[PATCH] IPv6: Sysctl for ICMPv6 Rate Limitation

[PATCH] IPv6: Sysctl for ICMPv6 Rate Limitation

[YOSHIFUJI Hideaki / 吉藤英明]

[-- Attachment #1: Type: Text/Plain, Size: 4233 bytes --]

Hi!

This patch add sysctl for icmp6 rate limit.
This patch is against 2.4.20-pre11 (see below).

Thanks in advance.

Note: This inlined patch conflicts with IPV6_V6ONLY patch.
      So, I attach another patch depend on the IPV6_V6ONLY patch.

-------------------------------------------------------------------
Patch-Name: Sysctl for ICMPv6 Rate Limitation
Patch-Id: FIX_2_4_20_pre11_ICMP_SYSCTL-20021024
Patch-Author: YOSHIFUJI Hideaki / USAGI Project <yoshfuji@linux-ipv6.org>
Credit: YOSHIFUJI Hideaki / USAGI Project <yoshfuji@linux-ipv6.org>
-------------------------------------------------------------------
Index: Documentation/networking/ip-sysctl.txt
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/Documentation/networking/ip-sysctl.txt,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.44.1
diff -u -r1.1.1.1 -r1.1.1.1.44.1
--- Documentation/networking/ip-sysctl.txt	20 Aug 2002 09:48:10 -0000	1.1.1.1
+++ Documentation/networking/ip-sysctl.txt	23 Oct 2002 17:50:19 -0000	1.1.1.1.44.1
@@ -560,8 +560,14 @@
 	routers are present.
 	Default: 3
 
+icmp/*:
+ratelimit - INTEGER
+	Limit the maximal rates for sending ICMPv6 packets.
+	0 to disable any limiting, otherwise the maximal rate in jiffies(1)
+	Default: 100
+
 IPv6 Update by:
-Pekka Savola
-pekkas@netcore.fi
+Pekka Savola <pekkas@netcore.fi>
+YOSHIFUJI Hideaki / USAGI Project <yoshfuji@linux-ipv6.org>
 
 $Id: ip-sysctl.txt,v 1.19.2.1 2001/12/13 08:59:27 davem Exp $
Index: include/linux/sysctl.h
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/include/linux/sysctl.h,v
retrieving revision 1.1.1.2
retrieving revision 1.1.1.2.18.1
diff -u -r1.1.1.2 -r1.1.1.2.18.1
--- include/linux/sysctl.h	9 Oct 2002 01:35:37 -0000	1.1.1.2
+++ include/linux/sysctl.h	23 Oct 2002 17:50:19 -0000	1.1.1.2.18.1
@@ -345,7 +345,8 @@
 enum {
 	NET_IPV6_CONF=16,
 	NET_IPV6_NEIGH=17,
-	NET_IPV6_ROUTE=18
+	NET_IPV6_ROUTE=18,
+	NET_IPV6_ICMP=19
 };
 
 enum {
@@ -371,6 +372,11 @@
 	NET_IPV6_RTR_SOLICITS=8,
 	NET_IPV6_RTR_SOLICIT_INTERVAL=9,
 	NET_IPV6_RTR_SOLICIT_DELAY=10
+};
+
+/* /proc/sys/net/ipv6/icmp */
+enum {
+	NET_IPV6_ICMP_RATELIMIT=1
 };
 
 /* /proc/sys/net/<protocol>/neigh/<dev> */
Index: net/ipv6/icmp.c
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/net/ipv6/icmp.c,v
retrieving revision 1.1.1.2
retrieving revision 1.1.1.2.14.1
diff -u -r1.1.1.2 -r1.1.1.2.14.1
--- net/ipv6/icmp.c	9 Oct 2002 01:35:53 -0000	1.1.1.2
+++ net/ipv6/icmp.c	23 Oct 2002 17:50:19 -0000	1.1.1.2.14.1
@@ -25,6 +25,7 @@
  *					add more length checks and other fixes.
  *	yoshfuji		:	ensure to sent parameter problem for
  *					fragments.
+ *	YOSHIFUJI Hideaki @USAGI:	added sysctl for icmp rate limit.
  */
 
 #define __NO_VERSION__
@@ -40,6 +41,10 @@
 #include <linux/skbuff.h>
 #include <linux/init.h>
 
+#ifdef CONFIG_SYSCTL
+#include <linux/sysctl.h>
+#endif
+
 #include <linux/inet.h>
 #include <linux/netdevice.h>
 #include <linux/icmpv6.h>
@@ -715,3 +720,12 @@
 
 	return fatal;
 }
+
+#ifdef CONFIG_SYSCTL
+ctl_table ipv6_icmp_table[] = {
+	{NET_IPV6_ICMP_RATELIMIT, "ratelimit",
+	&sysctl_icmpv6_time, sizeof(int), 0644, NULL, &proc_dointvec},
+	{0},
+};
+#endif
+
Index: net/ipv6/sysctl_net_ipv6.c
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/net/ipv6/sysctl_net_ipv6.c,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.42.1
diff -u -r1.1.1.1 -r1.1.1.1.42.1
--- net/ipv6/sysctl_net_ipv6.c	20 Aug 2002 09:47:02 -0000	1.1.1.1
+++ net/ipv6/sysctl_net_ipv6.c	23 Oct 2002 17:50:19 -0000	1.1.1.1.42.1
@@ -1,5 +1,8 @@
 /*
  * sysctl_net_ipv6.c: sysctl interface to net IPV6 subsystem.
+ *
+ * Changes:
+ * YOSHIFUJI Hideaki @USAGI:	added icmp sysctl table.
  */
 
 #include <linux/mm.h>
@@ -12,11 +15,13 @@
 #include <net/addrconf.h>
 
 extern ctl_table ipv6_route_table[];
+extern ctl_table ipv6_icmp_table[];
 
 #ifdef CONFIG_SYSCTL
 
 ctl_table ipv6_table[] = {
 	{NET_IPV6_ROUTE, "route", NULL, 0, 0555, ipv6_route_table},
+	{NET_IPV6_ICMP, "icmp", NULL, 0, 0500, ipv6_icmp_table},
 	{0}
 };
 


[-- Attachment #2: linux24-FIX_2_4_20_pre11_DOUBLEBIND+ICMP_SYSCTL-20021024.patch --]
[-- Type: Text/Plain, Size: 3824 bytes --]

Index: Documentation/networking/ip-sysctl.txt
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/Documentation/networking/ip-sysctl.txt,v
retrieving revision 1.1.1.1.42.1
retrieving revision 1.1.1.1.42.1.2.1
diff -u -r1.1.1.1.42.1 -r1.1.1.1.42.1.2.1
--- Documentation/networking/ip-sysctl.txt	22 Oct 2002 19:19:48 -0000	1.1.1.1.42.1
+++ Documentation/networking/ip-sysctl.txt	23 Oct 2002 18:39:55 -0000	1.1.1.1.42.1.2.1
@@ -569,8 +569,14 @@
 	routers are present.
 	Default: 3
 
+icmp/*:
+ratelimit - INTEGER
+	Limit the maximal rates for sending ICMPv6 packets.
+	0 to disable any limiting, otherwise the maximal rate in jiffies(1)
+	Default: 100
+
 IPv6 Update by:
-Pekka Savola
-pekkas@netcore.fi
+Pekka Savola <pekkas@netcore.fi>
+YOSHIFUJI Hideaki / USAGI Project <yoshfuji@linux-ipv6.org>
 
 $Id: ip-sysctl.txt,v 1.19.2.1 2001/12/13 08:59:27 davem Exp $
Index: include/linux/sysctl.h
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/include/linux/sysctl.h,v
retrieving revision 1.1.1.2.16.1
retrieving revision 1.1.1.2.16.1.2.2
diff -u -r1.1.1.2.16.1 -r1.1.1.2.16.1.2.2
--- include/linux/sysctl.h	22 Oct 2002 19:19:48 -0000	1.1.1.2.16.1
+++ include/linux/sysctl.h	24 Oct 2002 04:38:38 -0000	1.1.1.2.16.1.2.2
@@ -346,7 +346,8 @@
 	NET_IPV6_CONF=16,
 	NET_IPV6_NEIGH=17,
 	NET_IPV6_ROUTE=18,
-	NET_IPV6_BINDV6ONLY=20,
+	NET_IPV6_ICMP=19,
+	NET_IPV6_BINDV6ONLY=20
 };
 
 enum {
@@ -372,6 +373,11 @@
 	NET_IPV6_RTR_SOLICITS=8,
 	NET_IPV6_RTR_SOLICIT_INTERVAL=9,
 	NET_IPV6_RTR_SOLICIT_DELAY=10
+};
+
+/* /proc/sys/net/ipv6/icmp */
+enum {
+	NET_IPV6_ICMP_RATELIMIT=1
 };
 
 /* /proc/sys/net/<protocol>/neigh/<dev> */
Index: net/ipv6/icmp.c
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/net/ipv6/icmp.c,v
retrieving revision 1.1.1.2
retrieving revision 1.1.1.2.16.1
diff -u -r1.1.1.2 -r1.1.1.2.16.1
--- net/ipv6/icmp.c	9 Oct 2002 01:35:53 -0000	1.1.1.2
+++ net/ipv6/icmp.c	23 Oct 2002 18:39:20 -0000	1.1.1.2.16.1
@@ -25,6 +25,7 @@
  *					add more length checks and other fixes.
  *	yoshfuji		:	ensure to sent parameter problem for
  *					fragments.
+ *	YOSHIFUJI Hideaki @USAGI:	added sysctl for icmp rate limit.
  */
 
 #define __NO_VERSION__
@@ -40,6 +41,10 @@
 #include <linux/skbuff.h>
 #include <linux/init.h>
 
+#ifdef CONFIG_SYSCTL
+#include <linux/sysctl.h>
+#endif
+
 #include <linux/inet.h>
 #include <linux/netdevice.h>
 #include <linux/icmpv6.h>
@@ -715,3 +720,12 @@
 
 	return fatal;
 }
+
+#ifdef CONFIG_SYSCTL
+ctl_table ipv6_icmp_table[] = {
+	{NET_IPV6_ICMP_RATELIMIT, "ratelimit",
+	&sysctl_icmpv6_time, sizeof(int), 0644, NULL, &proc_dointvec},
+	{0},
+};
+#endif
+
Index: net/ipv6/sysctl_net_ipv6.c
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/net/ipv6/sysctl_net_ipv6.c,v
retrieving revision 1.1.1.1.40.1
retrieving revision 1.1.1.1.40.1.2.1
diff -u -r1.1.1.1.40.1 -r1.1.1.1.40.1.2.1
--- net/ipv6/sysctl_net_ipv6.c	22 Oct 2002 19:19:48 -0000	1.1.1.1.40.1
+++ net/ipv6/sysctl_net_ipv6.c	23 Oct 2002 18:39:20 -0000	1.1.1.1.40.1.2.1
@@ -1,5 +1,8 @@
 /*
  * sysctl_net_ipv6.c: sysctl interface to net IPV6 subsystem.
+ *
+ * Changes:
+ * YOSHIFUJI Hideaki @USAGI:	added icmp sysctl table.
  */
 
 #include <linux/mm.h>
@@ -12,11 +15,13 @@
 #include <net/addrconf.h>
 
 extern ctl_table ipv6_route_table[];
+extern ctl_table ipv6_icmp_table[];
 
 #ifdef CONFIG_SYSCTL
 
 ctl_table ipv6_table[] = {
 	{NET_IPV6_ROUTE, "route", NULL, 0, 0555, ipv6_route_table},
+	{NET_IPV6_ICMP, "icmp", NULL, 0, 0500, ipv6_icmp_table},
 	{NET_IPV6_BINDV6ONLY, "bindv6only",
 	 &sysctl_ipv6_bindv6only, sizeof(int), 0644, NULL, &proc_dointvec},
 	{0}

Re: [PATCH] IPv6: Sysctl for ICMPv6 Rate Limitation

[Pekka Savola]

On Thu, 24 Oct 2002, YOSHIFUJI Hideaki / [iso-2022-jp] ^[$B5HF#1QL@^[(B wrote:
> This patch add sysctl for icmp6 rate limit.
> This patch is against 2.4.20-pre11 (see below).

...

> +icmp/*:
> +ratelimit - INTEGER
> +	Limit the maximal rates for sending ICMPv6 packets.
> +	0 to disable any limiting, otherwise the maximal rate in jiffies(1)
> +	Default: 100
> +

Does this rate-limit all ICMPv6 packets or just ICMPv6 error messages (as 
specified in ICMPv6 specifications).

If all, I believe the default of rate-limiting everything is unacceptable.

Note that in the patch does not seem to add the rate-limit sysctl to any 
functions -- was that to happen in some other patch?

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

Re: [PATCH] IPv6: Sysctl for ICMPv6 Rate Limitation

[YOSHIFUJI Hideaki / 吉藤英明]

In article <Pine.LNX.4.44.0210240847280.8872-100000@netcore.fi> (at Thu, 24 Oct 2002 08:50:25 +0300 (EEST)), Pekka Savola <pekkas@netcore.fi> says:

> > +icmp/*:
> > +ratelimit - INTEGER
> > +	Limit the maximal rates for sending ICMPv6 packets.
> > +	0 to disable any limiting, otherwise the maximal rate in jiffies(1)
> > +	Default: 100
> > +
> 
> Does this rate-limit all ICMPv6 packets or just ICMPv6 error messages (as 
> specified in ICMPv6 specifications).
> 
> If all, I believe the default of rate-limiting everything is unacceptable.

This patch just adds sysctl.  It is my documentation error...
is s/ICMPv6 packets/ICMPv6 error packets/ ok?

(I need to do s/100/HZ/, too; This also lives in ICMP(v4)).

--yoshfuji

Re: [PATCH] IPv6: Sysctl for ICMPv6 Rate Limitation

[Pekka Savola]

On Thu, 24 Oct 2002, YOSHIFUJI Hideaki / [iso-2022-jp] ^[$B5HF#1QL@^[(B wrote:
> In article <Pine.LNX.4.44.0210240847280.8872-100000@netcore.fi> (at Thu, 24 Oct 2002 08:50:25 +0300 (EEST)), Pekka Savola <pekkas@netcore.fi> says:
> 
> > > +icmp/*:
> > > +ratelimit - INTEGER
> > > +	Limit the maximal rates for sending ICMPv6 packets.
> > > +	0 to disable any limiting, otherwise the maximal rate in jiffies(1)
> > > +	Default: 100
> > > +
> > 
> > Does this rate-limit all ICMPv6 packets or just ICMPv6 error messages (as 
> > specified in ICMPv6 specifications).
> > 
> > If all, I believe the default of rate-limiting everything is unacceptable.
> 
> This patch just adds sysctl.  It is my documentation error...
> is s/ICMPv6 packets/ICMPv6 error packets/ ok?
> 
> (I need to do s/100/HZ/, too; This also lives in ICMP(v4)).

That change fine with me, thanks.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

Re: [PATCH] IPv6: Sysctl for ICMPv6 Rate Limitation

[YOSHIFUJI Hideaki / 吉藤英明]

In article <Pine.LNX.4.44.0210240858060.8872-100000@netcore.fi> (at Thu, 24 Oct 2002 08:59:16 +0300 (EEST)), Pekka Savola <pekkas@netcore.fi> says:

> > > Does this rate-limit all ICMPv6 packets or just ICMPv6 error messages (as 
> > > specified in ICMPv6 specifications).
> > > 
> > > If all, I believe the default of rate-limiting everything is unacceptable.
> > 
> > This patch just adds sysctl.  It is my documentation error...
> > is s/ICMPv6 packets/ICMPv6 error packets/ ok?
> > 
> > (I need to do s/100/HZ/, too; This also lives in ICMP(v4)).
> 
> That change fine with me, thanks.

Please apply the following patch on top of the previous 
"Sysctl for ICMPv6 Rate Limitation" patch.  Thanks.

Index: Documentation/networking/ip-sysctl.txt
===================================================================
RCS file: /cvsroot/usagi/usagi-backport/linux24/Documentation/networking/ip-sysctl.txt,v
retrieving revision 1.1.1.1.44.1
retrieving revision 1.1.1.1.44.1.2.2
diff -u -r1.1.1.1.44.1 -r1.1.1.1.44.1.2.2
--- Documentation/networking/ip-sysctl.txt	23 Oct 2002 17:50:19 -0000	1.1.1.1.44.1
+++ Documentation/networking/ip-sysctl.txt	24 Oct 2002 07:03:46 -0000	1.1.1.1.44.1.2.2
@@ -316,7 +316,7 @@
 	Limit the maximal rates for sending ICMP packets whose type matches
 	icmp_ratemask (see below) to specific targets.
 	0 to disable any limiting, otherwise the maximal rate in jiffies(1)
-	Default: 100
+	Default: HZ
 
 icmp_ratemask - INTEGER
 	Mask made of ICMP types for which rates are being limited.
@@ -562,9 +562,9 @@
 
 icmp/*:
 ratelimit - INTEGER
-	Limit the maximal rates for sending ICMPv6 packets.
+	Limit the maximal rates for sending ICMPv6 error packets.
 	0 to disable any limiting, otherwise the maximal rate in jiffies(1)
-	Default: 100
+	Default: HZ
 
 IPv6 Update by:
 Pekka Savola <pekkas@netcore.fi>

-- 
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@linux-ipv6.org>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA

Re: [PATCH] IPv6: Sysctl for ICMPv6 Rate Limitation

[David S. Miller]

On Wed, 2002-10-23 at 21:50, YOSHIFUJI Hideaki / 吉藤英明 wrote:
> This patch add sysctl for icmp6 rate limit.
> This patch is against 2.4.20-pre11 (see below).

I've applied this patch to my 2.4.x and 2.5.x trees, thank you.