Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 1 Jul 2012 09:00:30 +0000 (UTC)
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r237913 - stable/9/sys/netinet
Message-ID:  <201207010900.q6190UBQ078959@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: tuexen
Date: Sun Jul  1 09:00:29 2012
New Revision: 237913
URL: http://svn.freebsd.org/changeset/base/237913

Log:
  MFC r237230:
  Add rate limitation for SCTP OOTB responses.

Modified:
  stable/9/sys/netinet/icmp_var.h
  stable/9/sys/netinet/ip_icmp.c
  stable/9/sys/netinet/sctp_input.c
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/netinet/icmp_var.h
==============================================================================
--- stable/9/sys/netinet/icmp_var.h	Sun Jul  1 08:57:28 2012	(r237912)
+++ stable/9/sys/netinet/icmp_var.h	Sun Jul  1 09:00:29 2012	(r237913)
@@ -102,7 +102,8 @@ extern int badport_bandlim(int);
 #define BANDLIM_RST_CLOSEDPORT 3 /* No connection, and no listeners */
 #define BANDLIM_RST_OPENPORT 4   /* No connection, listener */
 #define BANDLIM_ICMP6_UNREACH 5
-#define BANDLIM_MAX 5
+#define BANDLIM_SCTP_OOTB 6
+#define BANDLIM_MAX 6
 #endif
 
 #endif

Modified: stable/9/sys/netinet/ip_icmp.c
==============================================================================
--- stable/9/sys/netinet/ip_icmp.c	Sun Jul  1 08:57:28 2012	(r237912)
+++ stable/9/sys/netinet/ip_icmp.c	Sun Jul  1 09:00:29 2012	(r237913)
@@ -965,7 +965,8 @@ badport_bandlim(int which)
 		{ "icmp tstamp response" },
 		{ "closed port RST response" },
 		{ "open port RST response" },
-		{ "icmp6 unreach response" }
+		{ "icmp6 unreach response" },
+		{ "sctp ootb response" }
 	};
 
 	/*

Modified: stable/9/sys/netinet/sctp_input.c
==============================================================================
--- stable/9/sys/netinet/sctp_input.c	Sun Jul  1 08:57:28 2012	(r237912)
+++ stable/9/sys/netinet/sctp_input.c	Sun Jul  1 09:00:29 2012	(r237913)
@@ -5972,15 +5972,8 @@ sctp_skip_csum_4:
 		struct sctp_init_chunk *init_chk, chunk_buf;
 
 		SCTP_STAT_INCR(sctps_noport);
-#ifdef ICMP_BANDLIM
-		/*
-		 * we use the bandwidth limiting to protect against sending
-		 * too many ABORTS all at once. In this case these count the
-		 * same as an ICMP message.
-		 */
-		if (badport_bandlim(0) < 0)
+		if (badport_bandlim(BANDLIM_SCTP_OOTB) < 0)
 			goto bad;
-#endif				/* ICMP_BANDLIM */
 		SCTPDBG(SCTP_DEBUG_INPUT1,
 		    "Sending a ABORT from packet entry!\n");
 		if (ch->chunk_type == SCTP_INITIATION) {



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201207010900.q6190UBQ078959>