07:00
smc net/smc: dev_put for netdev after usage of ib_query_gid() 2017-10-12 12:20:27 -07:00
strparser strparser: initialize all callbacks 2017-08-24 21:57:50 -07:00
sunrpc sunrpc: remove redundant initialization of sock 2017-10-01 18:51:30 -04:00
switchdev
tipc tipc: add multipoint-to-point flow control 2017-10-13 08:46:01 -07:00
tls tls: make tls_sw_free_resources static 2017-09-14 09:55:21 -07:00
unix
vmw_vsock VSOCK: add sock_diag interface 2017-10-05 18:44:17 -07:00
wimax
wireless Work continues in various areas: 2017-10-11 10:15:01 -07:00
x25
xfrm xfrm: don't call xfrm_policy_cache_flush under xfrm_state_lock 2017-09-28 09:39:05 +02:00
compat.c net: compat: assert the size of cmsg copied in is as expected 2017-09-20 15:36:18 -07:00
Kconfig net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros. 2017-09-04 13:25:20 +02:00
Makefile nsh: add GSO support 2017-08-29 15:16:52 -07:00
socket.c
sysctl_net.c