From d2b8fd0da152f29ce718e142337655230ee5f2cb Mon Sep 17 00:00:00 2001
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Wed, 4 Mar 2020 16:20:59 +0000
Subject: [PATCH] Add new ICMPv6 counters for Anti-DoS limits.

Add four new counters for ND6 related Anti-DoS measures.
We split these out into a separate upfront commit so that we only
change the struct size one time.  Implementations using them will
follow.

PR:		157410
Reviewed by:	melifaro
MFC after:	2 weeks
X-MFC:		cannot really MFC this without breaking netstat
Sponsored by:	Netflix (initially)
Differential Revision:	https://reviews.freebsd.org/D22711
---
 sys/netinet/icmp6.h     | 4 ++++
 usr.bin/netstat/inet6.c | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/sys/netinet/icmp6.h b/sys/netinet/icmp6.h
index 00fa21ec684..abd1f18bbd3 100644
--- a/sys/netinet/icmp6.h
+++ b/sys/netinet/icmp6.h
@@ -635,6 +635,10 @@ struct icmp6stat {
 	uint64_t icp6s_badrs;		/* bad router solicitation */
 	uint64_t icp6s_badra;		/* bad router advertisement */
 	uint64_t icp6s_badredirect;	/* bad redirect message */
+	uint64_t icp6s_overflowdefrtr;	/* Too many default routers. */
+	uint64_t icp6s_overflowprfx;	/* Too many prefixes. */
+	uint64_t icp6s_overflownndp;	/* Too many neighbour entries. */
+	uint64_t icp6s_overflowredirect;/* Too many redirects. */
 };
 
 #ifdef _KERNEL
diff --git a/usr.bin/netstat/inet6.c b/usr.bin/netstat/inet6.c
index 80e26fb95aa..5ddd7dae79c 100644
--- a/usr.bin/netstat/inet6.c
+++ b/usr.bin/netstat/inet6.c
@@ -1055,6 +1055,14 @@ icmp6_stats(u_long off, const char *name, int af1 __unused, int proto __unused)
 	    "{N:/bad router advertisement message%s}\n");
 	p(icp6s_badredirect, "\t{:bad-redirect/%ju} "
 	    "{N:/bad redirect message%s}\n");
+	p(icp6s_overflowdefrtr, "\t{:default-routers-overflows/%ju} "
+	    "{N:/default routers overflow%s}\n");
+	p(icp6s_overflowprfx, "\t{:prefixes-overflows/%ju} "
+	    "{N:/prefix overflow%s}\n");
+	p(icp6s_overflownndp, "\t{:neighbour-entries-overflows/%ju} "
+	    "{N:/neighbour entries overflow%s}\n");
+	p(icp6s_overflowredirect, "\t{:redirect-overflows/%ju} "
+	    "{N:/redirect overflow%s}\n");
 	xo_close_container("errors");
 	p(icp6s_pmtuchg, "\t{:path-mtu-changes/%ju} {N:/path MTU change%s}\n");
 #undef p