Hallo Alexey,
Good that you are back!
> > It actually fixes two bugs: net_unreach was never send because of a
> > missing "-" and it allows sending ICMPs in the firewall checks when there
> > is no route. I replaced the unused RTCF_LOG flag with RTCF_BADROUTE.
>
> I beg pardon for silence, I was absent for this week.
>
> Diagnosis is not ready, but it looks as bug.
> Actually, such kind of routes should not have RTCF_LOCAL set.
>
> About RTCF_LOG: it is dead, I killed it but forgot to remove
> the last reference. RTCF_BADROUTE trick looks OK, but I do not think
> that it is necessary. I'll look tomorrow.
Ok. I think I fixed the worst problem with the "-" fix in ip_route_input_slow
[dst.error was initialised with the negated errno, but ip_error expected it
positive so it never caused an ICMP]. That is already on vger.
What remains is that there is no rate limitation for network unreachable
ICMPs. This is actually my fault, because I removed Martin Mares' ICMP
rate limiter and replaced it with a dst entry based mechanism [your original
objections were correct]. One possible fix would be to keep a small cache
of the "anonymous" dst_entries generated by no_route. Do you think that
is sufficient, workable, or do you have a better idea, or is it required
to resurrect Martin's code? I personally would prefer a dst_entry based
mechanism over a separate one.
-Andi
P.S.:
It seems CONFIG_RTNL_OLD_IFINFO does not compile with CONFIG_NET_CLS_ROUTE.
I'm not sure what the correct fix it, but it would be nice if that could
work.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu