diff options
author | Stephen Suryaputra <ssuryaextr@gmail.com> | 2019-04-17 23:35:49 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-04-19 02:58:37 +0300 |
commit | 0bc199854405543b0debe67c735c0aae94f1d319 (patch) | |
tree | 8c1d51d36944e4c74d2c9e6de72bbc765226cd49 /net/l2tp | |
parent | 4cf2d206ff40912e2352a639aac61f7d0332ccbb (diff) | |
download | linux-0bc199854405543b0debe67c735c0aae94f1d319.tar.xz |
ipv6: Add rate limit mask for ICMPv6 messages
To make ICMPv6 closer to ICMPv4, add ratemask parameter. Since the ICMP
message types use larger numeric values, a simple bitmask doesn't fit.
I use large bitmap. The input and output are the in form of list of
ranges. Set the default to rate limit all error messages but Packet Too
Big. For Packet Too Big, use ratemask instead of hard-coded.
There are functions where icmpv6_xrlim_allow() and icmpv6_global_allow()
aren't called. This patch only adds them to icmpv6_echo_reply().
Rate limiting error messages is mandated by RFC 4443 but RFC 4890 says
that it is also acceptable to rate limit informational messages. Thus,
I removed the current hard-coded behavior of icmpv6_mask_allow() that
doesn't rate limit informational messages.
v2: Add dummy function proc_do_large_bitmap() if CONFIG_PROC_SYSCTL
isn't defined, expand the description in ip-sysctl.txt and remove
unnecessary conditional before kfree().
v3: Inline the bitmap instead of dynamically allocated. Still is a
pointer to it is needed because of the way proc_do_large_bitmap work.
Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/l2tp')
0 files changed, 0 insertions, 0 deletions