implement net.inet.icmp.errppslimit.
make default value for net.inet.icmp.erratelimit to 0, as < 10ms value does not do the right thing.
This commit is contained in:
parent
8658157274
commit
ab492849bc
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: icmp_var.h,v 1.15 2000/06/10 12:39:20 darrenr Exp $ */
|
||||
/* $NetBSD: icmp_var.h,v 1.16 2000/07/10 09:31:29 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1982, 1986, 1993
|
||||
|
@ -63,13 +63,15 @@ struct icmpstat {
|
|||
#define ICMPCTL_MASKREPL 1 /* allow replies to netmask requests */
|
||||
#define ICMPCTL_ERRRATELIMIT 2 /* error rate limit */
|
||||
#define ICMPCTL_RETURNDATABYTES 3 /* # of bytes to include in errors */
|
||||
#define ICMPCTL_MAXID 4
|
||||
#define ICMPCTL_ERRPPSLIMIT 4 /* ICMP error pps limitation */
|
||||
#define ICMPCTL_MAXID 5
|
||||
|
||||
#define ICMPCTL_NAMES { \
|
||||
{ 0, 0 }, \
|
||||
{ "maskrepl", CTLTYPE_INT }, \
|
||||
{ "errratelimit", CTLTYPE_INT }, \
|
||||
{ "returndatabytes", CTLTYPE_INT }, \
|
||||
{ "errppslimit", CTLTYPE_INT }, \
|
||||
}
|
||||
|
||||
#ifdef _KERNEL
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: in_proto.c,v 1.39 2000/04/19 06:30:54 itojun Exp $ */
|
||||
/* $NetBSD: in_proto.c,v 1.40 2000/07/10 09:31:29 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
|
@ -303,4 +303,5 @@ int tcp_syn_cache_interval = 1; /* runs timer twice a second */
|
|||
|
||||
struct timeval tcp_rst_ratelim = { 0, 10000 }; /* 10000usec = 10msec */
|
||||
|
||||
struct timeval icmperrratelim = { 0, 1000 }; /* 1000usec = 1msec */
|
||||
struct timeval icmperrratelim = { 0, 0 }; /* no ratelimit */
|
||||
int icmperrppslim = 100; /* 100pps */
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ip_icmp.c,v 1.50 2000/07/06 12:51:40 itojun Exp $ */
|
||||
/* $NetBSD: ip_icmp.c,v 1.51 2000/07/10 09:31:30 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
|
@ -155,6 +155,9 @@ static int ip_next_mtu __P((int, int));
|
|||
#endif
|
||||
|
||||
extern struct timeval icmperrratelim;
|
||||
extern int icmperrppslim;
|
||||
static int icmperrpps_count = 0;
|
||||
static struct timeval icmperrppslim_last;
|
||||
|
||||
static void icmp_mtudisc __P((struct icmp *));
|
||||
static void icmp_mtudisc_timeout __P((struct rtentry *, struct rttimer *));
|
||||
|
@ -840,6 +843,9 @@ icmp_sysctl(name, namelen, oldp, oldlenp, newp, newlen)
|
|||
else
|
||||
error = EINVAL;
|
||||
break;
|
||||
case ICMPCTL_ERRPPSLIMIT:
|
||||
error = sysctl_int(oldp, oldlenp, newp, newlen, &icmperrppslim);
|
||||
break;
|
||||
default:
|
||||
error = ENOPROTOOPT;
|
||||
break;
|
||||
|
@ -1015,9 +1021,22 @@ icmp_ratelimit(dst, type, code)
|
|||
if (ia != NULL)
|
||||
return 0;
|
||||
|
||||
/* PPS limit */
|
||||
if (!ppsratecheck(&icmperrppslim_last, &icmperrpps_count,
|
||||
icmperrppslim)) {
|
||||
/* The packet is subject to rate limit */
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* ratecheck() returns true if it is okay to send. We return
|
||||
* true if it is not okay to send.
|
||||
*/
|
||||
return (ratecheck(&icmperrratelim_last, &icmperrratelim) == 0);
|
||||
if (!ratecheck(&icmperrratelim_last, &icmperrratelim)) {
|
||||
/* The packet is subject to rate limit */
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*okay to send*/
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue