Documentation confusion on ICMP Rate Mask/Rate Limiting

FMDF fmdefrancesco at gmail.com
Sun Jan 9 03:58:34 EST 2022 

On Fri, 31 Dec 2021, 20:55 Daryll Swer, <daryllswer15 at gmail.com> wrote:

> Hi Folks
>
> So I will get straight to the point, I am trying to figure out some
> answers on *icmp_ratelimit* and *icmp_ratemask* based on the man page
> <https://mailtrack.io/trace/link/1ab83c495d25602c6b2de3095e1a1fa4b795d988?url=https%3A%2F%2Fman7.org%2Flinux%2Fman-pages%2Fman7%2Ficmp.7.html&userId=2153471&signature=34cf95fe977ddeef>
> .
>
> The questions are:
>
>    1. How can we determine the Packet per second rate on any given
>    rate-limit value (say 10)?
>
> The values of icmp_ratelimit are expressed in milliseconds. The default is
1000 milliseconds.

Therefore, as in your questions, a limit of 10 milliseconds means that the
rate limit is 1 message per 10 millisecond, that is 100 messages per second.

Where is the problem?

Please don't ask people here to do the trivial homework for you. :(

Maybe that this the reason why nobody has yet answered your 10 days old
questions...


>    1. Without of course going the hard way of benchmarking it by ICMP
>    flooding.
>
> This is not needed and, honestly, I cannot understand why you need to test
it...

Please read the manual and my words one more time.

>
>    1. Just what exactly is the *correct mask* in *Binary form* to *include
>    all* known ICMP types instead of just the default mask? Been having a
>    hard time with this one.
>
> It's simple to build it. Read again the section about icmp_ratemask.

In the above-mentioned section there is a list with all types of ICMP
messages. The construction of a mask is also explained with a very
comprehensible example.

>
>    1. Do we have something of this nature for *IPv6 *in the Kernel? I
>    don't see it in most Linux based NetworkOSes as a documented feature.
>
> Check it by yourself. Do you have a /proc/sys/net/ipv4 directory? Well,
you should also have a /proc/sys/net/ipv6 unless you've disabled IPv6.

Look at the ./ipv6 directory and then under ./icmp.

Regards,

Fabio M. De Francesco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20220109/7b4b454a/attachment-0001.html>

More information about the Kernelnewbies mailing list