Merge branch 'next' into for-linus

Prepare input updates for 4.14 merge window.
author: Dmitry Torokhov <dmitry.torokhov@gmail.com> 2017-09-04 09:22:54 -0700
committer: Dmitry Torokhov <dmitry.torokhov@gmail.com> 2017-09-04 09:22:54 -0700
commit: a6cbfa1e6d38c4b3ab0ce7e3aea4bb4e744f24b8 (patch)
tree: 8960e571a398b5d32e72bdb9c89ce965daa870ab /net/ipv4/icmp.c
parent: f5308d1b83eba20e69df5e0926ba7257c8dd9074 (diff)
parent: 08d6ac9ee5fedd82040bc878705981b67a116a3f (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 43318b5f5647..9144fa7df2ad 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -657,8 +657,12 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
 	/* Needed by both icmp_global_allow and icmp_xmit_lock */
 	local_bh_disable();
 
-	/* Check global sysctl_icmp_msgs_per_sec ratelimit */
-	if (!icmpv4_global_allow(net, type, code))
+	/* Check global sysctl_icmp_msgs_per_sec ratelimit, unless
+	 * incoming dev is loopback.  If outgoing dev change to not be
+	 * loopback, then peer ratelimit still work (in icmpv4_xrlim_allow)
+	 */
+	if (!(skb_in->dev && (skb_in->dev->flags&IFF_LOOPBACK)) &&
+	      !icmpv4_global_allow(net, type, code))
 		goto out_bh_enable;
 
 	sk = icmp_xmit_lock(net);
author	Dmitry Torokhov <dmitry.torokhov@gmail.com>	2017-09-04 09:22:54 -0700
committer	Dmitry Torokhov <dmitry.torokhov@gmail.com>	2017-09-04 09:22:54 -0700
commit	a6cbfa1e6d38c4b3ab0ce7e3aea4bb4e744f24b8 (patch)
tree	8960e571a398b5d32e72bdb9c89ce965daa870ab /net/ipv4/icmp.c
parent	f5308d1b83eba20e69df5e0926ba7257c8dd9074 (diff)
parent	08d6ac9ee5fedd82040bc878705981b67a116a3f (diff)