Date: Thu, 2 Nov 2000 23:08:19 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: freebsd-net@freebsd.org, dillon@earth.backplane.com, jlemon@flugsvamp.com Subject: Enhanced icmp/etc rate limiting Message-ID: <Pine.BSF.4.21.0011022301320.32936-100000@achilles.silby.com>
next in thread | raw e-mail | index | archive | help
Given the recent confusion with how our bandwidth limiting works, and the
omission of echo/tstamp rate limiting in the current implementation, I've
prepared a patch. It changes the following things:
1. ICMP ECHO and TSTAMP replies are now rate limited.
2. RSTs generated due to packets sent to open and unopen ports
are now seperated into seperate queues.
3. Each rate limiting queue now has its own description, as
follows:
Suppressing udp flood/scan: 212/200 pps
Suppressing outgoing RST due to port scan: 202/200 pps
Suppressing outgoing RST due to ACK flood: 19725/200 pps
Suppressing ping flood: 230/200 pps
Suppressing icmp tstamp flood: 210/200 pps
While the descriptions for the two RST cases can be accused
of oversimplification, they should cut down on questions by
users confused with the current terminology. Experienced
users can always run a packet sniffer if they need more
exact knowledge of what's occuring.
You can grab it at:
http://www.silby.com/patches/ratelimit-enhancement.patch
I'd appreciate if someone could review the patch, and/or comment on the
wording of the messages.
Thanks,
Mike "Silby" Silbersack
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011022301320.32936-100000>