Date: Wed, 2 Dec 1998 00:37:47 +0100 (CET) From: Stefan Bethke <stb@hanse.de> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, John Saunders <john.saunders@scitec.com.au>, freebsd-current@FreeBSD.ORG Subject: Re: RE: D.O.S. attack protection enhancements commit (ICMP_BANDLIM) Message-ID: <Pine.BSF.3.96.981202001055.26430A-100000@transit.hanse.de> In-Reply-To: <199812011647.IAA07545@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Just as a side-note:
On Tue, 1 Dec 1998, Matthew Dillon wrote:
> :We should rate-limit ARPs, but don't.
>
> ARP's reasonably rate-limited because most subnets are /24's, it's
> the packets queued up waiting for the ARP to resolve that are the
> problem.
Actually, arp is already (somewhat) rate-limited. Look in
src/sys/netinet/if_ether.c:arpresolve(), around line 369:
/*
* There is an arptab entry, but no ethernet address
* response yet. Replace the held mbuf with this
* latest one.
*/
if (la->la_hold)
m_freem(la->la_hold);
The packet waiting for the address to resolve will be replaced by the next
packet transmitted for this address. Use ping -f and tcpdump to see for
yourself.
Theory suggests that there can be no more than one request per local IP
address per second, and, due to the limit of a maximum of 5 tries, even
less (net.link.ether.inet.{maxtries,host_down_time}).
Cheers,
Stefan
--
Stefan Bethke
Muehlendamm 12 Phone: +49-40-256848, +49-177-3504009
D-22087 Hamburg <stefan.bethke@hanse.de>
Hamburg, Germany <stb@freebsd.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981202001055.26430A-100000>