From owner-freebsd-doc@FreeBSD.ORG Tue Feb 15 08:10:15 2011 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0F2AF106566C for ; Tue, 15 Feb 2011 08:10:15 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D7BD98FC12 for ; Tue, 15 Feb 2011 08:10:14 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p1F8AEU6062222 for ; Tue, 15 Feb 2011 08:10:14 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p1F8AE8P062220; Tue, 15 Feb 2011 08:10:14 GMT (envelope-from gnats) Date: Tue, 15 Feb 2011 08:10:14 GMT Message-Id: <201102150810.p1F8AE8P062220@freefall.freebsd.org> To: freebsd-doc@FreeBSD.org From: Giorgos Keramidas Cc: Subject: Re: docs/150917: icmp.4, wrong description of icmplim and icmplim_output sysctls X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Giorgos Keramidas List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Feb 2011 08:10:15 -0000 The following reply was made to PR docs/150917; it has been noted by GNATS. From: Giorgos Keramidas To: Nikos Vassiliadis Cc: bug-followup@freebsd.org Subject: Re: docs/150917: icmp.4, wrong description of icmplim and icmplim_output sysctls Date: Tue, 15 Feb 2011 08:47:18 +0100 On 2010-09-24 13:42, Nikos Vassiliadis wrote: > The icmp manual page describes icmplim and icmplim_output wrongly. > > icmplim (integer) Bandwidth limit for ICMP replies in pack- > ets/second. Used when icmplim_output is non-zero. > Defaults to 200. > > icmplim_output (boolean) Enable/disable bandwidth limiting of ICMP > replies. Defaults to true. > > The correct description [1] is this: > > If you do not want to see messages about this in your log files, but > you still want the kernel to do response limiting, you can use the > net.inet.icmp.icmplim_output sysctl variable to disable the output > like this: > > # sysctl -w net.inet.icmp.icmplim_output=0 > > Finally, if you want to disable response limiting, you can set the > net.inet.icmp.icmplim sysctl variable (see above for an example) to > 0. Disabling response limiting is discouraged for the reasons listed > above. > Index: src/share/man/man4/icmp.4 > =================================================================== > --- src/share/man/man4/icmp.4 (revision 213086) > +++ src/share/man/man4/icmp.4 (working copy) > @@ -179,15 +179,16 @@ > the system replies to an ICMP Address Mask Request packet. > Defaults to 0. > .It Va icmplim > -.Pq Vt integer > -Bandwidth limit for ICMP replies in packets/second. > -Used when > -.Va icmplim_output > -is non-zero. > +.Pq Vt "unsigned integer" > +Limit for ICMP or TCP RST responses in packets per second. > +Response limiting is disabled by setting > +.Va icmplim > +to 0. I am not sure I like the idea of mentioning all the other protocols that may send ICMP replies too, so this probably needs a bit of reworking. For instance, UDP may send ICMP unreachable errors too. SCTP also. Are we going to list *all* the possible protocols by name? > Defaults to 200. > .It Va icmplim_output > .Pq Vt boolean > -Enable/disable bandwidth limiting of ICMP replies. > +Enable/disable logging of > +.Va icmplim . "logging of rate-limiting messages from icmplim" ? > Index: src/sys/netinet/ip_icmp.c > =================================================================== > --- src/sys/netinet/ip_icmp.c (revision 213086) > +++ src/sys/netinet/ip_icmp.c (working copy) > @@ -106,15 +106,15 @@ > > static VNET_DEFINE(int, icmplim) = 200; > #define V_icmplim VNET(icmplim) > -SYSCTL_VNET_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_RW, > +SYSCTL_VNET_UINT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_RW, > &VNET_NAME(icmplim), 0, > - "Maximum number of ICMP responses per second"); > + "Maximum number of ICMP or TCP RST responses per second"); > > static VNET_DEFINE(int, icmplim_output) = 1; > #define V_icmplim_output VNET(icmplim_output) > -SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_RW, > +SYSCTL_VNET_UINT(_net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_RW, > &VNET_NAME(icmplim_output), 0, > - "Enable rate limiting of ICMP responses"); > + "Enable logging of enforced limit on ICMP or TCP RST responses"); This also has the problem that it does not mention UDP or SCTP replies for port-unreachable, host-unreachable, etc.