From owner-freebsd-net Tue Nov 12 7:28: 4 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D94B437B401 for ; Tue, 12 Nov 2002 07:28:03 -0800 (PST) Received: from chiark.greenend.org.uk (chiark.greenend.org.uk [193.201.200.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24A2743E6E for ; Tue, 12 Nov 2002 07:28:03 -0800 (PST) (envelope-from fanf@chiark.greenend.org.uk) Received: from fanf by chiark.greenend.org.uk with local (Exim 3.12 #1) id 18BcxO-0000fM-00 (Debian); Tue, 12 Nov 2002 15:28:02 +0000 To: silby@silby.com From: Tony Finch Cc: freebsd-net@freebsd.org Subject: Re: forwarded message on Source Quench Packets. In-Reply-To: <20021112002616.I21273-100000@patrocles.silby.com> References: <15824.4383.916763.477130@canoe.velocet.net> Message-Id: Date: Tue, 12 Nov 2002 15:28:02 +0000 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mike Silbersack wrote: > >I can see how these source quench messages would cause problems if a DoS >is being routed through a FreeBSD router, and I think that your patch >makes sense. Are there any objections to me committing this in a few >days? Doesn't FreeBSD rate-limit ICMP as required by the RFC? If there is a but it's that the rate-limiting isn't happening, not that source-quench packets are being generated. If it's important that FreeBSD routers not generate them then it should be a sysctl option. Tony. -- f.a.n.finch http://dotat.at/ SELSEY BILL TO LYME REGIS: SOUTHWEST 5 OR 6 LOCALLY 7. CLOUDY, SHOWERS OR LONGER PERIODS OF RAIN. GOOD FALLING MODERATE IN SHOWERS OR RAIN. ROUGH TO VERY ROUGH. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message