mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-16 21:34:10 +00:00
Enforce the limit on ICMP messages before doing work to formulate the
response. Delete an unneeded rate limit for UDP under IPv6. Because ICMP6 messages have their own rate limit, it is unnecessary to apply a second rate limit to UDP messages. Reviewed by: glebius MFC after: 2 weeks Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D10387
This commit is contained in:
parent
cae91bbe96
commit
382a6bbcf1
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=319214
|
@ -540,11 +540,10 @@ icmp_input(struct mbuf **mp, int *offp, int proto)
|
|||
ICMPSTAT_INC(icps_bmcastecho);
|
||||
break;
|
||||
}
|
||||
icp->icmp_type = ICMP_ECHOREPLY;
|
||||
if (badport_bandlim(BANDLIM_ICMP_ECHO) < 0)
|
||||
goto freeit;
|
||||
else
|
||||
goto reflect;
|
||||
icp->icmp_type = ICMP_ECHOREPLY;
|
||||
goto reflect;
|
||||
|
||||
case ICMP_TSTAMP:
|
||||
if (V_icmptstamprepl == 0)
|
||||
|
@ -558,13 +557,12 @@ icmp_input(struct mbuf **mp, int *offp, int proto)
|
|||
ICMPSTAT_INC(icps_badlen);
|
||||
break;
|
||||
}
|
||||
if (badport_bandlim(BANDLIM_ICMP_TSTAMP) < 0)
|
||||
goto freeit;
|
||||
icp->icmp_type = ICMP_TSTAMPREPLY;
|
||||
icp->icmp_rtime = iptime();
|
||||
icp->icmp_ttime = icp->icmp_rtime; /* bogus, do later! */
|
||||
if (badport_bandlim(BANDLIM_ICMP_TSTAMP) < 0)
|
||||
goto freeit;
|
||||
else
|
||||
goto reflect;
|
||||
goto reflect;
|
||||
|
||||
case ICMP_MASKREQ:
|
||||
if (V_icmpmaskrepl == 0)
|
||||
|
|
|
@ -104,9 +104,7 @@ __FBSDID("$FreeBSD$");
|
|||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in_var.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/ip_icmp.h>
|
||||
#include <netinet/ip6.h>
|
||||
#include <netinet/icmp_var.h>
|
||||
#include <netinet/icmp6.h>
|
||||
#include <netinet/ip_var.h>
|
||||
#include <netinet/udp.h>
|
||||
|
@ -481,8 +479,6 @@ udp6_input(struct mbuf **mp, int *offp, int proto)
|
|||
}
|
||||
if (V_udp_blackhole)
|
||||
goto badunlocked;
|
||||
if (badport_bandlim(BANDLIM_ICMP6_UNREACH) < 0)
|
||||
goto badunlocked;
|
||||
icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0);
|
||||
return (IPPROTO_DONE);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue