Commit 9395b1bb1f14 for kernel

commit 9395b1bb1f14ae3fa1e4e2f7988f029cb1c009ed
Author: Eric Dumazet <edumazet@google.com>
Date:   Mon Feb 16 14:28:32 2026 +0000

    ipv6: icmp: icmpv6_xrlim_allow() optimization if net.ipv6.icmp.ratelimit is zero

    If net.ipv6.icmp.ratelimit is zero we do not have to call
    inet_getpeer_v6() and inet_peer_xrlim_allow().

    Both can be very expensive under DDOS.

    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
    Link: https://patch.msgid.link/20260216142832.3834174-6-edumazet@google.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 0f41ca6f3d83..813d2e9edb8b 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -220,8 +220,12 @@ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
 		int tmo = READ_ONCE(net->ipv6.sysctl.icmpv6_time);
 		struct inet_peer *peer;

-		peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr);
-		res = inet_peer_xrlim_allow(peer, tmo);
+		if (!tmo) {
+			res = true;
+		} else {
+			peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr);
+			res = inet_peer_xrlim_allow(peer, tmo);
+		}
 	}
 	rcu_read_unlock();
 	if (!res)