Message ID | 1394124717-1957-1-git-send-email-sd@queasysnail.net |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Sabrina Dubroca <sd@queasysnail.net> Date: Thu, 6 Mar 2014 17:51:57 +0100 > DST_NOCOUNT should only be used if an authorized user adds routes > locally. In case of routes which are added on behalf of router > advertisments this flag must not get used as it allows an unlimited > number of routes getting added remotely. > > Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> > Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> > --- > > Hannes suggested this for stable This seems to conflict with the intentions of: commit a3300ef4bbb1f1e33ff0400e1e6cf7733d988f4f Author: Hannes Frederic Sowa <hannes@stressinduktion.org> Date: Sat Dec 7 03:33:45 2013 +0100 ipv6: don't count addrconf generated routes against gc limit If not, why not? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
2014-03-06, 15:27:15 -0500, David Miller wrote: > From: Sabrina Dubroca <sd@queasysnail.net> > Date: Thu, 6 Mar 2014 17:51:57 +0100 > > > DST_NOCOUNT should only be used if an authorized user adds routes > > locally. In case of routes which are added on behalf of router > > advertisments this flag must not get used as it allows an unlimited > > number of routes getting added remotely. > > > > Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> > > Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> > > --- > > > > Hannes suggested this for stable > > This seems to conflict with the intentions of: > > commit a3300ef4bbb1f1e33ff0400e1e6cf7733d988f4f > Author: Hannes Frederic Sowa <hannes@stressinduktion.org> > Date: Sat Dec 7 03:33:45 2013 +0100 > > ipv6: don't count addrconf generated routes against gc limit > > If not, why not? These are not the same routes. The commit you mention is for the routes added to the loopback device in the local table (limited by max_addresses as the log says). This patch limits the number of "real" routes that can be added, which is currently unlimited.
From: Sabrina Dubroca <sd@queasysnail.net> Date: Thu, 6 Mar 2014 22:03:17 +0100 > 2014-03-06, 15:27:15 -0500, David Miller wrote: >> From: Sabrina Dubroca <sd@queasysnail.net> >> Date: Thu, 6 Mar 2014 17:51:57 +0100 >> >> > DST_NOCOUNT should only be used if an authorized user adds routes >> > locally. In case of routes which are added on behalf of router >> > advertisments this flag must not get used as it allows an unlimited >> > number of routes getting added remotely. >> > >> > Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> >> > Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> >> > --- >> > >> > Hannes suggested this for stable >> >> This seems to conflict with the intentions of: >> >> commit a3300ef4bbb1f1e33ff0400e1e6cf7733d988f4f >> Author: Hannes Frederic Sowa <hannes@stressinduktion.org> >> Date: Sat Dec 7 03:33:45 2013 +0100 >> >> ipv6: don't count addrconf generated routes against gc limit >> >> If not, why not? > > These are not the same routes. The commit you mention is for the > routes added to the loopback device in the local table (limited by > max_addresses as the log says). > > This patch limits the number of "real" routes that can be added, > which is currently unlimited. Ok, I see the difference now, thanks for explaining. Applied and queued up for -stable. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 11dac21e6586..fba54a407bb2 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -1513,7 +1513,7 @@ int ip6_route_add(struct fib6_config *cfg) if (!table) goto out; - rt = ip6_dst_alloc(net, NULL, DST_NOCOUNT, table); + rt = ip6_dst_alloc(net, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT, table); if (!rt) { err = -ENOMEM;