mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-22 11:17:19 +00:00
09f81a46a5
1. ICMP ECHO and TSTAMP replies are now rate limited. 2. RSTs generated due to packets sent to open and unopen ports are now limited by seperate counters. 3. Each rate limiting queue now has its own description, as follows: Limiting icmp unreach response from 439 to 200 packets per second Limiting closed port RST response from 283 to 200 packets per second Limiting open port RST response from 18724 to 200 packets per second Limiting icmp ping response from 211 to 200 packets per second Limiting icmp tstamp response from 394 to 200 packets per second Submitted by: Mike Silbersack <silby@silby.com>
89 lines
3.3 KiB
C
89 lines
3.3 KiB
C
/*
|
|
* Copyright (c) 1982, 1986, 1993
|
|
* The Regents of the University of California. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* This product includes software developed by the University of
|
|
* California, Berkeley and its contributors.
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* @(#)icmp_var.h 8.1 (Berkeley) 6/10/93
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
#ifndef _NETINET_ICMP_VAR_H_
|
|
#define _NETINET_ICMP_VAR_H_
|
|
|
|
|
|
/*
|
|
* Variables related to this implementation
|
|
* of the internet control message protocol.
|
|
*/
|
|
struct icmpstat {
|
|
/* statistics related to icmp packets generated */
|
|
u_long icps_error; /* # of calls to icmp_error */
|
|
u_long icps_oldshort; /* no error 'cuz old ip too short */
|
|
u_long icps_oldicmp; /* no error 'cuz old was icmp */
|
|
u_long icps_outhist[ICMP_MAXTYPE + 1];
|
|
/* statistics related to input messages processed */
|
|
u_long icps_badcode; /* icmp_code out of range */
|
|
u_long icps_tooshort; /* packet < ICMP_MINLEN */
|
|
u_long icps_checksum; /* bad checksum */
|
|
u_long icps_badlen; /* calculated bound mismatch */
|
|
u_long icps_reflect; /* number of responses */
|
|
u_long icps_inhist[ICMP_MAXTYPE + 1];
|
|
u_long icps_bmcastecho; /* b/mcast echo requests dropped */
|
|
u_long icps_bmcasttstamp; /* b/mcast tstamp requests dropped */
|
|
};
|
|
|
|
/*
|
|
* Names for ICMP sysctl objects
|
|
*/
|
|
#define ICMPCTL_MASKREPL 1 /* allow replies to netmask requests */
|
|
#define ICMPCTL_STATS 2 /* statistics (read-only) */
|
|
#define ICMPCTL_ICMPLIM 3
|
|
#define ICMPCTL_MAXID 4
|
|
|
|
#define ICMPCTL_NAMES { \
|
|
{ 0, 0 }, \
|
|
{ "maskrepl", CTLTYPE_INT }, \
|
|
{ "stats", CTLTYPE_STRUCT }, \
|
|
{ "icmplim", CTLTYPE_INT }, \
|
|
}
|
|
|
|
#ifdef _KERNEL
|
|
SYSCTL_DECL(_net_inet_icmp);
|
|
extern int badport_bandlim __P((int));
|
|
#define BANDLIM_UNREACH 0
|
|
#define BANDLIM_RST_NOTOPEN 1
|
|
#define BANDLIM_RST_OPEN 2
|
|
#define BANDLIM_ECHO 3
|
|
#define BANDLIM_TSTAMP 4
|
|
#define BANDLIM_MAX 4
|
|
#endif
|
|
|
|
#endif
|