From owner-svn-src-stable-11@freebsd.org  Fri Apr 20 20:09:43 2018
Return-Path: <owner-svn-src-stable-11@freebsd.org>
Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 69F5BF99709;
 Fri, 20 Apr 2018 20:09:43 +0000 (UTC) (envelope-from jtl@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1AC166E717;
 Fri, 20 Apr 2018 20:09:43 +0000 (UTC) (envelope-from jtl@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EF9FC1CE1C;
 Fri, 20 Apr 2018 20:09:42 +0000 (UTC) (envelope-from jtl@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3KK9gOb026960;
 Fri, 20 Apr 2018 20:09:42 GMT (envelope-from jtl@FreeBSD.org)
Received: (from jtl@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3KK9gMa026957;
 Fri, 20 Apr 2018 20:09:42 GMT (envelope-from jtl@FreeBSD.org)
Message-Id: <201804202009.w3KK9gMa026957@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jtl set sender to jtl@FreeBSD.org
 using -f
From: "Jonathan T. Looney" <jtl@FreeBSD.org>
Date: Fri, 20 Apr 2018 20:09:42 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject: svn commit: r332840 - in stable/11/sys: netinet netinet6
X-SVN-Group: stable-11
X-SVN-Commit-Author: jtl
X-SVN-Commit-Paths: in stable/11/sys: netinet netinet6
X-SVN-Commit-Revision: 332840
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-11@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for only the 11-stable src tree
 <svn-src-stable-11.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-11>, 
 <mailto:svn-src-stable-11-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-11/>
List-Post: <mailto:svn-src-stable-11@freebsd.org>
List-Help: <mailto:svn-src-stable-11-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-11>, 
 <mailto:svn-src-stable-11-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2018 20:09:43 -0000

Author: jtl
Date: Fri Apr 20 20:09:42 2018
New Revision: 332840
URL: https://svnweb.freebsd.org/changeset/base/332840

Log:
  MFC r319214:
    Enforce the limit on ICMP messages before doing work to formulate the
    response.
  
    Delete an unneeded rate limit for UDP under IPv6. Because ICMP6
    messages have their own rate limit, it is unnecessary to apply a
    second rate limit to UDP messages.
  
  Sponsored by:	Netflix, Inc.

Modified:
  stable/11/sys/netinet/ip_icmp.c
  stable/11/sys/netinet6/udp6_usrreq.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netinet/ip_icmp.c
==============================================================================
--- stable/11/sys/netinet/ip_icmp.c	Fri Apr 20 19:37:08 2018	(r332839)
+++ stable/11/sys/netinet/ip_icmp.c	Fri Apr 20 20:09:42 2018	(r332840)
@@ -555,11 +555,10 @@ icmp_input(struct mbuf **mp, int *offp, int proto)
 			ICMPSTAT_INC(icps_bmcastecho);
 			break;
 		}
-		icp->icmp_type = ICMP_ECHOREPLY;
 		if (badport_bandlim(BANDLIM_ICMP_ECHO) < 0)
 			goto freeit;
-		else
-			goto reflect;
+		icp->icmp_type = ICMP_ECHOREPLY;
+		goto reflect;
 
 	case ICMP_TSTAMP:
 		if (V_icmptstamprepl == 0)
@@ -573,13 +572,12 @@ icmp_input(struct mbuf **mp, int *offp, int proto)
 			ICMPSTAT_INC(icps_badlen);
 			break;
 		}
+		if (badport_bandlim(BANDLIM_ICMP_TSTAMP) < 0)
+			goto freeit;
 		icp->icmp_type = ICMP_TSTAMPREPLY;
 		icp->icmp_rtime = iptime();
 		icp->icmp_ttime = icp->icmp_rtime;	/* bogus, do later! */
-		if (badport_bandlim(BANDLIM_ICMP_TSTAMP) < 0)
-			goto freeit;
-		else
-			goto reflect;
+		goto reflect;
 
 	case ICMP_MASKREQ:
 		if (V_icmpmaskrepl == 0)

Modified: stable/11/sys/netinet6/udp6_usrreq.c
==============================================================================
--- stable/11/sys/netinet6/udp6_usrreq.c	Fri Apr 20 19:37:08 2018	(r332839)
+++ stable/11/sys/netinet6/udp6_usrreq.c	Fri Apr 20 20:09:42 2018	(r332840)
@@ -104,9 +104,7 @@ __FBSDID("$FreeBSD$");
 #include <netinet/in_systm.h>
 #include <netinet/in_var.h>
 #include <netinet/ip.h>
-#include <netinet/ip_icmp.h>
 #include <netinet/ip6.h>
-#include <netinet/icmp_var.h>
 #include <netinet/icmp6.h>
 #include <netinet/ip_var.h>
 #include <netinet/udp.h>
@@ -465,8 +463,6 @@ udp6_input(struct mbuf **mp, int *offp, int proto)
 			goto badunlocked;
 		}
 		if (V_udp_blackhole)
-			goto badunlocked;
-		if (badport_bandlim(BANDLIM_ICMP6_UNREACH) < 0)
 			goto badunlocked;
 		icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0);
 		return (IPPROTO_DONE);