-----BEGIN PGP SIGNED MESSAGE-----
forgot to send diffed sysctl.h changes. here is full diff text:
- --- linux/net/ipv4/sysctl_net_ipv4.c Wed Oct 31 01:08:12 2001
+++ linux-2.4.18/net/ipv4/sysctl_net_ipv4.c Mon Jun 10 21:51:08 2002
@@ -22,6 +22,7 @@
extern int sysctl_icmp_echo_ignore_all;
extern int sysctl_icmp_echo_ignore_broadcasts;
extern int sysctl_icmp_ignore_bogus_error_responses;
+extern int sysctl_icmp_default_ttl;
/* From ip_fragment.c */
extern int sysctl_ipfrag_low_thresh;
@@ -176,6 +177,9 @@
{NET_IPV4_ICMP_IGNORE_BOGUS_ERROR_RESPONSES,
"icmp_ignore_bogus_error_responses",
&sysctl_icmp_ignore_bogus_error_responses, sizeof(int), 0644, NULL,
&proc_dointvec},
+ {NET_IPV4_ICMP_DEFAULT_TTL, "icmp_default_ttl",
+ &sysctl_icmp_default_ttl,sizeof(int), 0644,NULL,
+ &proc_dointvec},
{NET_IPV4_ROUTE, "route", NULL, 0, 0555, ipv4_route_table},
#ifdef CONFIG_IP_MULTICAST
{NET_IPV4_IGMP_MAX_MEMBERSHIPS, "igmp_max_memberships",
- --- linux/net/ipv4/ip_output.c Thu Oct 18 00:16:39 2001
+++ linux-2.4.18/net/ipv4/ip_output.c Tue Jun 11 15:58:07 2002
@@ -84,6 +84,9 @@
int sysctl_ip_dynaddr = 0;
int sysctl_ip_default_ttl = IPDEFTTL;
+#ifdef CONFIG_SYSCTL
+extern int sysctl_icmp_default_ttl;
+#endif
/* Generate a checksum for an outgoing IP datagram. */
__inline__ void ip_send_check(struct iphdr *iph)
@@ -572,10 +575,17 @@
*/
mf = htons(IP_MF);
}
- - if (rt->rt_type == RTN_MULTICAST)
- - iph->ttl = sk->protinfo.af_inet.mc_ttl;
- - else
- - iph->ttl = sk->protinfo.af_inet.ttl;
+#ifdef CONFIG_SYSCTL
+ if(sk->protocol != IPPROTO_ICMP) {
+#endif
+ if (rt->rt_type == RTN_MULTICAST)
+ iph->ttl = sk->protinfo.af_inet.mc_ttl;
+ else
+ iph->ttl = sk->protinfo.af_inet.ttl;
+#ifdef CONFIG_SYSCTL
+ }
+ else iph->ttl = sysctl_icmp_default_ttl;
+#endif
iph->protocol = sk->protocol;
iph->check = 0;
iph->saddr = rt->rt_src;
@@ -693,10 +703,19 @@
iph->tos=sk->protinfo.af_inet.tos;
iph->tot_len = htons(length);
iph->frag_off = df;
- - iph->ttl=sk->protinfo.af_inet.mc_ttl;
+ /* set TTL for ICMP packets */
+#ifdef CONFIG_SYSCTL
+ if(iph->protocol == IPPROTO_ICMP)
+ iph->ttl = sysctl_icmp_default_ttl;
+ else {
+#endif
+ if(rt->rt_type != RTN_MULTICAST)
+ iph->ttl = sk->protinfo.af_inet.ttl;
+ else iph->ttl = sk->protinfo.af_inet.mc_ttl;
+#ifdef CONFIG_SYSCTL
+ }
+#endif
ip_select_ident(iph, &rt->u.dst, sk);
- - if (rt->rt_type != RTN_MULTICAST)
- - iph->ttl=sk->protinfo.af_inet.ttl;
iph->protocol=sk->protocol;
iph->saddr=rt->rt_src;
iph->daddr=rt->rt_dst;
- --- linux/net/ipv4/icmp.c Mon Feb 25 21:38:14 2002
+++ linux-2.4.18/net/ipv4/icmp.c Tue Jun 11 15:36:36 2002
@@ -143,6 +143,9 @@
int sysctl_icmp_echo_ignore_all;
int sysctl_icmp_echo_ignore_broadcasts;
+/* Control max icmp ttl. */
+int sysctl_icmp_default_ttl = 255;
+
/* Control parameter - ignore bogus broadcast responses? */
int sysctl_icmp_ignore_bogus_error_responses;
- --- /usr/src/linux/include/linux/sysctl.h Mon Nov 26 15:29:17 2001
+++ /usr/src/linux-2.4.18/include/linux/sysctl.h Mon Jun 10 21:50:50 2002
@@ -289,7 +289,8 @@
NET_TCP_ADV_WIN_SCALE=87,
NET_IPV4_NONLOCAL_BIND=88,
NET_IPV4_ICMP_RATELIMIT=89,
- - NET_IPV4_ICMP_RATEMASK=90
+ NET_IPV4_ICMP_RATEMASK=90,
+ NET_IPV4_ICMP_DEFAULT_TTL=91
};
enum {
- --
Lev V. Vanyan Software Engineer
Mirotel ISP nic-hdl: VL1580-RIPE, LV2560-NIC
mailto: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQB1AwUBPQYCjM9Sz223N4s1AQF+5gL9Eud0HFe2cRtZKujDJRwQoUJE6RAGEJrY
mR/ZleJQ/Wc8TjcQn/wFHUNQqKVmZeZNk4wGZl/pr3ynq5iAaNgkpVcM84YvzbVo
Ia7Vv1yruHQPOiaNazIDlVv+FH8htTTb
=5mdT
-----END PGP SIGNATURE-----
The net.ipv4.icmp_default_ttl patch
reminds me, about wierd stuff I've
seen in the net sysctls:
/proc/sys/net/unix/max_dgram_qlen is only
readable by root. Why?
Documentation/networking/ip-sysctl.txt
refers to tcp_keepalive_interval when it should
refer to tcp_keepalive_intvl
/proc/sys/net/ipv4/conf/../{arp_filter,tag}
are not documented.
/proc/sys/net/ipv4/icmp_rate_limit is jiffies.
Shouldn't this be HZ, i.e. jiffies shouldn't
be exported to userspace as it's non portable?
Any comments before I do a patch?
Padraig.
From: Padraig Brady <[email protected]>
Date: Tue, 11 Jun 2002 15:11:40 +0100
/proc/sys/net/ipv4/conf/../{arp_filter,tag}
are not documented.
Nobody had time to document them, that is all.
/proc/sys/net/ipv4/icmp_rate_limit is jiffies.
Shouldn't this be HZ, i.e. jiffies shouldn't
be exported to userspace as it's non portable?
What if you want to specify value smaller than HZ?
That is the most typical for this setting.
David S. Miller wrote:
> From: Padraig Brady <[email protected]>
> Date: Tue, 11 Jun 2002 15:11:40 +0100
>
> /proc/sys/net/ipv4/conf/../{arp_filter,tag}
> are not documented.
>
> Nobody had time to document them, that is all.
>
> /proc/sys/net/ipv4/icmp_rate_limit is jiffies.
> Shouldn't this be HZ, i.e. jiffies shouldn't
> be exported to userspace as it's non portable?
>
> What if you want to specify value smaller than HZ?
> That is the most typical for this setting.
Current default is 100 (allow 1 ICMP packet/s on Intel
or 10/s on alpha). I suppose milliseconds is the most
sensible unit to use?
Padraig.
--- linux-2.5.21/Documentation/networking/ip-sysctl.txt Sun Jun 9 06:29:26 2002
+++ linux-2.5.21/Documentation/networking/ip-sysctl-pb.txt Tue Jun 11 23:14:55 2002
@@ -43,23 +43,23 @@
Minimum time-to-live of entries. Should be enough to cover fragment
time-to-live on the reassembling side. This minimum time-to-live is
guaranteed if the pool size is less than inet_peer_threshold.
- Measured in jiffies.
+ Measured in jiffies(1).
inet_peer_maxttl - INTEGER
Maximum time-to-live of entries. Unused entries will expire after
this period of time if there is no memory pressure on the pool (i.e.
when the number of entries in the pool is very small).
- Measured in jiffies.
+ Measured in jiffies(1).
inet_peer_gc_mintime - INTEGER
Minimum interval between garbage collection passes. This interval is
in effect under high memory pressure on the pool.
- Measured in jiffies.
+ Measured in jiffies(1).
inet_peer_gc_maxtime - INTEGER
Minimum interval between garbage collection passes. This interval is
in effect under low (or absent) memory pressure on the pool.
- Measured in jiffies.
+ Measured in jiffies(1).
TCP variables:
@@ -81,7 +81,7 @@
How many keepalive probes TCP sends out, until it decides that the
connection is broken. Default value: 9.
-tcp_keepalive_interval - INTEGER
+tcp_keepalive_intvl - INTEGER
How frequently the probes are send out. Multiplied by
tcp_keepalive_probes it is time to kill not responding connection,
after probes started. Default value: 75sec i.e. connection
@@ -316,28 +316,37 @@
Limit the maximal rates for sending ICMP packets whose type matches
icmp_ratemask (see below) to specific targets.
0 to disable any limiting, otherwise the maximal rate in jiffies(1)
- Default: 1
+ Default: 100
icmp_ratemask - INTEGER
Mask made of ICMP types for which rates are being limited.
- Default: 6168
- Note: 6168 = 0x1818 = 1<<ICMP_DEST_UNREACH + 1<<ICMP_SOURCE_QUENCH +
- 1<<ICMP_TIME_EXCEEDED + 1<<ICMP_PARAMETERPROB, which means
- dest unreachable (3), source quench (4), time exceeded (11)
- and parameter problem (12) ICMP packets are rate limited
- (check values in icmp.h)
+ Significant bits: IHGFEDCBA9876543210
+ Default mask: 0000001100000011000 (6168)
+
+ Bit definitions (see include/linux/icmp.h):
+ 0 Echo Reply
+ 3 Destination Unreachable *
+ 4 Source Quench *
+ 5 Redirect
+ 8 Echo Request
+ B Time Exceeded *
+ C Parameter Problem *
+ D Timestamp Request
+ E Timestamp Reply
+ F Info Request
+ G Info Reply
+ H Address Mask Request
+ I Address Mask Reply
+
+ * These are rate limited by default (see default mask above)
icmp_ignore_bogus_error_responses - BOOLEAN
- Some routers violate RFC 1122 by sending bogus responses to broadcast
+ Some routers violate RFC1122 by sending bogus responses to broadcast
frames. Such violations are normally logged via a kernel warning.
If this is set to TRUE, the kernel will not give such warnings, which
will avoid log file clutter.
Default: FALSE
-(1) Jiffie: internal timeunit for the kernel. On the i386 1/100s, on the
-Alpha 1/1024s. See the HZ define in /usr/include/asm/param.h for the exact
-value on your system.
-
igmp_max_memberships - INTEGER
Change the maximum number of multicast groups we can subscribe to.
Default: 20
@@ -411,7 +420,30 @@
0 - No source validation.
Default value is 0. Note that some distributions enable it
- in startip scripts.
+ in startup scripts.
+
+arp_filter - BOOLEAN
+ 1 - Allows you to have multiple network interfaces on the same
+ subnet, and have the ARPs for each interface be answered
+ based on whether or not the kernel would route a packet from
+ the ARP'd IP out that interface (therefore you must use source
+ based routing for this to work). In other words it allows control
+ of which cards (usually 1) will respond to an arp request.
+
+ 0 - (default) The kernel can respond to arp requests with addresses
+ from other interfaces. This may seem wrong but it usually makes
+ sense, because it increases the chance of successful communication.
+ IP addresses are owned by the complete host on Linux, not by
+ particular interfaces. Only for more complex setups like load-
+ balancing, does this behaviour cause problems.
+
+tag - INTEGER
+ Allows you to write a number, which can be used as required.
+ Default value is 0.
+
+(1) Jiffie: internal timeunit for the kernel. On the i386 1/100s, on the
+Alpha 1/1024s. See the HZ define in /usr/include/asm/param.h for the exact
+value on your system.
Alexey Kuznetsov.
[email protected]
On Tue, 11 Jun 2002, Padraig Brady wrote:
> The net.ipv4.icmp_default_ttl patch
> reminds me, about wierd stuff I've
> seen in the net sysctls:
Sorry, english is not my native language so i was unable to interpret
"wierd" :)
>
> /proc/sys/net/unix/max_dgram_qlen is only
> readable by root. Why?
Check your /proc been mounted as read-write.
on my machine:
fortress ~# sysctl -w net.unix.max_dgram_qlen=20;
net.unix.max_dgram_qlen = 20
fortress ~# sysctl -w net.unix.max_dgram_qlen=10;
net.unix.max_dgram_qlen = 10
--
Software engineer Mirotel ISP
From: Remedy <[email protected]>
Date: Thu, 13 Jun 2002 12:57:01 +0300 (EEST)
On Tue, 11 Jun 2002, Padraig Brady wrote:
> The net.ipv4.icmp_default_ttl patch
> reminds me, about wierd stuff I've
> seen in the net sysctls:
Sorry, english is not my native language so i was unable to interpret
"wierd" :)
It is a typo, he means "weird" or strange.
On Thu, 13 Jun 2002, David S. Miller wrote:
> It is a typo, he means "weird" or strange.
I see, thx :)
PS: seems like i'll have to write kernel module for the new DVB-card, So
if i'll send source text, could this code be admitted to the kernel?