All of lore.kernel.org
 help / color / mirror / Atom feed
From: Flavio Leitner <fbl@redhat.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: David Miller <davem@davemloft.net>,
	Ivan Zahariev <famzah@icdsoft.com>,
	netdev@vger.kernel.org, Vasiliy Kulikov <segoon@openwall.com>
Subject: Re: Unable to flush ICMP redirect routes in kernel 3.0+
Date: Thu, 17 Nov 2011 15:01:45 -0200	[thread overview]
Message-ID: <20111117150145.25e01a75@asterix.rh> (raw)
In-Reply-To: <1321548319.2751.70.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC>

On Thu, 17 Nov 2011 17:45:19 +0100
Eric Dumazet <eric.dumazet@gmail.com> wrote:

> Le jeudi 17 novembre 2011 à 14:40 -0200, Flavio Leitner a écrit :
> > On Thu, 17 Nov 2011 17:31:50 +0100
> > Eric Dumazet <eric.dumazet@gmail.com> wrote:
> > 
> > > Le jeudi 17 novembre 2011 à 13:37 -0200, Flavio Leitner a écrit :
> > > > On Thu, 17 Nov 2011 15:40:20 +0100
> > > > Eric Dumazet <eric.dumazet@gmail.com> wrote:
> > > > 
> > > > > [PATCH] ping: dont increment ICMP_MIB_INERRORS
> > > > > 
> > > > > ping module incorrectly increments ICMP_MIB_INERRORS if feeded
> > > > > with a frame not belonging to its own sockets.
> > > > > 
> > > > > RFC 2011 states that ICMP_MIB_INERRORS should count "the
> > > > > number of ICMP messages which the entiry received but
> > > > > determined as having ICMP-specific errors (bad ICMP
> > > > > checksums, bad length, etc.)."
> > > > > 
> > > > > Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
> > > > > CC: Vasiliy Kulikov <segoon@openwall.com>
> > > > 
> > > > Yeah, they aren't ICMP specific errors and the callers already
> > > > checked for checksum, lengths, and etc.. increasing that counter
> > > > when necessary.
> > > > 
> > > > Acked-by: Flavio Leitner <fbl@redhat.com>
> > > 
> > > Thanks
> > > 
> > > By the way, redirects dont work at all in net-next
> > 
> > Could you be more specific? It seems to be working here.
> > 
> > > Probably coming from your commit 7cc9150ebe8ec0
> > > (route: fix ICMP redirect validation)
> > > 
> > > Since calling __ip_route_output_key() will create the route with
> > > s = 0, l = 0  (forcing saddr and dev->ifindex) selectors...
> > > 
> > > We have to add a 'create' parameter to __ip_route_output_key() so
> > > that ip_rt_redirect() doesnt create a route, only find the
> > > existing one in cache ?
> > 
> > It should receive redirect after sending a packet, so the route
> > should be ready at this point. 
> 
> I receive the redirect, but the rt->peer is updated on a different
> route than the one used by my ping command.
> 
> Its updated on the specific route (source address forced, output
> device forced), not on the wildcarded route my ping is using.
> 
> So next packets are still sent on old gateway...

Right, so the loop trying different oif and saddr isn't working at
all because __ip_route_output_key() will create a route in the first
attempt.  Looks like you're right and we need the 'create' parameter
in __ip_route_output_key().

thanks,
fbl

  parent reply	other threads:[~2011-11-17 17:02 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-11-15 20:23 Unable to flush ICMP redirect routes in kernel 3.0+ Ivan Zahariev
2011-11-15 21:09 ` Eric Dumazet
2011-11-16 22:32   ` Ivan Zahariev
2011-11-17  0:33     ` Flavio Leitner
2011-11-17  8:10       ` Ivan Zahariev
2011-11-17 13:11         ` Flavio Leitner
2011-11-17 13:15           ` Eric Dumazet
2011-11-17 14:40             ` Eric Dumazet
2011-11-17 15:37               ` Flavio Leitner
2011-11-17 16:31                 ` Eric Dumazet
2011-11-17 16:40                   ` Flavio Leitner
2011-11-17 16:45                     ` Eric Dumazet
2011-11-17 16:57                       ` Eric Dumazet
2011-11-17 17:01                       ` Flavio Leitner [this message]
2011-11-17 17:18                         ` Eric Dumazet
2011-11-17 17:33                           ` Flavio Leitner
2011-11-17 17:38                           ` Eric Dumazet
2011-11-18 16:02                             ` Eric Dumazet
2011-11-18 16:30                               ` Flavio Leitner
2011-11-18 16:34                                 ` Eric Dumazet
2011-11-18 17:05                                   ` Flavio Leitner
2011-11-18 17:07                                     ` Eric Dumazet
2011-11-18 17:21                                       ` Flavio Leitner
2011-11-18 18:04                                         ` David Miller
2011-11-18 20:26                               ` David Miller
2011-11-17 16:52               ` Vasiliy Kulikov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20111117150145.25e01a75@asterix.rh \
    --to=fbl@redhat.com \
    --cc=davem@davemloft.net \
    --cc=eric.dumazet@gmail.com \
    --cc=famzah@icdsoft.com \
    --cc=netdev@vger.kernel.org \
    --cc=segoon@openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.