This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Tests for res_init
On Sat, Jun 3, 2017 at 10:39 PM, Florian Weimer <fweimer@redhat.com> wrote:
> On 06/04/2017 07:10 AM, H.J. Lu wrote:
>
>> This commit:
>>
>> commit c0303efeab7391ec51c337e0ac5740860ad01fe7
>> Author: Jesper Dangaard Brouer <brouer@redhat.com>
>> Date: Mon Jan 9 16:04:09 2017 +0100
>>
>> net: reduce cycles spend on ICMP replies that gets rate limited
>>
>> This patch split the global and per (inet)peer ICMP-reply limiter
>> code, and moves the global limit check to earlier in the packet
>> processing path. Thus, avoid spending cycles on ICMP replies that
>> gets limited/suppressed anyhow.
>>
>> The global ICMP rate limiter icmp_global_allow() is a good solution,
>> it just happens too late in the process. The kernel goes through the
>> full route lookup (return path) for the ICMP message, before taking
>> the rate limit decision of not sending the ICMP reply.
>>
>> Details: The kernels global rate limiter for ICMP messages got added
>> in commit 4cdf507d5452 ("icmp: add a global rate limitation"). It is
>> a token bucket limiter with a global lock. It brilliantly avoids
>> locking congestion by only updating when 20ms (HZ/50) were elapsed. It
>> can then avoids taking lock when credit is exhausted (when under
>> pressure) and time constraint for refill is not yet meet.
>>
>> Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
>> Acked-by: Eric Dumazet <edumazet@google.com>
>> Signed-off-by: David S. Miller <davem@davemloft.net>
>>
>> is the culprit. This patch for kernel 4.11.3 reverts it and fixes
>> my problems.
>
> Makes sense. There does not seem to be any check left that localhost
> responses aren't rate-limited. Furthermore, the rate limit is not
> namespace-specific, so the network namespace used in the test doesn't
> provide any isolation.
>
> I think I'll have enough information to write a reduced test case, and
> I'll approach the kernel developers to get this fixed upstream.
>
I opened a Fedora 25 bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1458586
Hopefully, I will be notified when it is fixed in Fedora 25.
--
H.J.