summaryrefslogtreecommitdiff
path: root/net/l2tp
diff options
context:
space:
mode:
authorStephen Suryaputra <ssuryaextr@gmail.com>2019-04-17 23:35:49 +0300
committerDavid S. Miller <davem@davemloft.net>2019-04-19 02:58:37 +0300
commit0bc199854405543b0debe67c735c0aae94f1d319 (patch)
tree8c1d51d36944e4c74d2c9e6de72bbc765226cd49 /net/l2tp
parent4cf2d206ff40912e2352a639aac61f7d0332ccbb (diff)
downloadlinux-0bc199854405543b0debe67c735c0aae94f1d319.tar.xz
ipv6: Add rate limit mask for ICMPv6 messages
To make ICMPv6 closer to ICMPv4, add ratemask parameter. Since the ICMP message types use larger numeric values, a simple bitmask doesn't fit. I use large bitmap. The input and output are the in form of list of ranges. Set the default to rate limit all error messages but Packet Too Big. For Packet Too Big, use ratemask instead of hard-coded. There are functions where icmpv6_xrlim_allow() and icmpv6_global_allow() aren't called. This patch only adds them to icmpv6_echo_reply(). Rate limiting error messages is mandated by RFC 4443 but RFC 4890 says that it is also acceptable to rate limit informational messages. Thus, I removed the current hard-coded behavior of icmpv6_mask_allow() that doesn't rate limit informational messages. v2: Add dummy function proc_do_large_bitmap() if CONFIG_PROC_SYSCTL isn't defined, expand the description in ip-sysctl.txt and remove unnecessary conditional before kfree(). v3: Inline the bitmap instead of dynamically allocated. Still is a pointer to it is needed because of the way proc_do_large_bitmap work. Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/l2tp')
0 files changed, 0 insertions, 0 deletions