diff options
| author | Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com> | 2022-08-11 17:20:12 +0200 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2022-08-15 12:25:09 +0200 |
| commit | 0ff4eb3d5ebbf72a7fc355e6001a0a6740662bf9 (patch) | |
| tree | b125989d84ebd30c5cee492f61550f205f139964 /net/ipv6/ndisc.c | |
| parent | neigh: fix possible DoS due to net iface start/stop loop (diff) | |
| download | linux-0ff4eb3d5ebbf72a7fc355e6001a0a6740662bf9.tar.xz linux-0ff4eb3d5ebbf72a7fc355e6001a0a6740662bf9.zip | |
neighbour: make proxy_queue.qlen limit per-device
Right now we have a neigh_param PROXY_QLEN which specifies maximum length
of neigh_table->proxy_queue. But in fact, this limitation doesn't work well
because check condition looks like:
tbl->proxy_queue.qlen > NEIGH_VAR(p, PROXY_QLEN)
The problem is that p (struct neigh_parms) is a per-device thing,
but tbl (struct neigh_table) is a system-wide global thing.
It seems reasonable to make proxy_queue limit per-device based.
v2:
- nothing changed in this patch
v3:
- rebase to net tree
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: David Ahern <dsahern@kernel.org>
Cc: Yajun Deng <yajun.deng@linux.dev>
Cc: Roopa Prabhu <roopa@nvidia.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Cc: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
Cc: Konstantin Khorenko <khorenko@virtuozzo.com>
Cc: kernel@openvz.org
Cc: devel@openvz.org
Suggested-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/ndisc.c')
0 files changed, 0 insertions, 0 deletions