From owner-freebsd-net Thu Nov 14 10:46:39 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE5D037B401 for ; Thu, 14 Nov 2002 10:46:36 -0800 (PST) Received: from out8.mx.nwbl.wi.voyager.net (out8.mx.nwbl.wi.voyager.net [169.207.3.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34BD943E4A for ; Thu, 14 Nov 2002 10:46:36 -0800 (PST) (envelope-from silby@silby.com) Received: from [10.1.1.6] (d155.as12.nwbl0.wi.voyager.net [169.207.136.157]) by out8.mx.nwbl.wi.voyager.net (Postfix) with ESMTP id E58AE3BFB9; Thu, 14 Nov 2002 12:45:51 -0600 (CST) Date: Thu, 14 Nov 2002 12:51:25 -0600 (CST) From: Mike Silbersack To: "."@babolo.ru Cc: Tony Finch , Subject: Re: forwarded message on Source Quench Packets. In-Reply-To: <200211122103.gACL36X3054512@aaz.links.ru> Message-ID: <20021114124957.D521-200000@patrocles.silby.com> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1421922239-1037299873=:521" Content-ID: <20021114125121.I521@patrocles.silby.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-1421922239-1037299873=:521 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-ID: <20021114125121.Y521@patrocles.silby.com> On Wed, 13 Nov 2002 .@babolo.ru wrote: > > Mike Silbersack wrote: > > > > > >I can see how these source quench messages would cause problems if a DoS > > >is being routed through a FreeBSD router, and I think that your patch > > >makes sense. Are there any objections to me committing this in a few > > >days? > > > > Doesn't FreeBSD rate-limit ICMP as required by the RFC? If there is a > > but it's that the rate-limiting isn't happening, not that source-quench > > packets are being generated. If it's important that FreeBSD routers not > > generate them then it should be a sysctl option. > I am second for a sysctl option. > One of requirements when licensing networks > in Russia is source-quench support. Ok, here's the patch I intend to commit; please give it a quick lookover to see if I made any mistakes. This should provde the sysctl functionality requested. Thanks, Mike "Silby" Silbersack --0-1421922239-1037299873=:521 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME="ip_input.c-disablesourcequench.patch" Content-Transfer-Encoding: BASE64 Content-ID: <20021114125113.P521@patrocles.silby.com> Content-Description: Content-Disposition: ATTACHMENT; FILENAME="ip_input.c-disablesourcequench.patch" ZGlmZiAtdSAtciAvdXNyL3NyYy9zeXMub2xkL25ldGluZXQvaXBfaW5wdXQu YyAvdXNyL3NyYy9zeXMvbmV0aW5ldC9pcF9pbnB1dC5jDQotLS0gL3Vzci9z cmMvc3lzLm9sZC9uZXRpbmV0L2lwX2lucHV0LmMJVGh1IE5vdiAxNCAxMjoz Nzo0MyAyMDAyDQorKysgL3Vzci9zcmMvc3lzL25ldGluZXQvaXBfaW5wdXQu YwlUaHUgTm92IDE0IDEyOjQ1OjIxIDIwMDINCkBAIC0xMjUsNiArMTI1LDEx IEBADQogCSZpcF9tYXhmcmFncGFja2V0cywgMCwNCiAJIk1heGltdW0gbnVt YmVyIG9mIElQdjQgZnJhZ21lbnQgcmVhc3NlbWJseSBxdWV1ZSBlbnRyaWVz Iik7DQogDQorc3RhdGljIGludAlpcF9zZW5kc291cmNlcXVlbmNoID0gMDsN CitTWVNDVExfSU5UKF9uZXRfaW5ldF9pcCwgT0lEX0FVVE8sIHNlbmRzb3Vy Y2VxdWVuY2gsIENUTEZMQUdfUlcsDQorCSZpcF9zZW5kc291cmNlcXVlbmNo LCAwLA0KKwkiRW5hYmxlIHRoZSB0cmFuc21pc3Npb24gb2Ygc291cmNlIHF1 ZW5jaCBwYWNrZXRzIik7DQorDQogLyoNCiAgKiBYWFggLSBTZXR0aW5nIGlw X2NoZWNraW50ZXJmYWNlIG1vc3RseSBpbXBsZW1lbnRzIHRoZSByZWNlaXZl IHNpZGUgb2YNCiAgKiB0aGUgU3Ryb25nIEVTIG1vZGVsIGRlc2NyaWJlZCBp biBSRkMgMTEyMiwgYnV0IHNpbmNlIHRoZSByb3V0aW5nIHRhYmxlDQpAQCAt MTk3MCw4ICsxOTc1LDIxIEBADQogCQlicmVhazsNCiANCiAJY2FzZSBFTk9C VUZTOg0KLQkJdHlwZSA9IElDTVBfU09VUkNFUVVFTkNIOw0KLQkJY29kZSA9 IDA7DQorCQkvKg0KKwkJICogQSByb3V0ZXIgc2hvdWxkIG5vdCBnZW5lcmF0 ZSBJQ01QX1NPVVJDRVFVRU5DSCBhcw0KKwkJICogcmVxdWlyZWQgaW4gUkZD MTgxMiBSZXF1aXJlbWVudHMgZm9yIElQIFZlcnNpb24gNCBSb3V0ZXJzLg0K KwkJICogU291cmNlIHF1ZW5jaCBjb3VsZCBiZSBhIGJpZyBwcm9ibGVtIHVu ZGVyIERvUyBhdHRhY2tzLA0KKwkJICogb3IgaWYgdGhlIHVuZGVybHlpbmcg aW50ZXJmYWNlIGlzIHJhdGUtbGltaXRlZC4NCisJCSAqIFRob3NlIHdobyBu ZWVkIHNvdXJjZSBxdWVuY2ggcGFja2V0cyBtYXkgcmUtZW5hYmxlIHRoZW0N CisJCSAqIHZpYSB0aGUgbmV0LmluZXQuaXAuc2VuZHNvdXJjZXF1ZW5jaCBz eXNjdGwuDQorCQkgKi8NCisJCWlmIChpcF9zZW5kc291cmNlcXVlbmNoID09 IDApIHsNCisJCQltX2ZyZWVtKG1jb3B5KTsNCisJCQlyZXR1cm47DQorCQl9 IGVsc2Ugew0KKwkJCXR5cGUgPSBJQ01QX1NPVVJDRVFVRU5DSDsNCisJCQlj b2RlID0gMDsNCisJCX0NCiAJCWJyZWFrOw0KIA0KIAljYXNlIEVBQ0NFUzoJ CQkvKiBpcGZ3IGRlbmllZCBwYWNrZXQgKi8NCg== --0-1421922239-1037299873=:521-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message