Documentation confusion on ICMP Rate Mask/Rate Limiting

FMDF fmdefrancesco at
Sun Jan 9 03:58:34 EST 2022

On Fri, 31 Dec 2021, 20:55 Daryll Swer, <daryllswer15 at> wrote:

> Hi Folks
> So I will get straight to the point, I am trying to figure out some
> answers on *icmp_ratelimit* and *icmp_ratemask* based on the man page
> <>
> .
> The questions are:
>    1. How can we determine the Packet per second rate on any given
>    rate-limit value (say 10)?
> The values of icmp_ratelimit are expressed in milliseconds. The default is
1000 milliseconds.

Therefore, as in your questions, a limit of 10 milliseconds means that the
rate limit is 1 message per 10 millisecond, that is 100 messages per second.

Where is the problem?

Please don't ask people here to do the trivial homework for you. :(

Maybe that this the reason why nobody has yet answered your 10 days old

>    1. Without of course going the hard way of benchmarking it by ICMP
>    flooding.
> This is not needed and, honestly, I cannot understand why you need to test

Please read the manual and my words one more time.

>    1. Just what exactly is the *correct mask* in *Binary form* to *include
>    all* known ICMP types instead of just the default mask? Been having a
>    hard time with this one.
> It's simple to build it. Read again the section about icmp_ratemask.

In the above-mentioned section there is a list with all types of ICMP
messages. The construction of a mask is also explained with a very
comprehensible example.

>    1. Do we have something of this nature for *IPv6 *in the Kernel? I
>    don't see it in most Linux based NetworkOSes as a documented feature.
> Check it by yourself. Do you have a /proc/sys/net/ipv4 directory? Well,
you should also have a /proc/sys/net/ipv6 unless you've disabled IPv6.

Look at the ./ipv6 directory and then under ./icmp.


Fabio M. De Francesco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Kernelnewbies mailing list