svn commit: r247948 - stable/8/sys/netinet

Michael Tuexen tuexen at FreeBSD.org
Thu Mar 7 21:29:43 UTC 2013 

Author: tuexen
Date: Thu Mar  7 21:29:42 2013
New Revision: 247948
URL: http://svnweb.freebsd.org/changeset/base/247948

Log:
  MFC r237230:
  
  Add rate limitation for SCTP OOTB responses.

Modified:
  stable/8/sys/netinet/icmp_var.h
  stable/8/sys/netinet/ip_icmp.c
  stable/8/sys/netinet/sctp_input.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/netinet/   (props changed)

Modified: stable/8/sys/netinet/icmp_var.h
==============================================================================
--- stable/8/sys/netinet/icmp_var.h	Thu Mar  7 21:27:15 2013	(r247947)
+++ stable/8/sys/netinet/icmp_var.h	Thu Mar  7 21:29:42 2013	(r247948)
@@ -102,7 +102,8 @@ extern int badport_bandlim(int);
 #define BANDLIM_RST_CLOSEDPORT 3 /* No connection, and no listeners */
 #define BANDLIM_RST_OPENPORT 4   /* No connection, listener */
 #define BANDLIM_ICMP6_UNREACH 5
-#define BANDLIM_MAX 5
+#define BANDLIM_SCTP_OOTB 6
+#define BANDLIM_MAX 6
 #endif
 
 #endif

Modified: stable/8/sys/netinet/ip_icmp.c
==============================================================================
--- stable/8/sys/netinet/ip_icmp.c	Thu Mar  7 21:27:15 2013	(r247947)
+++ stable/8/sys/netinet/ip_icmp.c	Thu Mar  7 21:29:42 2013	(r247948)
@@ -987,7 +987,8 @@ badport_bandlim(int which)
 		{ "icmp tstamp response" },
 		{ "closed port RST response" },
 		{ "open port RST response" },
-		{ "icmp6 unreach response" }
+		{ "icmp6 unreach response" },
+		{ "sctp ootb response" }
 	};
 
 	/*

Modified: stable/8/sys/netinet/sctp_input.c
==============================================================================
--- stable/8/sys/netinet/sctp_input.c	Thu Mar  7 21:27:15 2013	(r247947)
+++ stable/8/sys/netinet/sctp_input.c	Thu Mar  7 21:29:42 2013	(r247948)
@@ -6060,15 +6060,8 @@ sctp_skip_csum_4:
 		struct sctp_init_chunk *init_chk, chunk_buf;
 
 		SCTP_STAT_INCR(sctps_noport);
-#ifdef ICMP_BANDLIM
-		/*
-		 * we use the bandwidth limiting to protect against sending
-		 * too many ABORTS all at once. In this case these count the
-		 * same as an ICMP message.
-		 */
-		if (badport_bandlim(0) < 0)
+		if (badport_bandlim(BANDLIM_SCTP_OOTB) < 0)
 			goto bad;
-#endif				/* ICMP_BANDLIM */
 		SCTPDBG(SCTP_DEBUG_INPUT1,
 		    "Sending a ABORT from packet entry!\n");
 		if (ch->chunk_type == SCTP_INITIATION) {

More information about the svn-src-stable mailing list