Changeset View
Changeset View
Standalone View
Standalone View
sys/netinet/ip_icmp.c
Show First 20 Lines • Show All 83 Lines • ▼ Show 20 Lines | |||||
* host table maintenance routines. | * host table maintenance routines. | ||||
*/ | */ | ||||
VNET_DEFINE_STATIC(int, icmplim) = 200; | VNET_DEFINE_STATIC(int, icmplim) = 200; | ||||
#define V_icmplim VNET(icmplim) | #define V_icmplim VNET(icmplim) | ||||
SYSCTL_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_VNET | CTLFLAG_RW, | SYSCTL_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_VNET | CTLFLAG_RW, | ||||
&VNET_NAME(icmplim), 0, | &VNET_NAME(icmplim), 0, | ||||
"Maximum number of ICMP responses per second"); | "Maximum number of ICMP responses per second"); | ||||
VNET_DEFINE_STATIC(int, icmpden) = 2; | |||||
#define V_icmpden VNET(icmpden) | |||||
SYSCTL_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmpden, CTLFLAG_VNET | CTLFLAG_RW, | |||||
&VNET_NAME(icmpden), 0, | |||||
"ICMP responses denominator"); | |||||
VNET_DEFINE_STATIC(int, icmplim_output) = 1; | VNET_DEFINE_STATIC(int, icmplim_output) = 1; | ||||
#define V_icmplim_output VNET(icmplim_output) | #define V_icmplim_output VNET(icmplim_output) | ||||
SYSCTL_INT(_net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_VNET | CTLFLAG_RW, | SYSCTL_INT(_net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_VNET | CTLFLAG_RW, | ||||
&VNET_NAME(icmplim_output), 0, | &VNET_NAME(icmplim_output), 0, | ||||
"Enable logging of ICMP response rate limiting"); | "Enable logging of ICMP response rate limiting"); | ||||
#ifdef INET | #ifdef INET | ||||
VNET_PCPUSTAT_DEFINE(struct icmpstat, icmpstat); | VNET_PCPUSTAT_DEFINE(struct icmpstat, icmpstat); | ||||
▲ Show 20 Lines • Show All 1,015 Lines • ▼ Show 20 Lines | |||||
} | } | ||||
VNET_SYSUNINIT(icmp_bandlimit, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, | VNET_SYSUNINIT(icmp_bandlimit, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, | ||||
icmp_bandlimit_uninit, NULL); | icmp_bandlimit_uninit, NULL); | ||||
int | int | ||||
badport_bandlim(int which) | badport_bandlim(int which) | ||||
{ | { | ||||
int64_t pps; | int64_t pps; | ||||
int icmp_bandlim; | |||||
if (V_icmplim == 0 || which == BANDLIM_UNLIMITED) | if (V_icmplim == 0 || which == BANDLIM_UNLIMITED) | ||||
return (0); | return (0); | ||||
KASSERT(which >= 0 && which < BANDLIM_MAX, | KASSERT(which >= 0 && which < BANDLIM_MAX, | ||||
("%s: which %d", __func__, which)); | ("%s: which %d", __func__, which)); | ||||
if (V_icmpden != 0) | |||||
icmp_bandlim = arc4random() % (V_icmplim / V_icmpden); | |||||
else | |||||
icmp_bandlim = V_icmplim; | |||||
pps = counter_ratecheck(&V_icmp_rates[which].cr, V_icmplim); | pps = counter_ratecheck(&V_icmp_rates[which].cr, V_icmplim); | ||||
yuripv: Should the rest of the function use `icmp_bandlim` instead of `V_icmplim`? | |||||
if (pps == -1) | if (pps == -1) | ||||
return (-1); | return (-1); | ||||
if (pps > 0 && V_icmplim_output) | if (pps > 0 && V_icmplim_output) | ||||
log(LOG_NOTICE, "Limiting %s from %jd to %d packets/sec\n", | log(LOG_NOTICE, "Limiting %s from %jd to %d packets/sec\n", | ||||
V_icmp_rates[which].descr, (intmax_t )pps, V_icmplim); | V_icmp_rates[which].descr, (intmax_t )pps, V_icmplim); | ||||
return (0); | return (0); | ||||
} | } |
Should the rest of the function use icmp_bandlim instead of V_icmplim?