svn commit: r319214 - in head/sys: netinet netinet6

Tue May 30 14:32:46 UTC 2017

Author: jtl
Date: Tue May 30 14:32:44 2017
New Revision: 319214
URL: https://svnweb.freebsd.org/changeset/base/319214

Log:
  Enforce the limit on ICMP messages before doing work to formulate the
  response.
  
  Delete an unneeded rate limit for UDP under IPv6. Because ICMP6
  messages have their own rate limit, it is unnecessary to apply a
  second rate limit to UDP messages.
  
  Reviewed by:	glebius
  MFC after:	2 weeks
  Sponsored by:	Netflix
  Differential Revision:	https://reviews.freebsd.org/D10387

Modified:
  head/sys/netinet/ip_icmp.c
  head/sys/netinet6/udp6_usrreq.c

Modified: head/sys/netinet/ip_icmp.c
==============================================================================

--- head/sys/netinet/ip_icmp.c	Tue May 30 13:56:38 2017	(r319213)
+++ head/sys/netinet/ip_icmp.c	Tue May 30 14:32:44 2017	(r319214)
@@ -540,11 +540,10 @@ icmp_input(struct mbuf **mp, int *offp, int proto)
 			ICMPSTAT_INC(icps_bmcastecho);
 			break;
 		}
-		icp->icmp_type = ICMP_ECHOREPLY;
 		if (badport_bandlim(BANDLIM_ICMP_ECHO) < 0)
 			goto freeit;
-		else
-			goto reflect;
+		icp->icmp_type = ICMP_ECHOREPLY;
+		goto reflect;
 
 	case ICMP_TSTAMP:
 		if (V_icmptstamprepl == 0)
@@ -558,13 +557,12 @@ icmp_input(struct mbuf **mp, int *offp, int proto)
 			ICMPSTAT_INC(icps_badlen);
 			break;
 		}
+		if (badport_bandlim(BANDLIM_ICMP_TSTAMP) < 0)
+			goto freeit;
 		icp->icmp_type = ICMP_TSTAMPREPLY;
 		icp->icmp_rtime = iptime();
 		icp->icmp_ttime = icp->icmp_rtime;	/* bogus, do later! */
-		if (badport_bandlim(BANDLIM_ICMP_TSTAMP) < 0)
-			goto freeit;
-		else
-			goto reflect;
+		goto reflect;
 
 	case ICMP_MASKREQ:
 		if (V_icmpmaskrepl == 0)

Modified: head/sys/netinet6/udp6_usrreq.c
==============================================================================
--- head/sys/netinet6/udp6_usrreq.c	Tue May 30 13:56:38 2017	(r319213)
+++ head/sys/netinet6/udp6_usrreq.c	Tue May 30 14:32:44 2017	(r319214)
@@ -104,9 +104,7 @@ __FBSDID("$FreeBSD$");
 #include <netinet/in_systm.h>
 #include <netinet/in_var.h>
 #include <netinet/ip.h>
-#include <netinet/ip_icmp.h>
 #include <netinet/ip6.h>
-#include <netinet/icmp_var.h>
 #include <netinet/icmp6.h>
 #include <netinet/ip_var.h>
 #include <netinet/udp.h>
@@ -480,8 +478,6 @@ udp6_input(struct mbuf **mp, int *offp, int proto)
 			goto badunlocked;
 		}
 		if (V_udp_blackhole)
-			goto badunlocked;
-		if (badport_bandlim(BANDLIM_ICMP6_UNREACH) < 0)
 			goto badunlocked;
 		icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0);
 		return (IPPROTO_DONE);
