• Eric Dumazet's avatar
    icmp: add a global rate limitation · 4cdf507d
    Eric Dumazet authored
    Current ICMP rate limiting uses inetpeer cache, which is an RBL tree
    protected by a lock, meaning that hosts can be stuck hard if all cpus
    want to check ICMP limits.
    
    When say a DNS or NTP server process is restarted, inetpeer tree grows
    quick and machine comes to its knees.
    
    iptables can not help because the bottleneck happens before ICMP
    messages are even cooked and sent.
    
    This patch adds a new global limitation, using a token bucket filter,
    controlled by two new sysctl :
    
    icmp_msgs_per_sec - INTEGER
        Limit maximal number of ICMP packets sent per second from this host.
        Only messages whose type matches icmp_ratemask are
        controlled by this limit.
        Default: 1000
    
    icmp_msgs_burst - INTEGER
        icmp_msgs_per_sec controls number of ICMP packets sent per second,
        while icmp_msgs_burst controls the burst size of these packets.
        Default: 50
    
    Note that if we really want to send millions of ICMP messages per
    second, we might extend idea and infra added in commit 04ca6973
    ("ip: make IP identifiers less predictable") :
    add a token bucket in the ip_idents hash and no longer rely on inetpeer.
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    4cdf507d
icmp.c 22.8 KB