netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* ping DOS avoidance?
       [not found] <d9dc600703091718m508cdafbm46a4aad9b613d9c1@mail.gmail.com>
@ 2007-03-15  1:59 ` Luis Carlos Cobo Rus
  2007-03-15 16:44   ` Rick Jones
  0 siblings, 1 reply; 2+ messages in thread
From: Luis Carlos Cobo Rus @ 2007-03-15  1:59 UTC (permalink / raw)
  To: Netdev List

Hi,

I'm stress testing some network devices by doing some cross flood
pings among them. It occurs  sometimes that one of the hosts (host
foo) will stop answering to pings from other hosts. foo can ping all
the other hosts, and I can use ssh back and forth, but it doesn't
answer ping requests.

More info:
- tcpdump at foo actually shows the ping requests (but no replies)
- other network interfaces connected at foo also stop answering pings
- icmp_echo_ignore_all is 0
- foo cannot even ping itself. I would swear it was able to ping
itself, but just went to confirm it for this mail and found out it
isn't.

I took a look at icmp.c to see where the packet could get dropped but
found nothing. I assume it's some kind of DOS prevention, but I don't
know where it is taking place nor how to revert it. Any hint would be
appreciated.

Thanks in advance!

--
Luis Carlos Cobo Rus       GnuPG ID: 44019B60
cozybit Inc.

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: ping DOS avoidance?
  2007-03-15  1:59 ` ping DOS avoidance? Luis Carlos Cobo Rus
@ 2007-03-15 16:44   ` Rick Jones
  0 siblings, 0 replies; 2+ messages in thread
From: Rick Jones @ 2007-03-15 16:44 UTC (permalink / raw)
  To: Luis Carlos Cobo Rus; +Cc: Netdev List

I was just asked about something not too different, involving IIRC 
tnsping.  It got me to looking at ip_sysctl.txt which has:

icmp_ratelimit - INTEGER
         Limit the maximal rates for sending ICMP packets whose type
         matches icmp_ratemask (see below) to specific targets.
         0 to disable any limiting, otherwise the maximal rate in
         jiffies(1)
         Default: 100

icmp_ratemask - INTEGER
         Mask made of ICMP types for which rates are being limited.
         Significant bits: IHGFEDCBA9876543210
         Default mask:     0000001100000011000 (6168)

         Bit definitions (see include/linux/icmp.h):
                 0 Echo Reply
                 3 Destination Unreachable *
                 4 Source Quench *
                 5 Redirect
                 8 Echo Request
                 B Time Exceeded *
                 C Parameter Problem *
                 D Timestamp Request
                 E Timestamp Reply
                 F Info Request
                 G Info Reply
                 H Address Mask Request
                 I Address Mask Reply

         * These are rate limited by default (see default mask above)


(I've always been used to masks being specified as hex values)

rick jones

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-03-15 16:44 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <d9dc600703091718m508cdafbm46a4aad9b613d9c1@mail.gmail.com>
2007-03-15  1:59 ` ping DOS avoidance? Luis Carlos Cobo Rus
2007-03-15 16:44   ` Rick Jones

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).