Page MenuHomeFreeBSD
Differential D44478

icmp: improve ICMP limit jitter
ClosedPublic
Actions

Authored by glebius on Mar 22 2024, 9:49 PM.
Tags
None
Referenced Files
F86868691: D44478.diff
Wed, Jun 26, 6:58 PM
F86830642: D44478.diff
Wed, Jun 26, 5:53 AM
F86829892: D44478.diff
Wed, Jun 26, 5:37 AM
Unknown Object (File)
Sat, Jun 22, 6:28 AM
Unknown Object (File)
May 14 2024, 9:32 PM
Unknown Object (File)
May 14 2024, 9:31 PM
Unknown Object (File)
May 12 2024, 3:55 AM
Unknown Object (File)
May 12 2024, 3:46 AM
View All 15 Files
Subscribers
imp
melifaro
zlei

Details

Reviewers
kp
tuexen
zlei
Group Reviewers
network
Commits
rGd8acc7277cec: icmp: improve ICMP limit jitter
rGac44739fd834: icmp: improve ICMP limit jitter
Summary

Instead of fixing up invalid values set by a user in badport_bandlim()
which is a fast path function, provide a sysctl handler
sysctl_icmplim_and_jitter(), that will check that jitter is less than the
limit.

Provide jitter initilization function icmplim_new_jitter() used at boot,
in the sysctl handler and when we actually hit the limit. This also fixes
no jitter on a fresh booted system until first limit hit.

Instead of CVE number provide link the the actual paper that explains what
and why we are doing here. The CVE number isn't very informative, it will
just tell you what RedHat version you need to upgrade to.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 56749
Build 53637: arc lint + arc unit

Event Timeline

glebius created this revision.Mar 22 2024, 9:49 PM
Herald added subscribers: melifaro, imp. · View Herald TranscriptMar 22 2024, 9:49 PM
glebius requested review of this revision.Mar 22 2024, 9:49 PM
Harbormaster completed remote builds in B56749: Diff 136107.Mar 22 2024, 9:49 PM
glebius added a parent revision: D44477: icmp: when logging ICMP ratelimiting message use correct jitter value.Mar 22 2024, 9:49 PM
glebius added a child revision: D44479: icmp6: make icmp6_ratelimit() responsible to update the stats counter.
glebius added a reviewer: kp.Mar 22 2024, 9:56 PM
kp accepted this revision as: kp.Mar 23 2024, 3:38 AM
This revision is now accepted and ready to land.Mar 23 2024, 3:38 AM
tuexen accepted this revision.Mar 23 2024, 2:16 PM
zlei accepted this revision.Mar 24 2024, 2:34 PM
zlei added a subscriber: zlei.

Looks good to me.

Closed by commit rGac44739fd834: icmp: improve ICMP limit jitter (authored by glebius). · Explain WhyMar 24 2024, 4:21 PM
This revision was automatically updated to reflect the committed changes.
glebius added a commit: rGac44739fd834: icmp: improve ICMP limit jitter.
zlei added a commit: rGd8acc7277cec: icmp: improve ICMP limit jitter.Wed, Jun 26, 4:51 AM

Revision Contents
Changeset List

PathSize
sys/
netinet/
81 lines

Diff 136107

View Options

sys/netinet/ip_icmp.c

Loading...