svn commit: r247948 - stable/8/sys/netinet

Thu, 07 Mar 2013 13:29:56 -0800 

Author: tuexen
Date: Thu Mar  7 21:29:42 2013
New Revision: 247948
URL: http://svnweb.freebsd.org/changeset/base/247948

Log:
  MFC r237230:
  
  Add rate limitation for SCTP OOTB responses.

Modified:
  stable/8/sys/netinet/icmp_var.h
  stable/8/sys/netinet/ip_icmp.c
  stable/8/sys/netinet/sctp_input.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/netinet/   (props changed)

Modified: stable/8/sys/netinet/icmp_var.h
==============================================================================
--- stable/8/sys/netinet/icmp_var.h     Thu Mar  7 21:27:15 2013        
(r247947)
+++ stable/8/sys/netinet/icmp_var.h     Thu Mar  7 21:29:42 2013        
(r247948)
@@ -102,7 +102,8 @@ extern int badport_bandlim(int);
 #define BANDLIM_RST_CLOSEDPORT 3 /* No connection, and no listeners */
 #define BANDLIM_RST_OPENPORT 4   /* No connection, listener */
 #define BANDLIM_ICMP6_UNREACH 5
-#define BANDLIM_MAX 5
+#define BANDLIM_SCTP_OOTB 6
+#define BANDLIM_MAX 6
 #endif
 
 #endif

Modified: stable/8/sys/netinet/ip_icmp.c
==============================================================================
--- stable/8/sys/netinet/ip_icmp.c      Thu Mar  7 21:27:15 2013        
(r247947)
+++ stable/8/sys/netinet/ip_icmp.c      Thu Mar  7 21:29:42 2013        
(r247948)
@@ -987,7 +987,8 @@ badport_bandlim(int which)
                { "icmp tstamp response" },
                { "closed port RST response" },
                { "open port RST response" },
-               { "icmp6 unreach response" }
+               { "icmp6 unreach response" },
+               { "sctp ootb response" }
        };
 
        /*

Modified: stable/8/sys/netinet/sctp_input.c
==============================================================================
--- stable/8/sys/netinet/sctp_input.c   Thu Mar  7 21:27:15 2013        
(r247947)
+++ stable/8/sys/netinet/sctp_input.c   Thu Mar  7 21:29:42 2013        
(r247948)
@@ -6060,15 +6060,8 @@ sctp_skip_csum_4:
                struct sctp_init_chunk *init_chk, chunk_buf;
 
                SCTP_STAT_INCR(sctps_noport);
-#ifdef ICMP_BANDLIM
-               /*
-                * we use the bandwidth limiting to protect against sending
-                * too many ABORTS all at once. In this case these count the
-                * same as an ICMP message.
-                */
-               if (badport_bandlim(0) < 0)
+               if (badport_bandlim(BANDLIM_SCTP_OOTB) < 0)
                        goto bad;
-#endif                         /* ICMP_BANDLIM */
                SCTPDBG(SCTP_DEBUG_INPUT1,
                    "Sending a ABORT from packet entry!\n");
                if (ch->chunk_type == SCTP_INITIATION) {
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to