Re: [PATCH] net/icmp: restore source address if packet is NATed

2017-06-25 Thread David Miller
From: "Jason A. Donenfeld" Date: Mon, 26 Jun 2017 00:52:09 +0200 > On Sun, Jun 25, 2017 at 5:49 PM, David Miller wrote: >> You definitely can't just rewrite header fields here either. The >> SKB could be shared, for example. > > I was afraid of that. It's

Re: [PATCH] net/icmp: restore source address if packet is NATed

2017-06-25 Thread David Miller
From: "Jason A. Donenfeld" Date: Mon, 26 Jun 2017 00:52:09 +0200 > On Sun, Jun 25, 2017 at 5:49 PM, David Miller wrote: >> You definitely can't just rewrite header fields here either. The >> SKB could be shared, for example. > > I was afraid of that. It's easy to rework this particular patch,

Re: [PATCH] net/icmp: restore source address if packet is NATed

2017-06-25 Thread Jason A. Donenfeld
Hi David, On Sun, Jun 25, 2017 at 5:49 PM, David Miller wrote: > This violates things on so many levels. Yes, indeed. > I think this kind of thing need to be hidden inside of netfilter, > it can do the rate limiting and stuff like that in the spot > where it makes the

Re: [PATCH] net/icmp: restore source address if packet is NATed

2017-06-25 Thread Jason A. Donenfeld
Hi David, On Sun, Jun 25, 2017 at 5:49 PM, David Miller wrote: > This violates things on so many levels. Yes, indeed. > I think this kind of thing need to be hidden inside of netfilter, > it can do the rate limiting and stuff like that in the spot > where it makes the transformation and knows

Re: [PATCH] net/icmp: restore source address if packet is NATed

2017-06-25 Thread David Miller
From: "Jason A. Donenfeld" Date: Sat, 24 Jun 2017 04:17:27 +0200 > The ICMP routines use the source address for two reasons: > > 1. Rate-limiting ICMP transmissions based on source address, so >that one source address cannot provoke a flood of replies. If >

Re: [PATCH] net/icmp: restore source address if packet is NATed

2017-06-25 Thread David Miller
From: "Jason A. Donenfeld" Date: Sat, 24 Jun 2017 04:17:27 +0200 > The ICMP routines use the source address for two reasons: > > 1. Rate-limiting ICMP transmissions based on source address, so >that one source address cannot provoke a flood of replies. If >the source address

[PATCH] net/icmp: restore source address if packet is NATed

2017-06-23 Thread Jason A. Donenfeld
The ICMP routines use the source address for two reasons: 1. Rate-limiting ICMP transmissions based on source address, so that one source address cannot provoke a flood of replies. If the source address is wrong, the rate limiting will be incorrectly applied. 2.

[PATCH] net/icmp: restore source address if packet is NATed

2017-06-23 Thread Jason A. Donenfeld
The ICMP routines use the source address for two reasons: 1. Rate-limiting ICMP transmissions based on source address, so that one source address cannot provoke a flood of replies. If the source address is wrong, the rate limiting will be incorrectly applied. 2.