diff options
author | Eric Dumazet <edumazet@google.com> | 2014-09-19 10:38:40 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-09-23 12:47:38 -0400 |
commit | 4cdf507d54525842dfd9f6313fdafba039084046 (patch) | |
tree | 3ea6c335251ee0b0bdb404df727ca307d55a9de9 /Documentation/networking | |
parent | e8b56d55a30afe588d905913d011678235dda437 (diff) |
icmp: add a global rate limitation
Current ICMP rate limiting uses inetpeer cache, which is an RBL tree
protected by a lock, meaning that hosts can be stuck hard if all cpus
want to check ICMP limits.
When say a DNS or NTP server process is restarted, inetpeer tree grows
quick and machine comes to its knees.
iptables can not help because the bottleneck happens before ICMP
messages are even cooked and sent.
This patch adds a new global limitation, using a token bucket filter,
controlled by two new sysctl :
icmp_msgs_per_sec - INTEGER
Limit maximal number of ICMP packets sent per second from this host.
Only messages whose type matches icmp_ratemask are
controlled by this limit.
Default: 1000
icmp_msgs_burst - INTEGER
icmp_msgs_per_sec controls number of ICMP packets sent per second,
while icmp_msgs_burst controls the burst size of these packets.
Default: 50
Note that if we really want to send millions of ICMP messages per
second, we might extend idea and infra added in commit 04ca6973f7c1a
("ip: make IP identifiers less predictable") :
add a token bucket in the ip_idents hash and no longer rely on inetpeer.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation/networking')
-rw-r--r-- | Documentation/networking/ip-sysctl.txt | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt index 1b5581a30d77..c7a81ace35d0 100644 --- a/Documentation/networking/ip-sysctl.txt +++ b/Documentation/networking/ip-sysctl.txt | |||
@@ -769,8 +769,21 @@ icmp_ratelimit - INTEGER | |||
769 | icmp_ratemask (see below) to specific targets. | 769 | icmp_ratemask (see below) to specific targets. |
770 | 0 to disable any limiting, | 770 | 0 to disable any limiting, |
771 | otherwise the minimal space between responses in milliseconds. | 771 | otherwise the minimal space between responses in milliseconds. |
772 | Note that another sysctl, icmp_msgs_per_sec limits the number | ||
773 | of ICMP packets sent on all targets. | ||
772 | Default: 1000 | 774 | Default: 1000 |
773 | 775 | ||
776 | icmp_msgs_per_sec - INTEGER | ||
777 | Limit maximal number of ICMP packets sent per second from this host. | ||
778 | Only messages whose type matches icmp_ratemask (see below) are | ||
779 | controlled by this limit. | ||
780 | Default: 1000 | ||
781 | |||
782 | icmp_msgs_burst - INTEGER | ||
783 | icmp_msgs_per_sec controls number of ICMP packets sent per second, | ||
784 | while icmp_msgs_burst controls the burst size of these packets. | ||
785 | Default: 50 | ||
786 | |||
774 | icmp_ratemask - INTEGER | 787 | icmp_ratemask - INTEGER |
775 | Mask made of ICMP types for which rates are being limited. | 788 | Mask made of ICMP types for which rates are being limited. |
776 | Significant bits: IHGFEDCBA9876543210 | 789 | Significant bits: IHGFEDCBA9876543210 |