独学而无友,则孤陋而寡闻!
分类: BSD
2013-02-03 20:59:13
前些日子出现ping的limit限制,这个很容易理解,是ping的扫描或DDOS。 这几天又出现“Limiting open port RST response from XXX to 200 packets/sec”,想找内核变量,但是一直没找到,实在没办法,搜源代码! 终于搜到了,原来跟icmp是一家子的,用同一个内核变量,即:net.inet.icmp.icmplim=200,代码如下: 文件:/usr/src/sys/netinet/ip_icmp.c #define N(a) (sizeof (a) / sizeof (a[0])) static struct rate { const char *type; struct timeval lasttime; int curpps; } rates[BANDLIM_MAX+1] = { { "icmp unreach response" }, { "icmp ping response" }, { "icmp tstamp response" }, { "closed port RST response" }, { "open port RST response" }, { "icmp6 unreach response" }, { "sctp ootb response" } }; /* * Return ok status if feature disabled or argument out of range. */ if (V_icmplim > 0 && (u_int) which < N(rates)) { struct rate *r = &rates[which]; int opps = r->curpps; if (!ppsratecheck(&r->lasttime, &r->curpps, V_icmplim)) return -1; /* discard packet */ /* * If we've dropped below the threshold after having * rate-limited traffic print the message. This preserves * the previous behaviour at the expense of added complexity. */ if (V_icmplim_output && opps > V_icmplim) log(LOG_NOTICE, "Limiting %s from %d to %d packets/sec\n", r->type, opps, V_icmplim); } return 0; /* okay to send packet */ #undef N }