Use ratecheck() for ICMP6 rate limiting.

2000-02-14 19:45:50 +00:00 · 2000-02-14 19:45:50 +00:00 · 144759ef2b
commit 144759ef2b
parent 2649d26c0e
2 changed files with 25 additions and 30 deletions
--- a/sys/netinet6/icmp6.c
+++ b/sys/netinet6/icmp6.c
@ -1,4 +1,4 @@
-/*	$NetBSD: icmp6.c,v 1.19 2000/02/06 12:49:42 itojun Exp $	*/
+/*	$NetBSD: icmp6.c,v 1.20 2000/02/14 19:45:50 thorpej Exp $	*/

 /*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -113,7 +113,7 @@ extern u_char ip6_protox[];
 struct icmp6stat icmp6stat;

 extern struct in6pcb rawin6pcb;
-extern u_int icmp6errratelim;
+extern struct timeval icmp6errratelim;
 extern int icmp6_nodeinfo;
 static struct rttimer_queue *icmp6_mtudisc_timeout_q = NULL;
 extern int pmtu_expire;
@ -133,7 +133,6 @@ static void icmp6_mtudisc_timeout __P((struct rtentry *, struct rttimer *));
 #ifdef COMPAT_RFC1885
 static struct route_in6 icmp6_reflect_rt;
 #endif 
-static struct timeval icmp6_nextsend = {0, 0};

 void
 icmp6_init()
@ -1967,30 +1966,13 @@ icmp6_ratelimit(dst, type, code)
 	const int type;			/* not used at this moment */
 	const int code;			/* not used at this moment */
 {
-	struct timeval tp;
-	long sec_diff, usec_diff;
+	static struct timeval icmp6errratelim_last;

-	/* If we are not doing rate limitation, it is always okay to send */
-	if (!icmp6errratelim)
-		return 0;
-
-	tp = time;
-	if (tp.tv_sec < icmp6_nextsend.tv_sec
-	 || (tp.tv_sec == icmp6_nextsend.tv_sec
-	  && tp.tv_usec < icmp6_nextsend.tv_usec)) {
-		/* The packet is subject to rate limit */
-		return 1;
-	}
-	sec_diff = icmp6errratelim / 1000000;
-	usec_diff = icmp6errratelim % 1000000;
-	icmp6_nextsend.tv_sec = tp.tv_sec + sec_diff;
-	if ((tp.tv_usec = tp.tv_usec + usec_diff) >= 1000000) {
-		icmp6_nextsend.tv_sec++;
-		icmp6_nextsend.tv_usec -= 1000000;
-	}
-
-	/* it is okay to send this */
-	return 0;
+	/*
+	 * ratecheck() returns true if it is okay to send.  We return
+	 * true if it is not okay to send.
+	 */
+	return (ratecheck(&icmp6errratelim_last, &icmp6errratelim) == 0);
 }

 static struct rtentry *
@ -2077,8 +2059,21 @@ icmp6_sysctl(name, namelen, oldp, oldlenp, newp, newlen)
 		return sysctl_rdstruct(oldp, oldlenp, newp,
 				&icmp6stat, sizeof(icmp6stat));
 	case ICMPV6CTL_ERRRATELIMIT:
-		return sysctl_int(oldp, oldlenp, newp, newlen,
-				  &icmp6errratelim);
+	    {
+		int rate_usec, error;
+
+		/*
+		 * The sysctl specifies the rate in usec-between-icmp,
+		 * so we must convert to a timeval.
+		 */
+		error = sysctl_int(oldp, oldlenp, newp, newlen, &rate_usec);
+		if (error)
+			return (error);
+		icmp6errratelim.tv_sec = rate_usec / 1000000;
+		icmp6errratelim.tv_usec = rate_usec % 1000000;
+
+		return (0);
+	    }
 	case ICMPV6CTL_ND6_PRUNE:
 		return sysctl_int(oldp, oldlenp, newp, newlen, &nd6_prune);
 	case ICMPV6CTL_ND6_DELAY:
--- a/sys/netinet6/in6_proto.c
+++ b/sys/netinet6/in6_proto.c
@ -1,4 +1,4 @@
-/*	$NetBSD: in6_proto.c,v 1.13 2000/02/06 12:49:45 itojun Exp $	*/
+/*	$NetBSD: in6_proto.c,v 1.14 2000/02/14 19:45:50 thorpej Exp $	*/

 /*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -322,7 +322,7 @@ u_long	rip6_recvspace = RIPV6RCVQ;
 /* ICMPV6 parameters */
 int	icmp6_rediraccept = 1;		/* accept and process redirects */
 int	icmp6_redirtimeout = 10 * 60;	/* 10 minutes */
-u_int	icmp6errratelim = 1000;		/* 1000usec = 1msec */
+struct timeval icmp6errratelim = { 0, 1000 }; /* 1000usec = 1msec */
 int	icmp6_nodeinfo = 1;		/* enable/disable NI response */

 #ifdef TCP6