yes, I frequently run into this and always forget to follow up. we might even want some heuristic for the errppslimit. anyway, this is good and makes sense. ok.
* Claudio Jeker <cje...@diehard.n-r-g.com> [2014-01-19 00:04]: > As done in IPv6 land report how many packets are dropped because we hit > the rate limiter (net.inet.icmp.errppslimit). On bigger routers it may be > needed to tune that value up in case to many packets are dropped. > > OK? > -- > :wq Claudio > > Index: sys/netinet/icmp_var.h > =================================================================== > RCS file: /cvs/src/sys/netinet/icmp_var.h,v > retrieving revision 1.13 > diff -u -p -r1.13 icmp_var.h > --- sys/netinet/icmp_var.h 13 Dec 2007 20:00:53 -0000 1.13 > +++ sys/netinet/icmp_var.h 18 Jan 2014 22:52:51 -0000 > @@ -42,6 +42,7 @@ > struct icmpstat { > /* statistics related to icmp packets generated */ > u_long icps_error; /* # of calls to icmp_error */ > + u_long icps_toofreq; /* no error because rate limiter */ > u_long icps_oldshort; /* no error because old ip too short */ > u_long icps_oldicmp; /* no error because old was icmp */ > u_long icps_outhist[ICMP_MAXTYPE + 1]; > Index: sys/netinet/ip_icmp.c > =================================================================== > RCS file: /cvs/src/sys/netinet/ip_icmp.c,v > retrieving revision 1.113 > diff -u -p -r1.113 ip_icmp.c > --- sys/netinet/ip_icmp.c 9 Jan 2014 06:29:06 -0000 1.113 > +++ sys/netinet/ip_icmp.c 18 Jan 2014 22:53:19 -0000 > @@ -178,8 +178,10 @@ icmp_do_error(struct mbuf *n, int type, > /* > * First, do a rate limitation check. > */ > - if (icmp_ratelimit(&oip->ip_src, type, code)) > - goto freeit; /* XXX stat */ > + if (icmp_ratelimit(&oip->ip_src, type, code)) { > + icmpstat.icps_toofreq++; > + goto freeit; > + } > > /* > * Now, formulate icmp message > Index: usr.bin/netstat/inet.c > =================================================================== > RCS file: /cvs/src/usr.bin/netstat/inet.c,v > retrieving revision 1.129 > diff -u -p -r1.129 inet.c > --- usr.bin/netstat/inet.c 25 Dec 2013 01:46:00 -0000 1.129 > +++ usr.bin/netstat/inet.c 18 Jan 2014 22:55:15 -0000 > @@ -583,6 +583,9 @@ icmp_stats(char *name) > p(icps_error, "\t%lu call%s to icmp_error\n"); > p(icps_oldicmp, > "\t%lu error%s not generated because old message was icmp\n"); > + p(icps_toofreq, > + "\t%llu error%s not generated because of rate limitation\n"); > + > for (first = 1, i = 0; i < ICMP_MAXTYPE + 1; i++) > if (icmpstat.icps_outhist[i] != 0) { > if (first) { > -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/