Date: Wed, 08 Dec 2004 15:53:07 +0100 From: Andre Oppermann <andre@freebsd.org> To: Michal Mertl <mime@traveller.cz> Cc: Robert Watson <rwatson@freebsd.org> Subject: Re: New ICMP limits Message-ID: <41B71553.278B66A4@freebsd.org> References: <41B714DA.6090505@traveller.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Michal Mertl wrote: > > Hello, > > I think some network administrators may want to set different maximum rate > for different types of ICMP replies. Currently the limit > net.inet.icmp.icmplim is enforced independently for the following cases - > ICMP echo-reply, ICMP timestamp reply, ICMP port unreachable (generated as a > response to a packet received on a UDP port with no listening application). > It's in addition a bit misused (or at least misnamed) for limiting sending > of TCP reset packets on closed and open ports. > > Andre Oppermann wrote a patch which adds support for limiting the sending of > ICMP host unreachable messages. These are generated by a router when it > can't send the packet to the destination, such as when it's about to send to > an unused IP address on a directly connected network. Michael, I'll take care of this but I'm busy right now. Look into it later this week. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41B71553.278B66A4>