upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

icmp6: rate limit our echo replies

Browse source 
The generation of ICMP6_ECHO_REPLY bypasses icmp6_error(), thus rate
limit was not applied.

Reviewed by:		tuexen, zlei
Differential Revision:	https://reviews.freebsd.org/D44480

(cherry picked from commit 32aeee8ce7e72738fff236ccd5629d55035458f8)
This commit is contained in:
Gleb Smirnoff 2024-03-24 09:13:23 -07:00 committed by Zhenlei Huang
parent 9e09b33e8e
commit f6561ff8ee
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sys/netinet6/icmp6.c
View file

@ -548,6 +548,8 @@ icmp6_input(struct mbuf **mp, int *offp, int proto)
icmp6_ifstat_inc(ifp, ifs6_in_echo);
if (code != 0)
goto badcode;
if (icmp6_ratelimit(&ip6->ip6_src, ICMP6_ECHO_REPLY, 0))
break;
if ((n = m_copym(m, 0, M_COPYALL, M_NOWAIT)) == NULL) {
/* Give up remote */
break;