icmp6: rate limit our echo replies
The generation of ICMP6_ECHO_REPLY bypasses icmp6_error(), thus rate limit was not applied. Reviewed by: tuexen, zlei Differential Revision: https://reviews.freebsd.org/D44480
This commit is contained in:
@@ -546,6 +546,8 @@ icmp6_input(struct mbuf **mp, int *offp, int proto)
|
||||
icmp6_ifstat_inc(ifp, ifs6_in_echo);
|
||||
if (code != 0)
|
||||
goto badcode;
|
||||
if (icmp6_ratelimit(&ip6->ip6_src, ICMP6_ECHO_REPLY, 0))
|
||||
break;
|
||||
if ((n = m_copym(m, 0, M_COPYALL, M_NOWAIT)) == NULL) {
|
||||
/* Give up remote */
|
||||
break;
|
||||
|
||||
Reference in New Issue
Block a user