diff options
author | sam <sam@FreeBSD.org> | 2002-12-21 00:08:20 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2002-12-21 00:08:20 +0000 |
commit | 8de8a7fb5c53956166ee311ff010b874e3b31540 (patch) | |
tree | 18bac89f643b8a9d128d90b859ce348413c1ae31 /sys | |
parent | a69a0ac712f750c33010fd98e6b3028c0ccfc494 (diff) | |
download | FreeBSD-src-8de8a7fb5c53956166ee311ff010b874e3b31540.zip FreeBSD-src-8de8a7fb5c53956166ee311ff010b874e3b31540.tar.gz |
replace the special-purpose rate-limiting code with the general facility
just added; this tries to maintain the same behaviour vis a vis printing
the rate-limiting messages but need tweaking
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netinet/ip_icmp.c | 66 |
1 files changed, 28 insertions, 38 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 7fcc293..0e86619 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -835,49 +835,39 @@ ip_next_mtu(mtu, dir) int badport_bandlim(int which) { - static int lticks[BANDLIM_MAX + 1]; - static int lpackets[BANDLIM_MAX + 1]; - int dticks; - const char *bandlimittype[] = { - "Limiting icmp unreach response", - "Limiting icmp ping response", - "Limiting icmp tstamp response", - "Limiting closed port RST response", - "Limiting open port RST response" - }; - - /* - * Return ok status if feature disabled or argument out of - * ranage. - */ - - if (icmplim <= 0 || which > BANDLIM_MAX || which < 0) - return(0); - dticks = ticks - lticks[which]; +#define N(a) (sizeof (a) / sizeof (a[0])) + static struct rate { + const char *type; + struct timeval lasttime; + int curpps;; + } rates[BANDLIM_MAX+1] = { + { "icmp unreach response" }, + { "icmp ping response" }, + { "icmp tstamp response" }, + { "closed port RST response" }, + { "open port RST response" } + }; /* - * reset stats when cumulative dt exceeds one second. + * Return ok status if feature disabled or argument out of range. */ + if (icmplim > 0 && (u_int) which < N(rates)) { + struct rate *r = &rates[which]; + int opps = r->curpps; - if ((unsigned int)dticks > hz) { - if (lpackets[which] > icmplim && icmplim_output) { - printf("%s from %d to %d packets per second\n", - bandlimittype[which], - lpackets[which], - icmplim + if (!ppsratecheck(&r->lasttime, &r->curpps, icmplim)) + return -1; /* discard packet */ + /* + * If we've dropped below the threshold after having + * rate-limited traffic print the message. This preserves + * the previous behaviour at the expense of added complexity. + */ + if (icmplim_output && opps > icmplim) { + printf("Limiting %s from %d to %d packets/sec\n", + r->type, opps, icmplim ); } - lticks[which] = ticks; - lpackets[which] = 0; } - - /* - * bump packet count - */ - - if (++lpackets[which] > icmplim) { - return(-1); - } - return(0); + return 0; /* okay to send packet */ +#undef N } - |