summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
authorsam <sam@FreeBSD.org>2002-12-21 00:08:20 +0000
committersam <sam@FreeBSD.org>2002-12-21 00:08:20 +0000
commit8de8a7fb5c53956166ee311ff010b874e3b31540 (patch)
tree18bac89f643b8a9d128d90b859ce348413c1ae31 /sys
parenta69a0ac712f750c33010fd98e6b3028c0ccfc494 (diff)
downloadFreeBSD-src-8de8a7fb5c53956166ee311ff010b874e3b31540.zip
FreeBSD-src-8de8a7fb5c53956166ee311ff010b874e3b31540.tar.gz
replace the special-purpose rate-limiting code with the general facility
just added; this tries to maintain the same behaviour vis a vis printing the rate-limiting messages but need tweaking
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ip_icmp.c66
1 files changed, 28 insertions, 38 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index 7fcc293..0e86619 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -835,49 +835,39 @@ ip_next_mtu(mtu, dir)
int
badport_bandlim(int which)
{
- static int lticks[BANDLIM_MAX + 1];
- static int lpackets[BANDLIM_MAX + 1];
- int dticks;
- const char *bandlimittype[] = {
- "Limiting icmp unreach response",
- "Limiting icmp ping response",
- "Limiting icmp tstamp response",
- "Limiting closed port RST response",
- "Limiting open port RST response"
- };
-
- /*
- * Return ok status if feature disabled or argument out of
- * ranage.
- */
-
- if (icmplim <= 0 || which > BANDLIM_MAX || which < 0)
- return(0);
- dticks = ticks - lticks[which];
+#define N(a) (sizeof (a) / sizeof (a[0]))
+ static struct rate {
+ const char *type;
+ struct timeval lasttime;
+ int curpps;;
+ } rates[BANDLIM_MAX+1] = {
+ { "icmp unreach response" },
+ { "icmp ping response" },
+ { "icmp tstamp response" },
+ { "closed port RST response" },
+ { "open port RST response" }
+ };
/*
- * reset stats when cumulative dt exceeds one second.
+ * Return ok status if feature disabled or argument out of range.
*/
+ if (icmplim > 0 && (u_int) which < N(rates)) {
+ struct rate *r = &rates[which];
+ int opps = r->curpps;
- if ((unsigned int)dticks > hz) {
- if (lpackets[which] > icmplim && icmplim_output) {
- printf("%s from %d to %d packets per second\n",
- bandlimittype[which],
- lpackets[which],
- icmplim
+ if (!ppsratecheck(&r->lasttime, &r->curpps, icmplim))
+ return -1; /* discard packet */
+ /*
+ * If we've dropped below the threshold after having
+ * rate-limited traffic print the message. This preserves
+ * the previous behaviour at the expense of added complexity.
+ */
+ if (icmplim_output && opps > icmplim) {
+ printf("Limiting %s from %d to %d packets/sec\n",
+ r->type, opps, icmplim
);
}
- lticks[which] = ticks;
- lpackets[which] = 0;
}
-
- /*
- * bump packet count
- */
-
- if (++lpackets[which] > icmplim) {
- return(-1);
- }
- return(0);
+ return 0; /* okay to send packet */
+#undef N
}
-
OpenPOWER on IntegriCloud