Date: Sun, 3 Feb 2002 12:23:35 -0800 From: Eric Hodel <drbrain@segment7.net> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/34591: ICMP bandwidth limiting does not indicate interface Message-ID: <20020203202335.GA23544@segment7.net>
next in thread | raw e-mail | index | archive | help
>Number: 34591
>Category: kern
>Synopsis: ICMP bandwidth limiting does not indicate interface
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Feb 03 12:30:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Eric Hodel
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD PII350.home.segment7.net 5.0-CURRENT FreeBSD 5.0-CURRENT #6: Sat
Feb 2 17:14:25 PST 2002 root@PII350.home.segment7.net:/disks/current/obj/disks/
current/src/sys/PII350 i386
>Description:
When limiting the ICMP responses, the interface upon which the
bandwidth is being limited is not displayed. For a machine with
multiple interfaces, the administrator will have to employ other
tools to determine which interface is affected
>How-To-Repeat:
nmap localhost
Will display the following message on the console:
Limiting closed port RST response from 470 to 200 packets per second
nmap can be installed from /usr/ports/security/nmap
>Fix:
Send the interface name and number to badport_bandlim and display
them in the message like this:
Limiting closed port RST response from 470 to 200 packets per second on lo0
The attache patch adds this functionality
--- patch begins here ---
Index: icmp_var.h
===================================================================
RCS file: /home/ncvs/src/sys/netinet/icmp_var.h,v
retrieving revision 1.20
diff -c -r1.20 icmp_var.h
*** icmp_var.h 2001/12/14 19:30:42 1.20
--- icmp_var.h 2002/02/03 20:01:59
***************
*** 78,84 ****
#ifdef _KERNEL
SYSCTL_DECL(_net_inet_icmp);
! extern int badport_bandlim __P((int));
#define BANDLIM_UNLIMITED -1
#define BANDLIM_ICMP_UNREACH 0
#define BANDLIM_ICMP_ECHO 1
--- 78,84 ----
#ifdef _KERNEL
SYSCTL_DECL(_net_inet_icmp);
! extern int badport_bandlim __P((int, const char *, short));
#define BANDLIM_UNLIMITED -1
#define BANDLIM_ICMP_UNREACH 0
#define BANDLIM_ICMP_ECHO 1
Index: ip_icmp.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_icmp.c,v
retrieving revision 1.66
diff -c -r1.66 ip_icmp.c
*** ip_icmp.c 2002/01/11 12:13:57 1.66
--- ip_icmp.c 2002/02/03 20:02:00
***************
*** 437,443 ****
break;
}
icp->icmp_type = ICMP_ECHOREPLY;
! if (badport_bandlim(BANDLIM_ICMP_ECHO) < 0)
goto freeit;
else
goto reflect;
--- 437,445 ----
break;
}
icp->icmp_type = ICMP_ECHOREPLY;
! if (badport_bandlim(BANDLIM_ICMP_ECHO,
! m->m_pkthdr.rcvif->if_name,
! m->m_pkthdr.rcvif->if_unit) < 0)
goto freeit;
else
goto reflect;
***************
*** 455,461 ****
icp->icmp_type = ICMP_TSTAMPREPLY;
icp->icmp_rtime = iptime();
icp->icmp_ttime = icp->icmp_rtime; /* bogus, do later! */
! if (badport_bandlim(BANDLIM_ICMP_TSTAMP) < 0)
goto freeit;
else
goto reflect;
--- 457,465 ----
icp->icmp_type = ICMP_TSTAMPREPLY;
icp->icmp_rtime = iptime();
icp->icmp_ttime = icp->icmp_rtime; /* bogus, do later! */
! if (badport_bandlim(BANDLIM_ICMP_TSTAMP,
! m->m_pkthdr.rcvif->if_name,
! m->m_pkthdr.rcvif->if_unit) < 1)
goto freeit;
else
goto reflect;
***************
*** 821,827 ****
*/
int
! badport_bandlim(int which)
{
static int lticks[BANDLIM_MAX + 1];
static int lpackets[BANDLIM_MAX + 1];
--- 825,831 ----
*/
int
! badport_bandlim(int which, const char *if_name, short if_unit)
{
static int lticks[BANDLIM_MAX + 1];
static int lpackets[BANDLIM_MAX + 1];
***************
*** 849,858 ****
if ((unsigned int)dticks > hz) {
if (lpackets[which] > icmplim && icmplim_output) {
! printf("%s from %d to %d packets per second\n",
bandlimittype[which],
lpackets[which],
! icmplim
);
}
lticks[which] = ticks;
--- 853,864 ----
if ((unsigned int)dticks > hz) {
if (lpackets[which] > icmplim && icmplim_output) {
! printf("%s from %d to %d packets per second on %s%d\n",
bandlimittype[which],
lpackets[which],
! icmplim,
! if_name,
! if_unit
);
}
lticks[which] = ticks;
Index: tcp_input.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.146
diff -c -r1.146 tcp_input.c
*** tcp_input.c 2002/01/04 17:21:27 1.146
--- tcp_input.c 2002/02/03 20:02:05
***************
*** 2178,2184 ****
/*
* Perform bandwidth limiting.
*/
! if (badport_bandlim(rstreason) < 0)
goto drop;
#ifdef TCPDEBUG
--- 2178,2186 ----
/*
* Perform bandwidth limiting.
*/
! if (badport_bandlim(rstreason,
! m->m_pkthdr.rcvif->if_name,
! m->m_pkthdr.rcvif->if_unit) < 0)
goto drop;
#ifdef TCPDEBUG
Index: udp_usrreq.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/udp_usrreq.c,v
retrieving revision 1.100
diff -c -r1.100 udp_usrreq.c
*** udp_usrreq.c 2001/11/08 02:13:17 1.100
--- udp_usrreq.c 2002/02/03 20:02:07
***************
*** 358,364 ****
udpstat.udps_noportbcast++;
goto bad;
}
! if (badport_bandlim(BANDLIM_ICMP_UNREACH) < 0)
goto bad;
if (blackhole)
goto bad;
--- 358,366 ----
udpstat.udps_noportbcast++;
goto bad;
}
! if (badport_bandlim(BANDLIM_ICMP_UNREACH,
! m->m_pkthdr.rcvif->if_name,
! m->m_pkthdr.rcvif->if_unit) < 0)
goto bad;
if (blackhole)
goto bad;
--- patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020203202335.GA23544>