From: Paolo Abeni <pab...@redhat.com>
Date: Fri, 4 Oct 2019 15:11:17 +0200
> Since commit c09551c6ff7f ("net: ipv4: use a dedicated counter
> for icmp_v4 redirect packets") we use 'n_redirects' to account
> for redirect packets, but we still use 'rate_tokens' to compute
> the redirect packets exponential backoff.
>
> If the device sent to the relevant peer any ICMP error packet
> after sending a redirect, it will also update 'rate_token' according
> to the leaking bucket schema; typically 'rate_token' will raise
> above BITS_PER_LONG and the redirect packets backoff algorithm
> will produce undefined behavior.
>
> Fix the issue using 'n_redirects' to compute the exponential backoff
> in ip_rt_send_redirect().
>
> Note that we still clear rate_tokens after a redirect silence period,
> to avoid changing an established behaviour.
>
> The root cause predates git history; before the mentioned commit in
> the critical scenario, the kernel stopped sending redirects, after
> the mentioned commit the behavior more randomic.
>
> Reported-by: Xiumei Mu <x...@redhat.com>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Fixes: c09551c6ff7f ("net: ipv4: use a dedicated counter for icmp_v4 redirect
> packets")
> Signed-off-by: Paolo Abeni <pab...@redhat.com>
Applied and queued up for -stable.
