From: Jesper Dangaard Brouer <bro...@redhat.com>
Date: Wed, 14 Jun 2017 13:27:37 +0200
> Florian Weimer seems to have a glibc test-case which requires that
> loopback interfaces does not get ICMP ratelimited. This was broken by
> commit c0303efeab73 ("net: reduce cycles spend on ICMP replies that
> gets rate limited").
>
> An ICMP response will usually be routed back-out the same incoming
> interface. Thus, take advantage of this and skip global ICMP
> ratelimit when the incoming device is loopback. In the unlikely event
> that the outgoing it not loopback, due to strange routing policy
> rules, ICMP rate limiting still works via peer ratelimiting via
> icmpv4_xrlim_allow(). Thus, we should still comply with RFC1812
> (section 4.3.2.8 "Rate Limiting").
>
> This seems to fix the reproducer given by Florian. While still
> avoiding to perform expensive and unneeded outgoing route lookup for
> rate limited packets (in the non-loopback case).
>
> Fixes: c0303efeab73 ("net: reduce cycles spend on ICMP replies that gets rate
> limited")
> Reported-by: Florian Weimer <fwei...@redhat.com>
> Reported-by: "H.J. Lu" <hjl.to...@gmail.com>
> Signed-off-by: Jesper Dangaard Brouer <bro...@redhat.com>
Applied and queued up for -stable, thanks Jesper.
