Add rate limitation for SCTP OOTB responses.

MFC after: 3 days
svn path=/head/; revision=237230
2025-01-27 16:39:08 +00:00 · 2012-06-18 17:11:24 +00:00 · 2012-06-18 17:11:24 +00:00 · 5ad9e57b3f · 2020-12-20 02:59:44 +00:00
commit 5ad9e57b3f
parent 285052f0aa
3 changed files with 5 additions and 10 deletions
--- a/sys/netinet/icmp_var.h
+++ b/sys/netinet/icmp_var.h
@ -102,7 +102,8 @@ extern int badport_bandlim(int);
 #define BANDLIM_RST_CLOSEDPORT 3 /* No connection, and no listeners */
 #define BANDLIM_RST_OPENPORT 4   /* No connection, listener */
 #define BANDLIM_ICMP6_UNREACH 5
-#define BANDLIM_MAX 5
+#define BANDLIM_SCTP_OOTB 6
+#define BANDLIM_MAX 6
 #endif

 #endif
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@ -965,7 +965,8 @@ badport_bandlim(int which)
 		{ "icmp tstamp response" },
 		{ "closed port RST response" },
 		{ "open port RST response" },
-		{ "icmp6 unreach response" }
+		{ "icmp6 unreach response" },
+		{ "sctp ootb response" }
 	};

 	/*
--- a/sys/netinet/sctp_input.c
+++ b/sys/netinet/sctp_input.c
@ -6060,15 +6060,8 @@ sctp_input_with_port(struct mbuf *i_pak, int off, uint16_t port)
 		struct sctp_init_chunk *init_chk, chunk_buf;

 		SCTP_STAT_INCR(sctps_noport);
-#ifdef ICMP_BANDLIM
-		/*
-		 * we use the bandwidth limiting to protect against sending
-		 * too many ABORTS all at once. In this case these count the
-		 * same as an ICMP message.
-		 */
-		if (badport_bandlim(0) < 0)
+		if (badport_bandlim(BANDLIM_SCTP_OOTB) < 0)
 			goto bad;
-#endif				/* ICMP_BANDLIM */
 		SCTPDBG(SCTP_DEBUG_INPUT1,
 		    "Sending a ABORT from packet entry!\n");
 		if (ch->chunk_type == SCTP_INITIATION) {