diff options
author | JP Abgrall <jpa@google.com> | 2013-06-28 17:06:00 -0700 |
---|---|---|
committer | JP Abgrall <jpa@google.com> | 2013-06-28 17:06:00 -0700 |
commit | 340d5ccf04d4d441d8dd1788a7925d0313038b7c (patch) | |
tree | 6450d874d1276fd12c0e494e99cf05c212ce699b | |
parent | baeccc455b293c2c83dbe6463f56b741177bd612 (diff) | |
download | netd-340d5ccf04d4d441d8dd1788a7925d0313038b7c.tar.gz |
BandwidthController: reject with port-unreachable to prevent TCP retries.
Currently the bandwidth controller will cut off traffic via an ICMP
destination unreachable message with code "administratively prohibited".
TCP's RFC1122 does not explicitly say what to do with it, but it does say
to abort the transmission when "port-unreachable" is seen.
Some servers keep on retrying with the "prohibited" ICMP message which
keeps the radio longer awake as more packets come in.
Bug: 9150002
Change-Id: I6eb1c3ae41c3890f26581a4b7464821b7ffb85f4
-rw-r--r-- | BandwidthController.cpp | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/BandwidthController.cpp b/BandwidthController.cpp index f720e0c3..277f3209 100644 --- a/BandwidthController.cpp +++ b/BandwidthController.cpp @@ -168,15 +168,12 @@ int BandwidthController::runIptablesCmd(const char *cmd, IptRejectOp rejectHandl std::string fullCmd = cmd; if (rejectHandling == IptRejectAdd) { - fullCmd += " --jump REJECT --reject-with"; - switch (iptVer) { - case IptIpV4: - fullCmd += " icmp-net-prohibited"; - break; - case IptIpV6: - fullCmd += " icmp6-adm-prohibited"; - break; - } + /* + * Must be carefull what one rejects with, as uper layer protocols will just + * keep on hammering the device until the number of retries are done. + * For port-unreachable (default), TCP should consider as an abort (RFC1122). + */ + fullCmd += " --jump REJECT"; } fullCmd.insert(0, " "); |