www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
	Fri, 12 Oct 2012 04:34:17 +0000 (04:34 +0000)
committer	Guangyu Sun <guangyu.sun@oracle.com>
	Tue, 6 Nov 2012 00:28:31 +0000 (16:28 -0800)
commit	4f894a2432f7e40607c23a4603cae13019f22f04
tree	2f9104803d6ff48e706c52c80a0d2f05474c2175	tree
parent	f9beb68283dd19315615e883a783cb7ad7fc316c	commit \| diff

tcp: resets are misrouted

[ Upstream commit 4c67525849e0b7f4bd4fab2487ec9e43ea52ef29 ]

After commit e2446eaa ("tcp_v4_send_reset: binding oif to iif in no
sock case").. tcp resets are always lost, when routing is asymmetric.
Yes, backing out that patch will result in misrouting of resets for
dead connections which used interface binding when were alive, but we
actually cannot do anything here.  What's died that's died and correct
handling normal unbound connections is obviously a priority.

Comment to comment:
> This has few benefits:
>   1. tcp_v6_send_reset already did that.

It was done to route resets for IPv6 link local addresses. It was a
mistake to do so for global addresses. The patch fixes this as well.

Actually, the problem appears to be even more serious than guaranteed
loss of resets.  As reported by Sergey Soloviev <sol@eqv.ru>, those
misrouted resets create a lot of arp traffic and huge amount of
unresolved arp entires putting down to knees NAT firewalls which use
asymmetric routing.

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Guangyu Sun <guangyu.sun@oracle.com>

net/ipv4/tcp_ipv4.c		diff \| blob \| history
net/ipv6/tcp_ipv6.c		diff \| blob \| history