Index: Documentation/networking/ip-sysctl.txt
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/Documentation/networking/ip-sysctl.txt,v
retrieving revision 1.1.1.1.42.1
retrieving revision 1.1.1.1.42.1.2.1
diff -u -r1.1.1.1.42.1 -r1.1.1.1.42.1.2.1
--- Documentation/networking/ip-sysctl.txt 22 Oct 2002 19:19:48 -0000 1.1.1.1.42.1
+++ Documentation/networking/ip-sysctl.txt 23 Oct 2002 18:39:55 -0000 1.1.1.1.42.1.2.1
@@ -569,8 +569,14 @@
routers are present.
Default: 3
+icmp/*:
+ratelimit - INTEGER
+ Limit the maximal rates for sending ICMPv6 packets.
+ 0 to disable any limiting, otherwise the maximal rate in jiffies(1)
+ Default: 100
+
IPv6 Update by:
-Pekka Savola
[email protected]
+Pekka Savola <[email protected]>
+YOSHIFUJI Hideaki / USAGI Project <[email protected]>
$Id: ip-sysctl.txt,v 1.19.2.1 2001/12/13 08:59:27 davem Exp $
Index: include/linux/sysctl.h
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/include/linux/sysctl.h,v
retrieving revision 1.1.1.2.16.1
retrieving revision 1.1.1.2.16.1.2.2
diff -u -r1.1.1.2.16.1 -r1.1.1.2.16.1.2.2
--- include/linux/sysctl.h 22 Oct 2002 19:19:48 -0000 1.1.1.2.16.1
+++ include/linux/sysctl.h 24 Oct 2002 04:38:38 -0000 1.1.1.2.16.1.2.2
@@ -346,7 +346,8 @@
NET_IPV6_CONF=16,
NET_IPV6_NEIGH=17,
NET_IPV6_ROUTE=18,
- NET_IPV6_BINDV6ONLY=20,
+ NET_IPV6_ICMP=19,
+ NET_IPV6_BINDV6ONLY=20
};
enum {
@@ -372,6 +373,11 @@
NET_IPV6_RTR_SOLICITS=8,
NET_IPV6_RTR_SOLICIT_INTERVAL=9,
NET_IPV6_RTR_SOLICIT_DELAY=10
+};
+
+/* /proc/sys/net/ipv6/icmp */
+enum {
+ NET_IPV6_ICMP_RATELIMIT=1
};
/* /proc/sys/net/<protocol>/neigh/<dev> */
Index: net/ipv6/icmp.c
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/net/ipv6/icmp.c,v
retrieving revision 1.1.1.2
retrieving revision 1.1.1.2.16.1
diff -u -r1.1.1.2 -r1.1.1.2.16.1
--- net/ipv6/icmp.c 9 Oct 2002 01:35:53 -0000 1.1.1.2
+++ net/ipv6/icmp.c 23 Oct 2002 18:39:20 -0000 1.1.1.2.16.1
@@ -25,6 +25,7 @@
* add more length checks and other fixes.
* yoshfuji : ensure to sent parameter problem for
* fragments.
+ * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
*/
#define __NO_VERSION__
@@ -40,6 +41,10 @@
#include <linux/skbuff.h>
#include <linux/init.h>
+#ifdef CONFIG_SYSCTL
+#include <linux/sysctl.h>
+#endif
+
#include <linux/inet.h>
#include <linux/netdevice.h>
#include <linux/icmpv6.h>
@@ -715,3 +720,12 @@
return fatal;
}
+
+#ifdef CONFIG_SYSCTL
+ctl_table ipv6_icmp_table[] = {
+ {NET_IPV6_ICMP_RATELIMIT, "ratelimit",
+ &sysctl_icmpv6_time, sizeof(int), 0644, NULL, &proc_dointvec},
+ {0},
+};
+#endif
+
Index: net/ipv6/sysctl_net_ipv6.c
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/net/ipv6/sysctl_net_ipv6.c,v
retrieving revision 1.1.1.1.40.1
retrieving revision 1.1.1.1.40.1.2.1
diff -u -r1.1.1.1.40.1 -r1.1.1.1.40.1.2.1
--- net/ipv6/sysctl_net_ipv6.c 22 Oct 2002 19:19:48 -0000 1.1.1.1.40.1
+++ net/ipv6/sysctl_net_ipv6.c 23 Oct 2002 18:39:20 -0000 1.1.1.1.40.1.2.1
@@ -1,5 +1,8 @@
/*
* sysctl_net_ipv6.c: sysctl interface to net IPV6 subsystem.
+ *
+ * Changes:
+ * YOSHIFUJI Hideaki @USAGI: added icmp sysctl table.
*/
#include <linux/mm.h>
@@ -12,11 +15,13 @@
#include <net/addrconf.h>
extern ctl_table ipv6_route_table[];
+extern ctl_table ipv6_icmp_table[];
#ifdef CONFIG_SYSCTL
ctl_table ipv6_table[] = {
{NET_IPV6_ROUTE, "route", NULL, 0, 0555, ipv6_route_table},
+ {NET_IPV6_ICMP, "icmp", NULL, 0, 0500, ipv6_icmp_table},
{NET_IPV6_BINDV6ONLY, "bindv6only",
&sysctl_ipv6_bindv6only, sizeof(int), 0644, NULL, &proc_dointvec},
{0}
On Thu, 24 Oct 2002, YOSHIFUJI Hideaki / [iso-2022-jp] 吉藤英明 wrote:
> This patch add sysctl for icmp6 rate limit.
> This patch is against 2.4.20-pre11 (see below).
...
> +icmp/*:
> +ratelimit - INTEGER
> + Limit the maximal rates for sending ICMPv6 packets.
> + 0 to disable any limiting, otherwise the maximal rate in jiffies(1)
> + Default: 100
> +
Does this rate-limit all ICMPv6 packets or just ICMPv6 error messages (as
specified in ICMPv6 specifications).
If all, I believe the default of rate-limiting everything is unacceptable.
Note that in the patch does not seem to add the rate-limit sysctl to any
functions -- was that to happen in some other patch?
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
In article <[email protected]> (at Thu, 24 Oct 2002 08:50:25 +0300 (EEST)), Pekka Savola <[email protected]> says:
> > +icmp/*:
> > +ratelimit - INTEGER
> > + Limit the maximal rates for sending ICMPv6 packets.
> > + 0 to disable any limiting, otherwise the maximal rate in jiffies(1)
> > + Default: 100
> > +
>
> Does this rate-limit all ICMPv6 packets or just ICMPv6 error messages (as
> specified in ICMPv6 specifications).
>
> If all, I believe the default of rate-limiting everything is unacceptable.
This patch just adds sysctl. It is my documentation error...
is s/ICMPv6 packets/ICMPv6 error packets/ ok?
(I need to do s/100/HZ/, too; This also lives in ICMP(v4)).
--yoshfuji
On Thu, 24 Oct 2002, YOSHIFUJI Hideaki / [iso-2022-jp] 吉藤英明 wrote:
> In article <[email protected]> (at Thu, 24 Oct 2002 08:50:25 +0300 (EEST)), Pekka Savola <[email protected]> says:
>
> > > +icmp/*:
> > > +ratelimit - INTEGER
> > > + Limit the maximal rates for sending ICMPv6 packets.
> > > + 0 to disable any limiting, otherwise the maximal rate in jiffies(1)
> > > + Default: 100
> > > +
> >
> > Does this rate-limit all ICMPv6 packets or just ICMPv6 error messages (as
> > specified in ICMPv6 specifications).
> >
> > If all, I believe the default of rate-limiting everything is unacceptable.
>
> This patch just adds sysctl. It is my documentation error...
> is s/ICMPv6 packets/ICMPv6 error packets/ ok?
>
> (I need to do s/100/HZ/, too; This also lives in ICMP(v4)).
That change fine with me, thanks.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
In article <[email protected]> (at Thu, 24 Oct 2002 08:59:16 +0300 (EEST)), Pekka Savola <[email protected]> says:
> > > Does this rate-limit all ICMPv6 packets or just ICMPv6 error messages (as
> > > specified in ICMPv6 specifications).
> > >
> > > If all, I believe the default of rate-limiting everything is unacceptable.
> >
> > This patch just adds sysctl. It is my documentation error...
> > is s/ICMPv6 packets/ICMPv6 error packets/ ok?
> >
> > (I need to do s/100/HZ/, too; This also lives in ICMP(v4)).
>
> That change fine with me, thanks.
Please apply the following patch on top of the previous
"Sysctl for ICMPv6 Rate Limitation" patch. Thanks.
Index: Documentation/networking/ip-sysctl.txt
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/Documentation/networking/ip-sysctl.txt,v
retrieving revision 1.1.1.1.44.1
retrieving revision 1.1.1.1.44.1.2.2
diff -u -r1.1.1.1.44.1 -r1.1.1.1.44.1.2.2
--- Documentation/networking/ip-sysctl.txt 23 Oct 2002 17:50:19 -0000 1.1.1.1.44.1
+++ Documentation/networking/ip-sysctl.txt 24 Oct 2002 07:03:46 -0000 1.1.1.1.44.1.2.2
@@ -316,7 +316,7 @@
Limit the maximal rates for sending ICMP packets whose type matches
icmp_ratemask (see below) to specific targets.
0 to disable any limiting, otherwise the maximal rate in jiffies(1)
- Default: 100
+ Default: HZ
icmp_ratemask - INTEGER
Mask made of ICMP types for which rates are being limited.
@@ -562,9 +562,9 @@
icmp/*:
ratelimit - INTEGER
- Limit the maximal rates for sending ICMPv6 packets.
+ Limit the maximal rates for sending ICMPv6 error packets.
0 to disable any limiting, otherwise the maximal rate in jiffies(1)
- Default: 100
+ Default: HZ
IPv6 Update by:
Pekka Savola <[email protected]>
--
Hideaki YOSHIFUJI @ USAGI Project <[email protected]>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA