Date: Tue, 30 May 2017 14:32:44 +0000 (UTC) From: "Jonathan T. Looney" <jtl@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r319214 - in head/sys: netinet netinet6 Message-ID: <201705301432.v4UEWip8043351@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jtl Date: Tue May 30 14:32:44 2017 New Revision: 319214 URL: https://svnweb.freebsd.org/changeset/base/319214 Log: Enforce the limit on ICMP messages before doing work to formulate the response. Delete an unneeded rate limit for UDP under IPv6. Because ICMP6 messages have their own rate limit, it is unnecessary to apply a second rate limit to UDP messages. Reviewed by: glebius MFC after: 2 weeks Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D10387 Modified: head/sys/netinet/ip_icmp.c head/sys/netinet6/udp6_usrreq.c Modified: head/sys/netinet/ip_icmp.c ============================================================================== --- head/sys/netinet/ip_icmp.c Tue May 30 13:56:38 2017 (r319213) +++ head/sys/netinet/ip_icmp.c Tue May 30 14:32:44 2017 (r319214) @@ -540,11 +540,10 @@ icmp_input(struct mbuf **mp, int *offp, int proto) ICMPSTAT_INC(icps_bmcastecho); break; } - icp->icmp_type = ICMP_ECHOREPLY; if (badport_bandlim(BANDLIM_ICMP_ECHO) < 0) goto freeit; - else - goto reflect; + icp->icmp_type = ICMP_ECHOREPLY; + goto reflect; case ICMP_TSTAMP: if (V_icmptstamprepl == 0) @@ -558,13 +557,12 @@ icmp_input(struct mbuf **mp, int *offp, int proto) ICMPSTAT_INC(icps_badlen); break; } + if (badport_bandlim(BANDLIM_ICMP_TSTAMP) < 0) + goto freeit; icp->icmp_type = ICMP_TSTAMPREPLY; icp->icmp_rtime = iptime(); icp->icmp_ttime = icp->icmp_rtime; /* bogus, do later! */ - if (badport_bandlim(BANDLIM_ICMP_TSTAMP) < 0) - goto freeit; - else - goto reflect; + goto reflect; case ICMP_MASKREQ: if (V_icmpmaskrepl == 0) Modified: head/sys/netinet6/udp6_usrreq.c ============================================================================== --- head/sys/netinet6/udp6_usrreq.c Tue May 30 13:56:38 2017 (r319213) +++ head/sys/netinet6/udp6_usrreq.c Tue May 30 14:32:44 2017 (r319214) @@ -104,9 +104,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/in_systm.h> #include <netinet/in_var.h> #include <netinet/ip.h> -#include <netinet/ip_icmp.h> #include <netinet/ip6.h> -#include <netinet/icmp_var.h> #include <netinet/icmp6.h> #include <netinet/ip_var.h> #include <netinet/udp.h> @@ -480,8 +478,6 @@ udp6_input(struct mbuf **mp, int *offp, int proto) goto badunlocked; } if (V_udp_blackhole) - goto badunlocked; - if (badport_bandlim(BANDLIM_ICMP6_UNREACH) < 0) goto badunlocked; icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0); return (IPPROTO_DONE);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201705301432.v4UEWip8043351>