Date: Thu, 14 Nov 2002 12:51:25 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: "."@babolo.ru Cc: Tony Finch <dot@dotat.at>, <freebsd-net@FreeBSD.ORG> Subject: Re: forwarded message on Source Quench Packets. Message-ID: <20021114124957.D521-200000@patrocles.silby.com> In-Reply-To: <200211122103.gACL36X3054512@aaz.links.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-1421922239-1037299873=:521 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-ID: <20021114125121.Y521@patrocles.silby.com> On Wed, 13 Nov 2002 .@babolo.ru wrote: > > Mike Silbersack <silby@silby.com> wrote: > > > > > >I can see how these source quench messages would cause problems if a DoS > > >is being routed through a FreeBSD router, and I think that your patch > > >makes sense. Are there any objections to me committing this in a few > > >days? > > > > Doesn't FreeBSD rate-limit ICMP as required by the RFC? If there is a > > but it's that the rate-limiting isn't happening, not that source-quench > > packets are being generated. If it's important that FreeBSD routers not > > generate them then it should be a sysctl option. > I am second for a sysctl option. > One of requirements when licensing networks > in Russia is source-quench support. Ok, here's the patch I intend to commit; please give it a quick lookover to see if I made any mistakes. This should provde the sysctl functionality requested. Thanks, Mike "Silby" Silbersack --0-1421922239-1037299873=:521 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME="ip_input.c-disablesourcequench.patch" Content-Transfer-Encoding: BASE64 Content-ID: <20021114125113.P521@patrocles.silby.com> Content-Description: Content-Disposition: ATTACHMENT; FILENAME="ip_input.c-disablesourcequench.patch" ZGlmZiAtdSAtciAvdXNyL3NyYy9zeXMub2xkL25ldGluZXQvaXBfaW5wdXQu YyAvdXNyL3NyYy9zeXMvbmV0aW5ldC9pcF9pbnB1dC5jDQotLS0gL3Vzci9z cmMvc3lzLm9sZC9uZXRpbmV0L2lwX2lucHV0LmMJVGh1IE5vdiAxNCAxMjoz Nzo0MyAyMDAyDQorKysgL3Vzci9zcmMvc3lzL25ldGluZXQvaXBfaW5wdXQu YwlUaHUgTm92IDE0IDEyOjQ1OjIxIDIwMDINCkBAIC0xMjUsNiArMTI1LDEx IEBADQogCSZpcF9tYXhmcmFncGFja2V0cywgMCwNCiAJIk1heGltdW0gbnVt YmVyIG9mIElQdjQgZnJhZ21lbnQgcmVhc3NlbWJseSBxdWV1ZSBlbnRyaWVz Iik7DQogDQorc3RhdGljIGludAlpcF9zZW5kc291cmNlcXVlbmNoID0gMDsN CitTWVNDVExfSU5UKF9uZXRfaW5ldF9pcCwgT0lEX0FVVE8sIHNlbmRzb3Vy Y2VxdWVuY2gsIENUTEZMQUdfUlcsDQorCSZpcF9zZW5kc291cmNlcXVlbmNo LCAwLA0KKwkiRW5hYmxlIHRoZSB0cmFuc21pc3Npb24gb2Ygc291cmNlIHF1 ZW5jaCBwYWNrZXRzIik7DQorDQogLyoNCiAgKiBYWFggLSBTZXR0aW5nIGlw X2NoZWNraW50ZXJmYWNlIG1vc3RseSBpbXBsZW1lbnRzIHRoZSByZWNlaXZl IHNpZGUgb2YNCiAgKiB0aGUgU3Ryb25nIEVTIG1vZGVsIGRlc2NyaWJlZCBp biBSRkMgMTEyMiwgYnV0IHNpbmNlIHRoZSByb3V0aW5nIHRhYmxlDQpAQCAt MTk3MCw4ICsxOTc1LDIxIEBADQogCQlicmVhazsNCiANCiAJY2FzZSBFTk9C VUZTOg0KLQkJdHlwZSA9IElDTVBfU09VUkNFUVVFTkNIOw0KLQkJY29kZSA9 IDA7DQorCQkvKg0KKwkJICogQSByb3V0ZXIgc2hvdWxkIG5vdCBnZW5lcmF0 ZSBJQ01QX1NPVVJDRVFVRU5DSCBhcw0KKwkJICogcmVxdWlyZWQgaW4gUkZD MTgxMiBSZXF1aXJlbWVudHMgZm9yIElQIFZlcnNpb24gNCBSb3V0ZXJzLg0K KwkJICogU291cmNlIHF1ZW5jaCBjb3VsZCBiZSBhIGJpZyBwcm9ibGVtIHVu ZGVyIERvUyBhdHRhY2tzLA0KKwkJICogb3IgaWYgdGhlIHVuZGVybHlpbmcg aW50ZXJmYWNlIGlzIHJhdGUtbGltaXRlZC4NCisJCSAqIFRob3NlIHdobyBu ZWVkIHNvdXJjZSBxdWVuY2ggcGFja2V0cyBtYXkgcmUtZW5hYmxlIHRoZW0N CisJCSAqIHZpYSB0aGUgbmV0LmluZXQuaXAuc2VuZHNvdXJjZXF1ZW5jaCBz eXNjdGwuDQorCQkgKi8NCisJCWlmIChpcF9zZW5kc291cmNlcXVlbmNoID09 IDApIHsNCisJCQltX2ZyZWVtKG1jb3B5KTsNCisJCQlyZXR1cm47DQorCQl9 IGVsc2Ugew0KKwkJCXR5cGUgPSBJQ01QX1NPVVJDRVFVRU5DSDsNCisJCQlj b2RlID0gMDsNCisJCX0NCiAJCWJyZWFrOw0KIA0KIAljYXNlIEVBQ0NFUzoJ CQkvKiBpcGZ3IGRlbmllZCBwYWNrZXQgKi8NCg== --0-1421922239-1037299873=:521-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021114124957.D521-200000>