Date: Fri, 20 Apr 2018 20:09:42 +0000 (UTC) From: "Jonathan T. Looney" <jtl@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r332840 - in stable/11/sys: netinet netinet6 Message-ID: <201804202009.w3KK9gMa026957@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jtl Date: Fri Apr 20 20:09:42 2018 New Revision: 332840 URL: https://svnweb.freebsd.org/changeset/base/332840 Log: MFC r319214: Enforce the limit on ICMP messages before doing work to formulate the response. Delete an unneeded rate limit for UDP under IPv6. Because ICMP6 messages have their own rate limit, it is unnecessary to apply a second rate limit to UDP messages. Sponsored by: Netflix, Inc. Modified: stable/11/sys/netinet/ip_icmp.c stable/11/sys/netinet6/udp6_usrreq.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/ip_icmp.c ============================================================================== --- stable/11/sys/netinet/ip_icmp.c Fri Apr 20 19:37:08 2018 (r332839) +++ stable/11/sys/netinet/ip_icmp.c Fri Apr 20 20:09:42 2018 (r332840) @@ -555,11 +555,10 @@ icmp_input(struct mbuf **mp, int *offp, int proto) ICMPSTAT_INC(icps_bmcastecho); break; } - icp->icmp_type = ICMP_ECHOREPLY; if (badport_bandlim(BANDLIM_ICMP_ECHO) < 0) goto freeit; - else - goto reflect; + icp->icmp_type = ICMP_ECHOREPLY; + goto reflect; case ICMP_TSTAMP: if (V_icmptstamprepl == 0) @@ -573,13 +572,12 @@ icmp_input(struct mbuf **mp, int *offp, int proto) ICMPSTAT_INC(icps_badlen); break; } + if (badport_bandlim(BANDLIM_ICMP_TSTAMP) < 0) + goto freeit; icp->icmp_type = ICMP_TSTAMPREPLY; icp->icmp_rtime = iptime(); icp->icmp_ttime = icp->icmp_rtime; /* bogus, do later! */ - if (badport_bandlim(BANDLIM_ICMP_TSTAMP) < 0) - goto freeit; - else - goto reflect; + goto reflect; case ICMP_MASKREQ: if (V_icmpmaskrepl == 0) Modified: stable/11/sys/netinet6/udp6_usrreq.c ============================================================================== --- stable/11/sys/netinet6/udp6_usrreq.c Fri Apr 20 19:37:08 2018 (r332839) +++ stable/11/sys/netinet6/udp6_usrreq.c Fri Apr 20 20:09:42 2018 (r332840) @@ -104,9 +104,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/in_systm.h> #include <netinet/in_var.h> #include <netinet/ip.h> -#include <netinet/ip_icmp.h> #include <netinet/ip6.h> -#include <netinet/icmp_var.h> #include <netinet/icmp6.h> #include <netinet/ip_var.h> #include <netinet/udp.h> @@ -465,8 +463,6 @@ udp6_input(struct mbuf **mp, int *offp, int proto) goto badunlocked; } if (V_udp_blackhole) - goto badunlocked; - if (badport_bandlim(BANDLIM_ICMP6_UNREACH) < 0) goto badunlocked; icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0); return (IPPROTO_DONE);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804202009.w3KK9gMa026957>