ipv6: icmp: remove obsolete code in icmpv6_xrlim_allow()

Following part was needed before the blamed commit, because
inet_getpeer_v6() second argument was the prefix.

	/* Give more bandwidth to wider prefixes. */
	if (rt->rt6i_dst.plen < 128)
		tmo >>= ((128 - rt->rt6i_dst.plen)>>5);

Now inet_getpeer_v6() retrieves hosts, we need to remove
@tmo adjustement or wider prefixes likes /24 allow 8x
more ICMP to be sent for a given ratelimit.

As we had this issue for a while, this patch changes net.ipv6.icmp.ratelimit
default value from 1000ms to 100ms to avoid potential regressions.

Also add a READ_ONCE() when reading net->ipv6.sysctl.icmpv6_time.

Fixes: fd0273d7939f ("ipv6: Remove external dependency on rt6i_dst and rt6i_src")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Cc: Martin KaFai Lau <martin.lau@kernel.org>
Link: https://patch.msgid.link/20260216142832.3834174-4-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst
index 28c7e4f5ecf9e6b7519659e4e3eee7da508ded29..6921d8594b8493a25d62ffd586d0b9f6527409cb 100644 (file)
--- a/Documentation/networking/ip-sysctl.rst
+++ b/Documentation/networking/ip-sysctl.rst
@@ -3234,12 +3234,13 @@ enhanced_dad - BOOLEAN
 ===========
 
 ratelimit - INTEGER
-       Limit the maximal rates for sending ICMPv6 messages.
+       Limit the maximal rates for sending ICMPv6 messages to a particular
+       peer.
 
        0 to disable any limiting,
-       otherwise the minimal space between responses in milliseconds.
+       otherwise the space between responses in milliseconds.
 
-       Default: 1000
+       Default: 100
 
 ratemask - list of comma separated ranges
        For ICMPv6 message types matching the ranges in the ratemask, limit

diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 31ba677d0442a861fc87e163b43a0aa1df88d8d4..69be0a67a14009771b8662328fff9de7bb98101b 100644 (file)
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -952,7 +952,7 @@ static int __net_init inet6_net_init(struct net *net)
        int err = 0;
 
        net->ipv6.sysctl.bindv6only = 0;
-       net->ipv6.sysctl.icmpv6_time = 1*HZ;
+       net->ipv6.sysctl.icmpv6_time = HZ / 10;
        net->ipv6.sysctl.icmpv6_echo_ignore_all = 0;
        net->ipv6.sysctl.icmpv6_echo_ignore_multicast = 0;
        net->ipv6.sysctl.icmpv6_echo_ignore_anycast = 0;

diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 375ecd779fda5e323841c3d664ded6aadd653dfd..0f41ca6f3d83e86ce97ce5a30613f58f4dc22dad 100644 (file)
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -217,14 +217,9 @@ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
        } else if (dev && (dev->flags & IFF_LOOPBACK)) {
                res = true;
        } else {
-               struct rt6_info *rt = dst_rt6_info(dst);
-               int tmo = net->ipv6.sysctl.icmpv6_time;
+               int tmo = READ_ONCE(net->ipv6.sysctl.icmpv6_time);
                struct inet_peer *peer;
 
-               /* Give more bandwidth to wider prefixes. */
-               if (rt->rt6i_dst.plen < 128)
-                       tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
-
                peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr);
                res = inet_peer_xrlim_allow(peer, tmo);
        }