独学而无友,则孤陋而寡闻!
分类: BSD
2013-02-03 20:59:13
前些日子出现ping的limit限制,这个很容易理解,是ping的扫描或DDOS。
这几天又出现“Limiting open port RST response from XXX to 200 packets/sec”,想找内核变量,但是一直没找到,实在没办法,搜源代码!
终于搜到了,原来跟icmp是一家子的,用同一个内核变量,即:net.inet.icmp.icmplim=200,代码如下:
文件:/usr/src/sys/netinet/ip_icmp.c
#define N(a) (sizeof (a) / sizeof (a[0]))
static struct rate {
const char *type;
struct timeval lasttime;
int curpps;
} rates[BANDLIM_MAX+1] = {
{ "icmp unreach response" },
{ "icmp ping response" },
{ "icmp tstamp response" },
{ "closed port RST response" },
{ "open port RST response" },
{ "icmp6 unreach response" },
{ "sctp ootb response" }
};
/*
* Return ok status if feature disabled or argument out of range.
*/
if (V_icmplim > 0 && (u_int) which < N(rates)) {
struct rate *r = &rates[which];
int opps = r->curpps;
if (!ppsratecheck(&r->lasttime, &r->curpps, V_icmplim))
return -1; /* discard packet */
/*
* If we've dropped below the threshold after having
* rate-limited traffic print the message. This preserves
* the previous behaviour at the expense of added complexity.
*/
if (V_icmplim_output && opps > V_icmplim)
log(LOG_NOTICE, "Limiting %s from %d to %d packets/sec\n",
r->type, opps, V_icmplim);
}
return 0; /* okay to send packet */
#undef N
}