PERFORCE change 124982 for review

Matus Harvan mharvan at FreeBSD.org
Thu Aug 9 16:25:52 PDT 2007 

http://perforce.freebsd.org/chv.cgi?CH=124982

Change 124982 by mharvan at mharvan_bike-planet on 2007/08/09 23:25:40

	rate limit for TYCP_CATCHALL-created sockets

Affected files ...

.. //depot/projects/soc2007/mharvan-mtund/sys.patches/tcp_catchall/sys.patch#3 edit

Differences ...

==== //depot/projects/soc2007/mharvan-mtund/sys.patches/tcp_catchall/sys.patch#3 (text+ko) ====

@@ -4,7 +4,7 @@
 retrieving revision 1.31.2.2
 diff -u -r1.31.2.2 tcp.h
 --- tcp.h	5 Mar 2007 10:21:52 -0000	1.31.2.2
-+++ tcp.h	9 Aug 2007 22:41:16 -0000
++++ tcp.h	9 Aug 2007 23:15:00 -0000
 @@ -160,6 +160,7 @@
  #define TCP_NOOPT	0x08	/* don't use TCP options */
  #define TCP_MD5SIG	0x10	/* use MD5 digests (RFC2385) */
@@ -19,8 +19,17 @@
 retrieving revision 1.281.2.13
 diff -u -r1.281.2.13 tcp_input.c
 --- tcp_input.c	12 Jun 2007 18:53:32 -0000	1.281.2.13
-+++ tcp_input.c	9 Aug 2007 22:41:18 -0000
-@@ -163,6 +163,7 @@
++++ tcp_input.c	9 Aug 2007 23:15:02 -0000
+@@ -159,10 +159,16 @@
+ 	   &tcp_reass_overflows, 0,
+ 	   "Global number of TCP Segment Reassembly Queue Overflows");
+ 
++static int      catchalllim = 5;
++SYSCTL_INT(_net_inet_tcp, OID_AUTO, catchalllim, CTLFLAG_RW,
++	&catchalllim, 0,
++	   "Rate limit on sockets created by the TCP_CATCHALL socket");
++
+ struct inpcbhead tcb;
  #define	tcb6	tcb  /* for KAME src sync over BSD*'s */
  struct inpcbinfo tcbinfo;
  struct mtx	*tcbinfo_mtx;
@@ -28,7 +37,19 @@
  
  static void	 tcp_dooptions(struct tcpopt *, u_char *, int, int);
  
-@@ -690,6 +691,19 @@
+@@ -465,6 +471,11 @@
+ 	struct tcphdr tcp_savetcp;
+ 	short ostate = 0;
+ #endif
++	static struct rate {
++		struct timeval	lasttime;
++		int		curpps;
++	} catchallr;
++
+ 
+ #ifdef INET6
+ 	isipv6 = (mtod(m, struct ip *)->ip_v == 6) ? 1 : 0;
+@@ -690,6 +701,32 @@
  		goto drop;
  	}
  #endif /*IPSEC || FAST_IPSEC*/
@@ -42,8 +63,21 @@
 +		strcpy(sbuf, inet_ntoa(ip->ip_src));
 +		printf("\tip_src: %s, sport: %hu\n\tip_dst: %s, dport: %hu\n",
 +		    sbuf, ntohs(th->th_sport), dbuf, ntohs(th->th_dport));
-+		
-+		inp = inp_catchall;
++
++		/* do rate limiting for SYN packets */
++		if (thflags & TH_SYN) {
++			if (catchalllim > 0) 
++				if (ppsratecheck(&catchallr.lasttime,
++				    &catchallr.curpps, catchalllim))
++					inp = inp_catchall;
++				else
++				    printf("ppsratecheck limited "
++					"tcp_catchall\n");
++			else
++				printf("ppsratecheck limited tcp_catchall\n");
++
++		} else
++			inp = inp_catchall;
 +	}
  
  	/*
@@ -54,12 +88,13 @@
 retrieving revision 1.228.2.14
 diff -u -r1.228.2.14 tcp_subr.c
 --- tcp_subr.c	30 Dec 2006 17:58:46 -0000	1.228.2.14
-+++ tcp_subr.c	9 Aug 2007 22:41:19 -0000
-@@ -324,6 +324,9 @@
++++ tcp_subr.c	9 Aug 2007 23:15:04 -0000
+@@ -324,6 +324,10 @@
  	tcp_rexmit_slop = TCPTV_CPU_VAR;
  	tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH;
  
-+	printf("TCP_CATCHALL initialization\n");
++	printf("TCP_CATCHALL initialization (was 0x%x)\n", 
++	       (unsigned int)inp_catchall);
 +	inp_catchall = NULL;
 +
  	INP_INFO_LOCK_INIT(&tcbinfo, "tcp");
@@ -71,7 +106,7 @@
 retrieving revision 1.124.2.6
 diff -u -r1.124.2.6 tcp_usrreq.c
 --- tcp_usrreq.c	8 Jan 2007 18:10:12 -0000	1.124.2.6
-+++ tcp_usrreq.c	9 Aug 2007 22:41:21 -0000
++++ tcp_usrreq.c	9 Aug 2007 23:15:05 -0000
 @@ -162,6 +162,12 @@
  		INP_INFO_WUNLOCK(&tcbinfo);
  		return error;
@@ -143,7 +178,7 @@
 retrieving revision 1.126.2.3
 diff -u -r1.126.2.3 tcp_var.h
 --- tcp_var.h	19 Sep 2006 12:58:40 -0000	1.126.2.3
-+++ tcp_var.h	9 Aug 2007 22:41:22 -0000
++++ tcp_var.h	9 Aug 2007 23:15:05 -0000
 @@ -504,6 +504,7 @@
  
  extern	struct inpcbhead tcb;		/* head of queue of active tcpcb's */

More information about the p4-projects mailing list