Omission in earlier rate-limit...
The
HyperNews
Linux KHG
Discussion Pages
Omission in earlier rate-limit...Forum: The Linux Kernel Hackers' GuideRe:
Can you block or ignore ICMP packets?Re:
ICMP send rate limit / ignoring (Jukka Santala)Keywords: ICMP ping Internet echo floodDate: Thu, 15 May 1997 22:44:33 GMTFrom: Jukka Santala <e75644@uwasa.fi>Oops, what a mistake. I missed the fact that icmp_send()
isn't actually used for replying to ICMP_ECHO_REQUEST's etc.
so no matter how you change the table in question, none
of the replies are going to be limited... so what you need
to do is add a call to the check in question to icmp_reply()
as well, which is something that can already be called real
kernel hacking. Here's how I'm doing it; however...
1) I haven't yet rebooted with this code... wish me luck ;)
2) Am I missing something? ping -f and ping -l get mostly ignored
Here's the bit of code, in icmp_reply() right at the beginning (after local varable definitions) :
#ifndef CONFIG_NO_ICMP_LIMIT
if(!xrlim_allow(icmp_param->icmph.type, skb->nh.iph->saddr))
return;
#endif
I'll let you know how my tests with the thing proceed ;)
(Sorry for bad formatting, I managed to break my PPP thingy playing around with filedescriptors, it seems, and this remote lynx doesn't quite handle text-fields properly, it seems... :P)
Messages
Inline:
Outline:
1.
Patch worked... by Jukka Santalato: "Omission in earlier rate-limit..."
n