Page MenuHomeFreeBSD
Differential D44479

icmp6: make icmp6_ratelimit() responsible to update the stats counter
ClosedPublic
Actions

Authored by glebius on Mar 22 2024, 9:49 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, May 27, 1:14 AM
Unknown Object (File)
May 14 2024, 9:31 PM
Unknown Object (File)
May 14 2024, 9:30 PM
Unknown Object (File)
May 12 2024, 3:55 AM
Unknown Object (File)
May 12 2024, 3:46 AM
Unknown Object (File)
May 2 2024, 6:55 AM
Unknown Object (File)
Apr 27 2024, 1:14 AM
Unknown Object (File)
Apr 21 2024, 7:53 PM
View All 12 Files
Subscribers
ae
imp
melifaro
zlei

Details

Reviewers
tuexen
Group Reviewers
network
Commits
rGc6c96aaba8dd: icmp6: make icmp6_ratelimit() responsible to update the stats counter

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

glebius created this revision.Mar 22 2024, 9:49 PM
Herald added subscribers: melifaro, ae, imp. · View Herald TranscriptMar 22 2024, 9:49 PM
glebius requested review of this revision.Mar 22 2024, 9:49 PM
Harbormaster completed remote builds in B56750: Diff 136108.Mar 22 2024, 9:49 PM
glebius added a parent revision: D44478: icmp: improve ICMP limit jitter.Mar 22 2024, 9:49 PM
glebius added a child revision: D44480: icmp6: rate limit our echo replies.
tuexen accepted this revision.Mar 23 2024, 2:22 PM
This revision is now accepted and ready to land.Mar 23 2024, 2:22 PM
zlei added a subscriber: zlei.Mar 24 2024, 2:48 PM
zlei added inline comments.
sys/netinet6/icmp6.c
2745

There are consumers that do not increase statistic icp6s_toofreq such as

  1. icmp6_redirect_output() in sys/netinet6/icmp6.c
  2. pf_send_icmp() in sys/netpfil/pf/pf.c
  3. nat64_icmp6_reflect() in sys/netpfil/ipfw/nat64/nat64_translate.c

I'm not sure those are intended or not but I like the current implementation of icmp6_ratelimit() as it is simple and follows the single responsibility principle.

zlei mentioned this in D44480: icmp6: rate limit our echo replies.Mar 24 2024, 2:59 PM
glebius added inline comments.Mar 24 2024, 4:01 PM
sys/netinet6/icmp6.c
2745

I'm convinced that consumers that didn't update icp6s_toofreq will now be fixed. Every return of a positive value from icmp6_ratelimit() means a dropped (or suppressed) packet. Such packets shall be counted. The "too frequent" counter is the right and the only counter that fits this purpose. Here is how it is visible to a user with netstat(1):

inet6.c:        p(icp6s_toofreq, "\t{:errors-discarded-by-rate-limitation/%ju} "

We can create a separate counter to count non-errors (e.g. echo replies) separately. I won't be against that, so if anyone makes a review - I'd approve. However, I see little value in additional counter, so I won't do that myself. But not counting at all is definitely a problem and must be fixed.

Closed by commit rGc6c96aaba8dd: icmp6: make icmp6_ratelimit() responsible to update the stats counter (authored by glebius). · Explain WhyMar 24 2024, 4:21 PM
This revision was automatically updated to reflect the committed changes.
glebius added a commit: rGc6c96aaba8dd: icmp6: make icmp6_ratelimit() responsible to update the stats counter.

Revision Contents
Changeset List

PathSize
sys/
netinet6/
5 lines

Diff 136163

View Options

sys/netinet6/icmp6.c

Loading...