Date: Sun, 3 Feb 2002 12:23:35 -0800 From: Eric Hodel <drbrain@segment7.net> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/34591: ICMP bandwidth limiting does not indicate interface Message-ID: <20020203202335.GA23544@segment7.net>
next in thread | raw e-mail | index | archive | help
>Number: 34591 >Category: kern >Synopsis: ICMP bandwidth limiting does not indicate interface >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Feb 03 12:30:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Eric Hodel >Release: FreeBSD 5.0-CURRENT i386 >Organization: >Environment: System: FreeBSD PII350.home.segment7.net 5.0-CURRENT FreeBSD 5.0-CURRENT #6: Sat Feb 2 17:14:25 PST 2002 root@PII350.home.segment7.net:/disks/current/obj/disks/ current/src/sys/PII350 i386 >Description: When limiting the ICMP responses, the interface upon which the bandwidth is being limited is not displayed. For a machine with multiple interfaces, the administrator will have to employ other tools to determine which interface is affected >How-To-Repeat: nmap localhost Will display the following message on the console: Limiting closed port RST response from 470 to 200 packets per second nmap can be installed from /usr/ports/security/nmap >Fix: Send the interface name and number to badport_bandlim and display them in the message like this: Limiting closed port RST response from 470 to 200 packets per second on lo0 The attache patch adds this functionality --- patch begins here --- Index: icmp_var.h =================================================================== RCS file: /home/ncvs/src/sys/netinet/icmp_var.h,v retrieving revision 1.20 diff -c -r1.20 icmp_var.h *** icmp_var.h 2001/12/14 19:30:42 1.20 --- icmp_var.h 2002/02/03 20:01:59 *************** *** 78,84 **** #ifdef _KERNEL SYSCTL_DECL(_net_inet_icmp); ! extern int badport_bandlim __P((int)); #define BANDLIM_UNLIMITED -1 #define BANDLIM_ICMP_UNREACH 0 #define BANDLIM_ICMP_ECHO 1 --- 78,84 ---- #ifdef _KERNEL SYSCTL_DECL(_net_inet_icmp); ! extern int badport_bandlim __P((int, const char *, short)); #define BANDLIM_UNLIMITED -1 #define BANDLIM_ICMP_UNREACH 0 #define BANDLIM_ICMP_ECHO 1 Index: ip_icmp.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_icmp.c,v retrieving revision 1.66 diff -c -r1.66 ip_icmp.c *** ip_icmp.c 2002/01/11 12:13:57 1.66 --- ip_icmp.c 2002/02/03 20:02:00 *************** *** 437,443 **** break; } icp->icmp_type = ICMP_ECHOREPLY; ! if (badport_bandlim(BANDLIM_ICMP_ECHO) < 0) goto freeit; else goto reflect; --- 437,445 ---- break; } icp->icmp_type = ICMP_ECHOREPLY; ! if (badport_bandlim(BANDLIM_ICMP_ECHO, ! m->m_pkthdr.rcvif->if_name, ! m->m_pkthdr.rcvif->if_unit) < 0) goto freeit; else goto reflect; *************** *** 455,461 **** icp->icmp_type = ICMP_TSTAMPREPLY; icp->icmp_rtime = iptime(); icp->icmp_ttime = icp->icmp_rtime; /* bogus, do later! */ ! if (badport_bandlim(BANDLIM_ICMP_TSTAMP) < 0) goto freeit; else goto reflect; --- 457,465 ---- icp->icmp_type = ICMP_TSTAMPREPLY; icp->icmp_rtime = iptime(); icp->icmp_ttime = icp->icmp_rtime; /* bogus, do later! */ ! if (badport_bandlim(BANDLIM_ICMP_TSTAMP, ! m->m_pkthdr.rcvif->if_name, ! m->m_pkthdr.rcvif->if_unit) < 1) goto freeit; else goto reflect; *************** *** 821,827 **** */ int ! badport_bandlim(int which) { static int lticks[BANDLIM_MAX + 1]; static int lpackets[BANDLIM_MAX + 1]; --- 825,831 ---- */ int ! badport_bandlim(int which, const char *if_name, short if_unit) { static int lticks[BANDLIM_MAX + 1]; static int lpackets[BANDLIM_MAX + 1]; *************** *** 849,858 **** if ((unsigned int)dticks > hz) { if (lpackets[which] > icmplim && icmplim_output) { ! printf("%s from %d to %d packets per second\n", bandlimittype[which], lpackets[which], ! icmplim ); } lticks[which] = ticks; --- 853,864 ---- if ((unsigned int)dticks > hz) { if (lpackets[which] > icmplim && icmplim_output) { ! printf("%s from %d to %d packets per second on %s%d\n", bandlimittype[which], lpackets[which], ! icmplim, ! if_name, ! if_unit ); } lticks[which] = ticks; Index: tcp_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v retrieving revision 1.146 diff -c -r1.146 tcp_input.c *** tcp_input.c 2002/01/04 17:21:27 1.146 --- tcp_input.c 2002/02/03 20:02:05 *************** *** 2178,2184 **** /* * Perform bandwidth limiting. */ ! if (badport_bandlim(rstreason) < 0) goto drop; #ifdef TCPDEBUG --- 2178,2186 ---- /* * Perform bandwidth limiting. */ ! if (badport_bandlim(rstreason, ! m->m_pkthdr.rcvif->if_name, ! m->m_pkthdr.rcvif->if_unit) < 0) goto drop; #ifdef TCPDEBUG Index: udp_usrreq.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/udp_usrreq.c,v retrieving revision 1.100 diff -c -r1.100 udp_usrreq.c *** udp_usrreq.c 2001/11/08 02:13:17 1.100 --- udp_usrreq.c 2002/02/03 20:02:07 *************** *** 358,364 **** udpstat.udps_noportbcast++; goto bad; } ! if (badport_bandlim(BANDLIM_ICMP_UNREACH) < 0) goto bad; if (blackhole) goto bad; --- 358,366 ---- udpstat.udps_noportbcast++; goto bad; } ! if (badport_bandlim(BANDLIM_ICMP_UNREACH, ! m->m_pkthdr.rcvif->if_name, ! m->m_pkthdr.rcvif->if_unit) < 0) goto bad; if (blackhole) goto bad; --- patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020203202335.GA23544>