Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netinet implement net.inet.tcp.rstppslimit to limit TCP ...
details: https://anonhg.NetBSD.org/src/rev/fc73575af0cb
branches: trunk
changeset: 495389:fc73575af0cb
user: itojun <itojun%NetBSD.org@localhost>
date: Thu Jul 27 11:34:06 2000 +0000
description:
implement net.inet.tcp.rstppslimit to limit TCP RSTs by packet-per-second
basis. default: 100pps
set default value for net.inet.tcp.rstratelimit to 0 (disabled),
NOTE: it does not work right for smaller-than-1/hz interval. maybe we should
nuke it, or make it impossible to set smaller-than-1/hz value.
diffstat:
sys/netinet/in_proto.c | 5 +++--
sys/netinet/tcp_input.c | 9 ++++++++-
sys/netinet/tcp_var.h | 10 +++++++---
3 files changed, 18 insertions(+), 6 deletions(-)
diffs (94 lines):
diff -r 562f3bdec592 -r fc73575af0cb sys/netinet/in_proto.c
--- a/sys/netinet/in_proto.c Thu Jul 27 10:44:39 2000 +0000
+++ b/sys/netinet/in_proto.c Thu Jul 27 11:34:06 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in_proto.c,v 1.40 2000/07/10 09:31:29 itojun Exp $ */
+/* $NetBSD: in_proto.c,v 1.41 2000/07/27 11:34:06 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -301,7 +301,8 @@
struct syn_cache_head tcp_syn_cache[TCP_SYN_HASH_SIZE];
int tcp_syn_cache_interval = 1; /* runs timer twice a second */
-struct timeval tcp_rst_ratelim = { 0, 10000 }; /* 10000usec = 10msec */
+struct timeval tcp_rst_ratelim = { 0, 0 }; /* no ratelimit */
+int tcp_rst_ppslim = 100; /* 100pps */
struct timeval icmperrratelim = { 0, 0 }; /* no ratelimit */
int icmperrppslim = 100; /* 100pps */
diff -r 562f3bdec592 -r fc73575af0cb sys/netinet/tcp_input.c
--- a/sys/netinet/tcp_input.c Thu Jul 27 10:44:39 2000 +0000
+++ b/sys/netinet/tcp_input.c Thu Jul 27 11:34:06 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_input.c,v 1.115 2000/07/27 06:18:13 itojun Exp $ */
+/* $NetBSD: tcp_input.c,v 1.116 2000/07/27 11:34:06 itojun Exp $ */
/*
%%% portions-copyright-nrl-95
@@ -191,6 +191,8 @@
int tcp_log_refused;
struct timeval tcp_rst_ratelim_last;
+static int tcp_rst_ppslim_count = 0;
+static struct timeval tcp_rst_ppslim_last;
#define TCP_PAWS_IDLE (24 * 24 * 60 * 60 * PR_SLOWHZ)
@@ -2143,6 +2145,11 @@
* an attempt to connect to or otherwise communicate with
* a port for which we have no socket.
*/
+ if (ppsratecheck(&tcp_rst_ppslim_last, &tcp_rst_ppslim_count,
+ tcp_rst_ppslim) == 0) {
+ /* XXX stat */
+ goto drop;
+ }
if (ratecheck(&tcp_rst_ratelim_last, &tcp_rst_ratelim) == 0) {
/* XXX stat */
goto drop;
diff -r 562f3bdec592 -r fc73575af0cb sys/netinet/tcp_var.h
--- a/sys/netinet/tcp_var.h Thu Jul 27 10:44:39 2000 +0000
+++ b/sys/netinet/tcp_var.h Thu Jul 27 11:34:06 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_var.h,v 1.72 2000/02/15 19:54:12 thorpej Exp $ */
+/* $NetBSD: tcp_var.h,v 1.73 2000/07/27 11:34:07 itojun Exp $ */
/*
%%% portions-copyright-nrl-98
@@ -535,7 +535,8 @@
#define TCPCTL_NEWRENO 21 /* NewReno Congestion Control */
#define TCPCTL_LOG_REFUSED 22 /* Log refused connections */
#define TCPCTL_RSTRATELIMIT 23 /* RST rate limit */
-#define TCPCTL_MAXID 24
+#define TCPCTL_RSTPPSLIMIT 24 /* RST pps limit */
+#define TCPCTL_MAXID 25
#define TCPCTL_NAMES { \
{ 0, 0 }, \
@@ -562,6 +563,7 @@
{ "newreno", CTLTYPE_INT }, \
{ "log_refused",CTLTYPE_INT }, \
{ "rstratelimit", CTLTYPE_INT }, \
+ { "rstppslimit", CTLTYPE_INT }, \
}
#ifdef _KERNEL
@@ -589,6 +591,7 @@
extern int tcp_log_refused; /* log refused connections */
extern struct timeval tcp_rst_ratelim;
+extern int tcp_rst_ppslim;
extern int tcp_syn_cache_size;
extern struct syn_cache_head tcp_syn_cache[];
@@ -618,7 +621,8 @@
{ 1, 1, 0, PR_SLOWHZ }, \
{ 1, 0, &tcp_do_newreno }, \
{ 1, 0, &tcp_log_refused }, \
- { 1, 1, 0, 0 } \
+ { 1, 1, 0, 0 }, \
+ { 1, 0, &tcp_rst_ppslim }, \
}
int tcp_attach __P((struct socket *));
Home |
Main Index |
Thread Index |
Old Index