On Sun, 29 Jul 2001 kuznet@xxxxxxxxxxxxx wrote:
> Hello!
>
> > So in conclusion:
> >
> > with net.ipv4.icmp_echoreply_rate=0:
>
> Congratulations! That's why I do not see this, forgot to ping before. :-)
>
> The patch is enclosed.
Alexey, there is a tiny problem with your patch.
If you reboot the computer, the _first_ ping/scan attempt will not return
icmp dest unreachable. All of the rest do. If the network was quiet
enough, I guess there might be some circumstances where this could be
applicable again..
> --- ../dust/vger3-010728/linux/net/ipv4/icmp.c Thu Jun 14 22:49:44 2001
> +++ linux/net/ipv4/icmp.c Sun Jul 29 19:52:55 2001
> @@ -240,12 +240,15 @@
> int xrlim_allow(struct dst_entry *dst, int timeout)
> {
> unsigned long now;
> + static int burst;
>
> now = jiffies;
> dst->rate_tokens += now - dst->rate_last;
> dst->rate_last = now;
> - if (dst->rate_tokens > XRLIM_BURST_FACTOR*timeout)
> - dst->rate_tokens = XRLIM_BURST_FACTOR*timeout;
> + if (burst < XRLIM_BURST_FACTOR*timeout)
> + burst = XRLIM_BURST_FACTOR*timeout;
> + if (dst->rate_tokens > burst)
> + dst->rate_tokens = burst;
> if (dst->rate_tokens >= timeout) {
> dst->rate_tokens -= timeout;
> return 1;
>
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
|