yes, I frequently run into this and always forget to follow up. we
might even want some heuristic for the errppslimit.
anyway, this is good and makes sense. ok.
* Claudio Jeker <cje...@diehard.n-r-g.com> [2014-01-19 00:04]:
> As done in IPv6 land report how many packets are dropped because we hit
> the rate limiter (net.inet.icmp.errppslimit). On bigger routers it may be
> needed to tune that value up in case to many packets are dropped.
>
> OK?
> --
> :wq Claudio
>
> Index: sys/netinet/icmp_var.h
> ===================================================================
> RCS file: /cvs/src/sys/netinet/icmp_var.h,v
> retrieving revision 1.13
> diff -u -p -r1.13 icmp_var.h
> --- sys/netinet/icmp_var.h 13 Dec 2007 20:00:53 -0000 1.13
> +++ sys/netinet/icmp_var.h 18 Jan 2014 22:52:51 -0000
> @@ -42,6 +42,7 @@
> struct icmpstat {
> /* statistics related to icmp packets generated */
> u_long icps_error; /* # of calls to icmp_error */
> + u_long icps_toofreq; /* no error because rate limiter */
> u_long icps_oldshort; /* no error because old ip too short */
> u_long icps_oldicmp; /* no error because old was icmp */
> u_long icps_outhist[ICMP_MAXTYPE + 1];
> Index: sys/netinet/ip_icmp.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/ip_icmp.c,v
> retrieving revision 1.113
> diff -u -p -r1.113 ip_icmp.c
> --- sys/netinet/ip_icmp.c 9 Jan 2014 06:29:06 -0000 1.113
> +++ sys/netinet/ip_icmp.c 18 Jan 2014 22:53:19 -0000
> @@ -178,8 +178,10 @@ icmp_do_error(struct mbuf *n, int type,
> /*
> * First, do a rate limitation check.
> */
> - if (icmp_ratelimit(&oip->ip_src, type, code))
> - goto freeit; /* XXX stat */
> + if (icmp_ratelimit(&oip->ip_src, type, code)) {
> + icmpstat.icps_toofreq++;
> + goto freeit;
> + }
>
> /*
> * Now, formulate icmp message
> Index: usr.bin/netstat/inet.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/netstat/inet.c,v
> retrieving revision 1.129
> diff -u -p -r1.129 inet.c
> --- usr.bin/netstat/inet.c 25 Dec 2013 01:46:00 -0000 1.129
> +++ usr.bin/netstat/inet.c 18 Jan 2014 22:55:15 -0000
> @@ -583,6 +583,9 @@ icmp_stats(char *name)
> p(icps_error, "\t%lu call%s to icmp_error\n");
> p(icps_oldicmp,
> "\t%lu error%s not generated because old message was icmp\n");
> + p(icps_toofreq,
> + "\t%llu error%s not generated because of rate limitation\n");
> +
> for (first = 1, i = 0; i < ICMP_MAXTYPE + 1; i++)
> if (icmpstat.icps_outhist[i] != 0) {
> if (first) {
>
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
