summaryrefslogtreecommitdiffstats
path: root/sys/netinet/icmp_var.h
Commit message (Collapse)AuthorAgeFilesLines
* /* -> /*- for license, minor formatting changesimp2005-01-071-1/+1
|
* White space cleanup for netinet before branch:rwatson2004-08-161-4/+4
| | | | | | | | | | | - Trailing tab/space cleanup - Remove spurious spaces between or before tabs This change avoids touching files that Andre likely has in his working set for PFIL hooks changes for IPFW/DUMMYNET. Approved by: re (scottl) Submitted by: Xin LI <delphij@frontfree.net>
* Remove advertising clause from University of California Regent'simp2004-04-071-4/+0
| | | | | | | license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson. Approved by: core, peter, alc, rwatson
* Tweak existing header and other build infrastructure to be able to buildmlaier2004-02-261-0/+1
| | | | | | | pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile (i.e. do not connect it to any (automatic) builds - yet). Approved by: bms(mentor)
* Remove __P.alfred2002-03-191-1/+1
|
* whitespace fixes.jlemon2001-12-141-1/+1
|
* - Make ip_rtaddr() global, and use it to look up the correct sourceru2001-11-301-0/+2
| | | | | | | | | address in icmp_reflect(). - Two new "struct icmpstat" members: icps_badaddr and icps_noroute. PR: kern/31575 Obtained from: BSD/OS MFC after: 1 week
* Clean up RST ratelimiting. Previously, ratelimiting occured before testsbmilekic2001-02-111-6/+7
| | | | | | | | | | | were performed to determine if the received packet should be reset. This created erroneous ratelimiting and false alarms in some cases. The code has now been reorganized so that the checks for validity come before the call to badport_bandlim. Additionally, a few changes in the symbolic names of the bandlim types have been made, as well as a clarification of exactly which type each RST case falls under. Submitted by: Mike Silbersack <silby@silby.com>
* Change the following:bmilekic2000-12-151-0/+6
| | | | | | | | | | | | | | | | 1. ICMP ECHO and TSTAMP replies are now rate limited. 2. RSTs generated due to packets sent to open and unopen ports are now limited by seperate counters. 3. Each rate limiting queue now has its own description, as follows: Limiting icmp unreach response from 439 to 200 packets per second Limiting closed port RST response from 283 to 200 packets per second Limiting open port RST response from 18724 to 200 packets per second Limiting icmp ping response from 211 to 200 packets per second Limiting icmp tstamp response from 394 to 200 packets per second Submitted by: Mike Silbersack <silby@silby.com>
* sysctl'ize ICMP_BANDLIM and ICMP_BANDLIM_SUPPRESS_OUTPUT.dan2000-05-221-5/+0
| | | | Suggested by: des/nbm
* Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"peter1999-12-291-2/+2
| | | | | | is an application space macro and the applications are supposed to be free to use it as they please (but cannot). This is consistant with the other BSD's who made this change quite some time ago. More commits to come.
* $Id$ -> $FreeBSD$peter1999-08-281-1/+1
|
* * Change sysctl from using linker_set to construct its tree using SLISTs.dfr1999-02-161-1/+2
| | | | | | | | | | This makes it possible to change the sysctl tree at runtime. * Change KLD to find and register any sysctl nodes contained in the loaded file and to unregister them when the file is unloaded. Reviewed by: Archie Cobbs <archie@whistle.com>, Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
* Cleanup icmp_var.h, make icmp bandlim sysctl permanent but if ICMP_BANDLIMdillon1998-12-041-10/+4
| | | | | | | option not defined the sysctl int value is set to -1 and read-only. #ifdef KERNEL's added appropriately to wall off visibility of kernel routines from user code.
* Obtained from: "Andrey A. Chernov" <ache@nagual.pp.ru>dillon1998-12-041-1/+3
| | | | | Quick add #ifdef KERNEL for ICMP_BANDLIM option so userland program can #include icmp_var.h
* Reviewed by: freebsd-currentdillon1998-12-031-1/+17
| | | | | | | | | | | | | | Add ICMP_BANDLIM option and 'net.inet.icmp.icmplim' sysctl. If option is specified in kernel config, icmplim defaults to 100 pps. Setting it to 0 will disable the feature. This feature limits ICMP error responses for packets sent to bad tcp or udp ports, which does a lot to help the machine handle network D.O.S. attacks. The kernel will report packet rates that exceed the limit at a rate of one kernel printf per second. There is one issue in regards to the 'tail end' of an attack... the kernel will not output the last report until some unrelated and valid icmp error packet is return at some point after the attack is over. This is a minor reporting issue only.
* Some staticized variables were still declared to be extern.bde1997-09-071-5/+1
|
* ICMP Timestamp Request messages could have harbored the same sort ofwollman1997-08-251-1/+2
| | | | | problem as Echo Requests when broad/multicast. When multicast echo responses are disabled, also do the same for timestamp responses.
* Configurably don't reply to broadcast or multicast echos. There are stillwollman1997-08-251-1/+2
| | | | | | potential problems with other automatic-reply ICMPs, but some of them may depend on broadcast/multicast to operate. (This code can simply be moved to the `reflect' label to generalize it.)
* Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are notpeter1997-02-221-1/+1
| | | | ready for it yet.
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Add lots of useful MIB variables and a few not-so-useful ones forwollman1995-02-161-3/+5
| | | | completeness.
* Made idempotent.paul1994-08-211-1/+6
| | | | Submitted by: Paul
* Added $Id$dg1994-08-021-0/+1
|
* BSD 4.4 Lite Kernel Sourcesrgrimes1994-05-241-0/+68
OpenPOWER on IntegriCloud