From: Simon Horman <horms@kernel.org>
To: Eric Dumazet <edumazet@google.com>
Cc: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
David Ahern <dsahern@kernel.org>, Willy Tarreau <w@1wt.eu>,
Keyu Man <keyu.man@email.ucr.edu>,
Jesper Dangaard Brouer <hawk@kernel.org>,
netdev@vger.kernel.org, eric.dumazet@gmail.com
Subject: Re: [PATCH net-next 2/3] icmp: move icmp_global.credit and icmp_global.stamp to per netns storage
Date: Thu, 29 Aug 2024 14:33:56 +0100 [thread overview]
Message-ID: <20240829133356.GU1368797@kernel.org> (raw)
In-Reply-To: <20240828193948.2692476-3-edumazet@google.com>
On Wed, Aug 28, 2024 at 07:39:47PM +0000, Eric Dumazet wrote:
> Host wide ICMP ratelimiter should be per netns, to provide better isolation.
>
> Following patch in this series makes the sysctl per netns.
>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
...
> diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
...
> @@ -235,7 +230,7 @@ static struct {
> * Returns false if we reached the limit and can not send another packet.
> * Works in tandem with icmp_global_consume().
> */
Hi Eric,
nit: This could be handled in a follow-up, and I'm happy to prepare it
myself, but net should be added to the Kernel doc above.
> -bool icmp_global_allow(void)
> +bool icmp_global_allow(struct net *net)
> {
> u32 delta, now, oldstamp;
> int incr, new, old;
next prev parent reply other threads:[~2024-08-29 13:34 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-28 19:39 [PATCH net-next 0/3] icmp: avoid possible side-channels attacks Eric Dumazet
2024-08-28 19:39 ` [PATCH net-next 1/3] icmp: change the order of rate limits Eric Dumazet
2024-08-29 4:29 ` David Ahern
2024-08-28 19:39 ` [PATCH net-next 2/3] icmp: move icmp_global.credit and icmp_global.stamp to per netns storage Eric Dumazet
2024-08-29 4:30 ` David Ahern
2024-08-29 13:33 ` Simon Horman [this message]
2024-08-29 13:54 ` Eric Dumazet
2024-08-28 19:39 ` [PATCH net-next 3/3] icmp: icmp_msgs_per_sec and icmp_msgs_burst sysctls become per netns Eric Dumazet
2024-08-29 4:31 ` David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240829133356.GU1368797@kernel.org \
--to=horms@kernel.org \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=hawk@kernel.org \
--cc=keyu.man@email.ucr.edu \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.