linux-sg2042/net/ipv6
Alexey Kuznetsov 4c67525849 tcp: resets are misrouted
After commit e2446eaa ("tcp_v4_send_reset: binding oif to iif in no
sock case").. tcp resets are always lost, when routing is asymmetric.
Yes, backing out that patch will result in misrouting of resets for
dead connections which used interface binding when were alive, but we
actually cannot do anything here.  What's died that's died and correct
handling normal unbound connections is obviously a priority.

Comment to comment:
> This has few benefits:
>   1. tcp_v6_send_reset already did that.

It was done to route resets for IPv6 link local addresses. It was a
mistake to do so for global addresses. The patch fixes this as well.

Actually, the problem appears to be even more serious than guaranteed
loss of resets.  As reported by Sergey Soloviev <sol@eqv.ru>, those
misrouted resets create a lot of arp traffic and huge amount of
unresolved arp entires putting down to knees NAT firewalls which use
asymmetric routing.

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
2012-10-12 13:52:40 -04:00
..
netfilter nf_defrag_ipv6: fix oops on module unloading 2012-09-27 18:14:55 -04:00
Kconfig gre: Support GRE over IPv6 2012-08-14 14:28:32 -07:00
Makefile gre: Support GRE over IPv6 2012-08-14 14:28:32 -07:00
addrconf.c ipv6: don't add link local route when there is no link local address 2012-10-02 22:36:23 -04:00
addrconf_core.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
addrlabel.c sections: fix section conflicts in net 2012-10-06 03:04:45 +09:00
af_inet6.c ipv6: gro: fix PV6_GRO_CB(skb)->proto problem 2012-10-08 15:40:43 -04:00
ah6.c ipv6: Add redirect support to all protocol icmp error handlers. 2012-07-12 00:25:15 -07:00
anycast.c ipv6: bool/const conversions phase2 2012-05-19 01:08:16 -04:00
datagram.c ipv6: bool/const conversions phase2 2012-05-19 01:08:16 -04:00
esp6.c net: ipv6: fix error return code 2012-08-31 16:27:48 -04:00
exthdrs.c net: Remove casts to same type 2012-06-04 11:45:11 -04:00
exthdrs_core.c ipv6: bool/const conversions phase2 2012-05-19 01:08:16 -04:00
fib6_rules.c sections: fix section conflicts in net 2012-10-06 03:04:45 +09:00
icmp.c ipv6: Use icmpv6_notify() to propagate redirect, instead of rt6_redirect(). 2012-07-12 00:33:37 -07:00
inet6_connection_sock.c ipv6: use net->rt_genid to check dst validity 2012-09-18 15:57:03 -04:00
inet6_hashtables.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
ip6_fib.c ipv6: return errno pointers consistently for fib6_add_1() 2012-09-28 18:48:28 -04:00
ip6_flowlabel.c ipv6: move dereference after check in fl_free() 2012-08-16 16:04:42 -07:00
ip6_gre.c ipv6: gre: remove ip6gre_header_parse() 2012-09-27 18:49:22 -04:00
ip6_input.c net: TCP early demux cleanup 2012-07-30 14:53:21 -07:00
ip6_output.c net: use a per task frag allocator 2012-09-24 16:31:37 -04:00
ip6_tunnel.c gre: information leak in ip6_tnl_ioctl() 2012-08-20 02:21:30 -07:00
ip6mr.c sections: fix section conflicts in net 2012-10-06 03:04:45 +09:00
ipcomp6.c ipv6: Add redirect support to all protocol icmp error handlers. 2012-07-12 00:25:15 -07:00
ipv6_sockglue.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
mcast.c ipv6: fix unappropriate errno returned for non-multicast address 2012-07-17 01:35:03 -07:00
mip6.c ipv6: mip6: fix mip6_mh_filter() 2012-09-25 16:04:44 -04:00
ndisc.c ipv6: Use icmpv6_notify() to propagate redirect, instead of rt6_redirect(). 2012-07-12 00:33:37 -07:00
netfilter.c netfilter: ipv6: expand skb head in ip6_route_me_harder after oif change 2012-08-30 03:00:15 +02:00
proc.c net: ipv6: proc: Fix error handling 2012-08-14 14:45:07 -07:00
protocol.c inet: Sanitize inet{,6} protocol demux. 2012-06-19 18:56:21 -07:00
raw.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-09-28 14:40:49 -04:00
reassembly.c ipv6: unify fragment thresh handling code 2012-09-19 17:23:28 -04:00
route.c ipv6: release reference of ip6_null_entry's dst entry in __ip6_del_rt 2012-10-04 16:00:07 -04:00
sit.c xfrm: remove extranous rcu_read_lock 2012-09-27 18:12:37 -04:00
syncookies.c tcp: TCP Fast Open Server - support TFO listeners 2012-08-31 20:02:19 -04:00
sysctl_net_ipv6.c net: Delete all remaining instances of ctl_path 2012-04-20 21:22:30 -04:00
tcp_ipv6.c tcp: resets are misrouted 2012-10-12 13:52:40 -04:00
tunnel6.c net: ipv6: Standardize prefixes for message logging 2012-05-16 01:01:03 -04:00
udp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-09-15 11:43:53 -04:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udplite.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
xfrm6_input.c netfilter: ipv6: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:49 +01:00
xfrm6_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm6_mode_tunnel.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_output.c xfrm6: remove unneeded NULL check in __xfrm6_output() 2012-02-01 02:52:48 -05:00
xfrm6_policy.c net: ipv6: fix oops in inet_putpeer() 2012-08-20 02:56:56 -07:00
xfrm6_state.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
xfrm6_tunnel.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00