From owner-freebsd-net Thu Nov 2 21: 8:23 2000 Delivered-To: freebsd-net@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id 64AA037B4E5 for ; Thu, 2 Nov 2000 21:08:21 -0800 (PST) Received: (qmail 32949 invoked by uid 1000); 3 Nov 2000 05:08:19 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 3 Nov 2000 05:08:19 -0000 Date: Thu, 2 Nov 2000 23:08:19 -0600 (CST) From: Mike Silbersack To: freebsd-net@freebsd.org, dillon@earth.backplane.com, jlemon@flugsvamp.com Subject: Enhanced icmp/etc rate limiting Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Given the recent confusion with how our bandwidth limiting works, and the omission of echo/tstamp rate limiting in the current implementation, I've prepared a patch. It changes the following things: 1. ICMP ECHO and TSTAMP replies are now rate limited. 2. RSTs generated due to packets sent to open and unopen ports are now seperated into seperate queues. 3. Each rate limiting queue now has its own description, as follows: Suppressing udp flood/scan: 212/200 pps Suppressing outgoing RST due to port scan: 202/200 pps Suppressing outgoing RST due to ACK flood: 19725/200 pps Suppressing ping flood: 230/200 pps Suppressing icmp tstamp flood: 210/200 pps While the descriptions for the two RST cases can be accused of oversimplification, they should cut down on questions by users confused with the current terminology. Experienced users can always run a packet sniffer if they need more exact knowledge of what's occuring. You can grab it at: http://www.silby.com/patches/ratelimit-enhancement.patch I'd appreciate if someone could review the patch, and/or comment on the wording of the messages. Thanks, Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message