From: Andy Johnson <johnsonzjo@gmail.com>
To: netdev@vger.kernel.org
Subject: Re: ICMP rate limiting in IPv4 but not in IPv6
Date: Fri, 13 Sep 2013 18:57:56 +0300 [thread overview]
Message-ID: <CAF0Lin2-ooC6iQCwjnf5196cfy0Xii6H5prS4CEsjeJVAFYcyA@mail.gmail.com> (raw)
In-Reply-To: <CAF0Lin0xTW4oQ0OQaTzJhoS6XV3nbb8yZx8jDMAcGyJo9zTs9A@mail.gmail.com>
Hello,
After probing into the RFC of ICMPv6, I am even more confused.
RFC 4443 says:
2.4. Message Processing Rules
...
(f) Finally, in order to limit the bandwidth and forwarding costs
incurred by originating ICMPv6 error messages, an IPv6 node MUST
limit the rate of ICMPv6 error messages it originates.
...
The rate-limiting parameters SHOULD be configurable.
...
Any ideas?
regards,
Andy
On Fri, Sep 13, 2013 at 10:21 AM, Andy Johnson <johnsonzjo@gmail.com> wrote:
> Hello,
>
> I am trying to understand the difference between ICMP rate limiting
> in IPv4 and in IPv6.
>
> In IPv4 we have the ability to rate limit ICMPv4 while in IPv6 we do not have
> this ability.
>
> To be more code-oriented:
> The icmpv4_xrlim_allow() method does inspect the rate mask,
> (net->ipv4.sysctl_icmp_ratemask)
> whereas the icmpv6_xrlim_allow() method does not inspect the rate mask.
>
> I do not understand why, for example, we can rate limit ICMPv4 messages of
> Echo Reply and not rate limit ICMPv6 messages of Echo Reply.
>
> See: icmp_ratemask and icmp_ratelimit in Documentation/networking/ip-sysctl.txt
>
> I believe there is some reason behind it (adding checking of rate mask
> seems to me trivial). I try to figure out the reason behind this but I did not
> find anything reasonable,
>
> Does anybody happen to know ?
>
> Regards,
> Andy
next prev parent reply other threads:[~2013-09-13 15:57 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-13 7:21 ICMP rate limiting in IPv4 but not in IPv6 Andy Johnson
2013-09-13 15:57 ` Andy Johnson [this message]
2013-09-13 16:44 ` Hannes Frederic Sowa
2013-09-13 17:26 ` Loganaden Velvindron
2013-09-13 18:17 ` Hannes Frederic Sowa
2013-09-13 18:26 ` Andy Johnson
2013-09-13 20:40 ` Hannes Frederic Sowa
2013-09-13 18:32 ` GRE support for IPv6 Templin, Fred L
2013-09-13 21:01 ` Hannes Frederic Sowa
2013-09-13 21:22 ` Templin, Fred L
2013-09-13 21:46 ` Stephen Hemminger
2013-09-13 22:06 ` Stephen Hemminger
2013-09-13 22:37 ` Templin, Fred L
2013-09-13 23:21 ` Templin, Fred L
2013-09-27 8:41 ` Hannes Frederic Sowa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAF0Lin2-ooC6iQCwjnf5196cfy0Xii6H5prS4CEsjeJVAFYcyA@mail.gmail.com \
--to=johnsonzjo@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).