From ab492849bc267caf8412298e7065f57cc2e691d2 Mon Sep 17 00:00:00 2001 From: itojun Date: Mon, 10 Jul 2000 09:31:29 +0000 Subject: [PATCH] implement net.inet.icmp.errppslimit. make default value for net.inet.icmp.erratelimit to 0, as < 10ms value does not do the right thing. --- sys/netinet/icmp_var.h | 6 ++++-- sys/netinet/in_proto.c | 5 +++-- sys/netinet/ip_icmp.c | 23 +++++++++++++++++++++-- 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/sys/netinet/icmp_var.h b/sys/netinet/icmp_var.h index 7f3d0d6e9df5..8c34361fa0ee 100644 --- a/sys/netinet/icmp_var.h +++ b/sys/netinet/icmp_var.h @@ -1,4 +1,4 @@ -/* $NetBSD: icmp_var.h,v 1.15 2000/06/10 12:39:20 darrenr Exp $ */ +/* $NetBSD: icmp_var.h,v 1.16 2000/07/10 09:31:29 itojun Exp $ */ /* * Copyright (c) 1982, 1986, 1993 @@ -63,13 +63,15 @@ struct icmpstat { #define ICMPCTL_MASKREPL 1 /* allow replies to netmask requests */ #define ICMPCTL_ERRRATELIMIT 2 /* error rate limit */ #define ICMPCTL_RETURNDATABYTES 3 /* # of bytes to include in errors */ -#define ICMPCTL_MAXID 4 +#define ICMPCTL_ERRPPSLIMIT 4 /* ICMP error pps limitation */ +#define ICMPCTL_MAXID 5 #define ICMPCTL_NAMES { \ { 0, 0 }, \ { "maskrepl", CTLTYPE_INT }, \ { "errratelimit", CTLTYPE_INT }, \ { "returndatabytes", CTLTYPE_INT }, \ + { "errppslimit", CTLTYPE_INT }, \ } #ifdef _KERNEL diff --git a/sys/netinet/in_proto.c b/sys/netinet/in_proto.c index bfa1872b680b..1cadd20c720e 100644 --- a/sys/netinet/in_proto.c +++ b/sys/netinet/in_proto.c @@ -1,4 +1,4 @@ -/* $NetBSD: in_proto.c,v 1.39 2000/04/19 06:30:54 itojun Exp $ */ +/* $NetBSD: in_proto.c,v 1.40 2000/07/10 09:31:29 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -303,4 +303,5 @@ int tcp_syn_cache_interval = 1; /* runs timer twice a second */ struct timeval tcp_rst_ratelim = { 0, 10000 }; /* 10000usec = 10msec */ -struct timeval icmperrratelim = { 0, 1000 }; /* 1000usec = 1msec */ +struct timeval icmperrratelim = { 0, 0 }; /* no ratelimit */ +int icmperrppslim = 100; /* 100pps */ diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 135c1ab6a5e7..26dd2c99b381 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip_icmp.c,v 1.50 2000/07/06 12:51:40 itojun Exp $ */ +/* $NetBSD: ip_icmp.c,v 1.51 2000/07/10 09:31:30 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -155,6 +155,9 @@ static int ip_next_mtu __P((int, int)); #endif extern struct timeval icmperrratelim; +extern int icmperrppslim; +static int icmperrpps_count = 0; +static struct timeval icmperrppslim_last; static void icmp_mtudisc __P((struct icmp *)); static void icmp_mtudisc_timeout __P((struct rtentry *, struct rttimer *)); @@ -840,6 +843,9 @@ icmp_sysctl(name, namelen, oldp, oldlenp, newp, newlen) else error = EINVAL; break; + case ICMPCTL_ERRPPSLIMIT: + error = sysctl_int(oldp, oldlenp, newp, newlen, &icmperrppslim); + break; default: error = ENOPROTOOPT; break; @@ -1015,9 +1021,22 @@ icmp_ratelimit(dst, type, code) if (ia != NULL) return 0; + /* PPS limit */ + if (!ppsratecheck(&icmperrppslim_last, &icmperrpps_count, + icmperrppslim)) { + /* The packet is subject to rate limit */ + return 1; + } + /* * ratecheck() returns true if it is okay to send. We return * true if it is not okay to send. */ - return (ratecheck(&icmperrratelim_last, &icmperrratelim) == 0); + if (!ratecheck(&icmperrratelim_last, &icmperrratelim)) { + /* The packet is subject to rate limit */ + return 1; + } + + /*okay to send*/ + return 0; }