[src/trunk]: src/sys/netinet suppress source quence message, based on router-...

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/987e2fa1d3c8
branches:  trunk
changeset: 522556:987e2fa1d3c8
user:      itojun <itojun%NetBSD.org@localhost>
date:      Thu Feb 21 08:39:33 2002 +0000

description:
suppress source quence message, based on router-req RFC (also could be abused
as DoS traffic generator).  from kjc/kame

diffstat:

 sys/netinet/ip_input.c |  16 ++++++++++++++--
 1 files changed, 14 insertions(+), 2 deletions(-)

diffs (40 lines):

diff -r 20f48a696588 -r 987e2fa1d3c8 sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c    Thu Feb 21 08:23:31 2002 +0000
+++ b/sys/netinet/ip_input.c    Thu Feb 21 08:39:33 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_input.c,v 1.142 2001/11/28 09:25:13 darrenr Exp $   */
+/*     $NetBSD: ip_input.c,v 1.143 2002/02/21 08:39:33 itojun Exp $    */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -102,7 +102,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.142 2001/11/28 09:25:13 darrenr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.143 2002/02/21 08:39:33 itojun Exp $");
 
 #include "opt_gateway.h"
 #include "opt_pfil_hooks.h"
@@ -1665,9 +1665,21 @@
                break;
 
        case ENOBUFS:
+#if 1
+               /*
+                * a router should not generate ICMP_SOURCEQUENCH as
+                * required in RFC1812 Requirements for IP Version 4 Routers.
+                * source quench could be a big problem under DoS attacks,
+                * or the underlying interface is rate-limited.
+                */
+               if (mcopy)
+                       m_freem(mcopy);
+               return;
+#else
                type = ICMP_SOURCEQUENCH;
                code = 0;
                break;
+#endif
        }
        icmp_error(mcopy, type, code, dest, destifp);
 }