Date: Wed, 12 Feb 2025 10:29:16 GMT From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 90ecc3fc679d - stable/13 - icmp6: rate limit our echo replies Message-ID: <202502121029.51CATGhq031551@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=90ecc3fc679d1df50772327d80e0d28f59e584af commit 90ecc3fc679d1df50772327d80e0d28f59e584af Author: Gleb Smirnoff <glebius@FreeBSD.org> AuthorDate: 2024-03-24 16:13:23 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2025-02-12 10:28:44 +0000 icmp6: rate limit our echo replies The generation of ICMP6_ECHO_REPLY bypasses icmp6_error(), thus rate limit was not applied. Reviewed by: tuexen, zlei Differential Revision: https://reviews.freebsd.org/D44480 (cherry picked from commit 32aeee8ce7e72738fff236ccd5629d55035458f8) --- sys/netinet6/icmp6.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 258f4bed794e..09cb893b57fe 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -536,6 +536,8 @@ icmp6_input(struct mbuf **mp, int *offp, int proto) icmp6_ifstat_inc(ifp, ifs6_in_echo); if (code != 0) goto badcode; + if (icmp6_ratelimit(&ip6->ip6_src, ICMP6_ECHO_REPLY, 0)) + break; if ((n = m_copym(m, 0, M_COPYALL, M_NOWAIT)) == NULL) { /* Give up remote */ break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202502121029.51CATGhq031551>