--On Sunday, August 05, 2001 10:22:52 PM +0200 clemens
<therapy@xxxxxxxxxxxxx> wrote:
> On Thu, Aug 02, 2001 at 04:22:15PM -0300, Harald Welte wrote:
>
>> > this patch introduces global icmp rate limiting
>> > (/proc/sys/net/ipv4/icmp_ratelimit) with the ability to arbitary
>> > rate limit or unlimit certain icmp types
>> > (/proc/sys/net/ipv4/icmp_ratemask, but you better have a look at
>> > icmp.c before changing this).
>>
>> If somebody is going to change the icmp rate limiting code, please
>> take into consideration fixing the kernel/userspace interface as
>> well.
>
> you're absolutly right.
> please consider patch attached.
>
> unit for icmp_ratelimit will be [packets/second].
> HZ multiplication is cached in icmpv4_xrlim_allow.
>
> networking code maintainers please take note of this patch. i
> haven't got any response by official maintainers.
Please, is it possible that there is a "signal" somewhere in the
/proc-FS to recognize, whether HZ or [packets/second] are used.
Because of firewall scripts can be made able to recognize it and
change their values the'll applied on rates using sysctl or something
else.
Otherwise, script applies e.g. "100" which isn't good anymore using
new (and really better) unit.
Peter
|