Documentation confusion on ICMP Rate Mask/Rate Limiting
fmdefrancesco at gmail.com
Sun Jan 9 03:58:34 EST 2022
On Fri, 31 Dec 2021, 20:55 Daryll Swer, <daryllswer15 at gmail.com> wrote:
> Hi Folks
> So I will get straight to the point, I am trying to figure out some
> answers on *icmp_ratelimit* and *icmp_ratemask* based on the man page
> The questions are:
> 1. How can we determine the Packet per second rate on any given
> rate-limit value (say 10)?
> The values of icmp_ratelimit are expressed in milliseconds. The default is
Therefore, as in your questions, a limit of 10 milliseconds means that the
rate limit is 1 message per 10 millisecond, that is 100 messages per second.
Where is the problem?
Please don't ask people here to do the trivial homework for you. :(
Maybe that this the reason why nobody has yet answered your 10 days old
> 1. Without of course going the hard way of benchmarking it by ICMP
> This is not needed and, honestly, I cannot understand why you need to test
Please read the manual and my words one more time.
> 1. Just what exactly is the *correct mask* in *Binary form* to *include
> all* known ICMP types instead of just the default mask? Been having a
> hard time with this one.
> It's simple to build it. Read again the section about icmp_ratemask.
In the above-mentioned section there is a list with all types of ICMP
messages. The construction of a mask is also explained with a very
> 1. Do we have something of this nature for *IPv6 *in the Kernel? I
> don't see it in most Linux based NetworkOSes as a documented feature.
> Check it by yourself. Do you have a /proc/sys/net/ipv4 directory? Well,
you should also have a /proc/sys/net/ipv6 unless you've disabled IPv6.
Look at the ./ipv6 directory and then under ./icmp.
Fabio M. De Francesco
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Kernelnewbies