Differential D44478

icmp: improve ICMP limit jitter
ClosedPublic
Actions

Authored by glebius on Mar 22 2024, 9:49 PM.

Tags

None

Referenced Files

	F103361918: D44478.diff
	Sun, Nov 24, 1:23 AM

	F103345270: D44478.id136162.diff
	Sat, Nov 23, 8:32 PM

	Unknown Object (File)
	Sat, Nov 23, 7:01 AM

	Unknown Object (File)
	Fri, Nov 22, 11:43 PM

	Unknown Object (File)
	Wed, Nov 20, 10:25 PM

	Unknown Object (File)
	Wed, Nov 20, 4:18 AM

	Unknown Object (File)
	Tue, Nov 19, 6:59 AM

	Unknown Object (File)
	Fri, Nov 15, 12:46 PM

View All 84 Files

Subscribers

Details

Reviewers

kp
tuexen
zlei

Group Reviewers

Commits

rGd8acc7277cec: icmp: improve ICMP limit jitter
rGac44739fd834: icmp: improve ICMP limit jitter

Summary

Instead of fixing up invalid values set by a user in badport_bandlim()
which is a fast path function, provide a sysctl handler
sysctl_icmplim_and_jitter(), that will check that jitter is less than the
limit.

Provide jitter initilization function icmplim_new_jitter() used at boot,
in the sysctl handler and when we actually hit the limit. This also fixes
no jitter on a fresh booted system until first limit hit.

Instead of CVE number provide link the the actual paper that explains what
and why we are doing here. The CVE number isn't very informative, it will
just tell you what RedHat version you need to upgrade to.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 56749
Build 53637: arc lint + arc unit

Event Timeline

glebius created this revision.Mar 22 2024, 9:49 PM

Herald added subscribers: melifaro, imp. · View Herald TranscriptMar 22 2024, 9:49 PM

glebius requested review of this revision.Mar 22 2024, 9:49 PM

Harbormaster completed remote builds in B56749: Diff 136107.Mar 22 2024, 9:49 PM

glebius added a parent revision: D44477: icmp: when logging ICMP ratelimiting message use correct jitter value.Mar 22 2024, 9:49 PM

glebius added a child revision: D44479: icmp6: make icmp6_ratelimit() responsible to update the stats counter.

glebius added a reviewer: kp.Mar 22 2024, 9:56 PM

kp accepted this revision as: kp.Mar 23 2024, 3:38 AM

This revision is now accepted and ready to land.Mar 23 2024, 3:38 AM

tuexen accepted this revision.Mar 23 2024, 2:16 PM

Looks good to me.

Closed by commit rGac44739fd834: icmp: improve ICMP limit jitter (authored by glebius). · Explain WhyMar 24 2024, 4:21 PM

This revision was automatically updated to reflect the committed changes.

glebius added a commit: rGac44739fd834: icmp: improve ICMP limit jitter.

zlei added a commit: rGd8acc7277cec: icmp: improve ICMP limit jitter.Jun 26 2024, 4:51 AM

Revision Contents
Changeset List

Path

Size

sys/

netinet/

81 lines

Diff 136107

sys/netinet/ip_icmp.c

Loading...