Date: Tue, 15 Feb 2011 08:10:14 GMT From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: freebsd-doc@FreeBSD.org Subject: Re: docs/150917: icmp.4, wrong description of icmplim and icmplim_output sysctls Message-ID: <201102150810.p1F8AE8P062220@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/150917; it has been noted by GNATS. From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Nikos Vassiliadis <nvass9573@gmx.com> Cc: bug-followup@freebsd.org Subject: Re: docs/150917: icmp.4, wrong description of icmplim and icmplim_output sysctls Date: Tue, 15 Feb 2011 08:47:18 +0100 On 2010-09-24 13:42, Nikos Vassiliadis <nvass9573@gmx.com> wrote: > The icmp manual page describes icmplim and icmplim_output wrongly. > > icmplim (integer) Bandwidth limit for ICMP replies in pack- > ets/second. Used when icmplim_output is non-zero. > Defaults to 200. > > icmplim_output (boolean) Enable/disable bandwidth limiting of ICMP > replies. Defaults to true. > > The correct description [1] is this: > > If you do not want to see messages about this in your log files, but > you still want the kernel to do response limiting, you can use the > net.inet.icmp.icmplim_output sysctl variable to disable the output > like this: > > # sysctl -w net.inet.icmp.icmplim_output=0 > > Finally, if you want to disable response limiting, you can set the > net.inet.icmp.icmplim sysctl variable (see above for an example) to > 0. Disabling response limiting is discouraged for the reasons listed > above. > Index: src/share/man/man4/icmp.4 > =================================================================== > --- src/share/man/man4/icmp.4 (revision 213086) > +++ src/share/man/man4/icmp.4 (working copy) > @@ -179,15 +179,16 @@ > the system replies to an ICMP Address Mask Request packet. > Defaults to 0. > .It Va icmplim > -.Pq Vt integer > -Bandwidth limit for ICMP replies in packets/second. > -Used when > -.Va icmplim_output > -is non-zero. > +.Pq Vt "unsigned integer" > +Limit for ICMP or TCP RST responses in packets per second. > +Response limiting is disabled by setting > +.Va icmplim > +to 0. I am not sure I like the idea of mentioning all the other protocols that may send ICMP replies too, so this probably needs a bit of reworking. For instance, UDP may send ICMP unreachable errors too. SCTP also. Are we going to list *all* the possible protocols by name? > Defaults to 200. > .It Va icmplim_output > .Pq Vt boolean > -Enable/disable bandwidth limiting of ICMP replies. > +Enable/disable logging of > +.Va icmplim . "logging of rate-limiting messages from icmplim" ? > Index: src/sys/netinet/ip_icmp.c > =================================================================== > --- src/sys/netinet/ip_icmp.c (revision 213086) > +++ src/sys/netinet/ip_icmp.c (working copy) > @@ -106,15 +106,15 @@ > > static VNET_DEFINE(int, icmplim) = 200; > #define V_icmplim VNET(icmplim) > -SYSCTL_VNET_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_RW, > +SYSCTL_VNET_UINT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_RW, > &VNET_NAME(icmplim), 0, > - "Maximum number of ICMP responses per second"); > + "Maximum number of ICMP or TCP RST responses per second"); > > static VNET_DEFINE(int, icmplim_output) = 1; > #define V_icmplim_output VNET(icmplim_output) > -SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_RW, > +SYSCTL_VNET_UINT(_net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_RW, > &VNET_NAME(icmplim_output), 0, > - "Enable rate limiting of ICMP responses"); > + "Enable logging of enforced limit on ICMP or TCP RST responses"); This also has the problem that it does not mention UDP or SCTP replies for port-unreachable, host-unreachable, etc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102150810.p1F8AE8P062220>