| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190418.165832.965538529781548409.davem@davemloft.net> Date: Thu, 18 Apr 2019 16:58:32 -0700 (PDT) From: David Miller <davem@...emloft.net> To: ssuryaextr@...il.com Cc: netdev@...r.kernel.org, brouer@...hat.com Subject: Re: [PATCH net-next,v3] ipv6: Add rate limit mask for ICMPv6 messages From: Stephen Suryaputra <ssuryaextr@...il.com> Date: Wed, 17 Apr 2019 16:35:49 -0400 > To make ICMPv6 closer to ICMPv4, add ratemask parameter. Since the ICMP > message types use larger numeric values, a simple bitmask doesn't fit. > I use large bitmap. The input and output are the in form of list of > ranges. Set the default to rate limit all error messages but Packet Too > Big. For Packet Too Big, use ratemask instead of hard-coded. > > There are functions where icmpv6_xrlim_allow() and icmpv6_global_allow() > aren't called. This patch only adds them to icmpv6_echo_reply(). > > Rate limiting error messages is mandated by RFC 4443 but RFC 4890 says > that it is also acceptable to rate limit informational messages. Thus, > I removed the current hard-coded behavior of icmpv6_mask_allow() that > doesn't rate limit informational messages. > > v2: Add dummy function proc_do_large_bitmap() if CONFIG_PROC_SYSCTL > isn't defined, expand the description in ip-sysctl.txt and remove > unnecessary conditional before kfree(). > v3: Inline the bitmap instead of dynamically allocated. Still is a > pointer to it is needed because of the way proc_do_large_bitmap work. > Signed-off-by: Stephen Suryaputra <ssuryaextr@...il.com> Applied, thanks.
Powered by blists - more mailing lists