<div dir="ltr"><div dir="ltr"><div>> In the above-mentioned section there is a list with all types of ICMP messages. The construction of a mask is also explained with a very comprehensible example.<br></div><div><br></div><div>The order of the bits/spacing between the bits are not continuous and hence the confusion. I did provide the suspected correct mask in binary form, which seems to have been missed:</div><div>"My best guess is that is is the answer to question <b>2</b>: <b>1111111100100111001"</b></div><div><br></div><div>> Look at the ./ipv6 directory and then under ./icmp.</div><div>The value is here doesn't correlate with the man page.</div><div><font face="monospace">root@host:/proc/sys/net/ipv6/icmp# cat ratemask<br>0-1,3-127</font></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><font color="#000000" face="arial, sans-serif"><br><b>--</b><br></font><div><font color="#000000" face="arial, sans-serif">Best Regards</font></div><div><font color="#000000" face="arial, sans-serif">Daryll Swer</font></div><div><font color="#000000" face="arial, sans-serif">Website: <a href="https://mailtrack.io/trace/link/7a507c081daea9db4f442e8fdb6fdd1f8f72aee6?url=https%3A%2F%2Fwww.daryllswer.com&userId=2153471&signature=7f328f9caeb95b4c" target="_blank">daryllswer.com</a></font></div></div></div></div><br></div><br><img width="0" height="0" class="mailtrack-img" alt="" style="display:flex" src="https://mailtrack.io/trace/mail/8b82d4d4926242275abd2ee247a6372b7f498a24.png?u=2153471"><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, 9 Jan 2022 at 14:28, FMDF <<a href="mailto:fmdefrancesco@gmail.com">fmdefrancesco@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 31 Dec 2021, 20:55 Daryll Swer, <<a href="mailto:daryllswer15@gmail.com" rel="noreferrer" target="_blank">daryllswer15@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Folks<div><br></div><div>So I will get straight to the point, I am trying to figure out some answers on <b>icmp_ratelimit</b> and <b>icmp_ratemask</b> based on the <a href="https://man7.org/linux/man-pages/man7/icmp.7.html" rel="noreferrer noreferrer" target="_blank">man page</a>.</div><div><br></div><div><div>The questions are:</div><div><ol><li style="margin-left:15px">How can we determine the Packet per second rate on any given rate-limit value (say 10)?</li></ol></div></div></div></blockquote></div></div><div dir="auto">The values of icmp_ratelimit are expressed in milliseconds. The default is 1000 milliseconds.</div><div dir="auto"><br></div><div dir="auto">Therefore, as in your questions, a limit of 10 milliseconds means that the rate limit is 1 message per 10 millisecond, that is 100 messages per second.</div><div dir="auto"><br></div><div dir="auto">Where is the problem? </div><div dir="auto"><br></div><div dir="auto">Please don't ask people here to do the trivial homework for you. :(</div><div dir="auto"><br></div><div dir="auto">Maybe that this the reason why nobody has yet answered your 10 days old questions...<br></div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><ol><li style="margin-left:15px"> Without of course going the hard way of benchmarking it by ICMP flooding.</li></ol></div></div></div></blockquote></div></div><div dir="auto">This is not needed and, honestly, I cannot understand why you need to test it... </div><div dir="auto"><br></div><div dir="auto">Please read the manual and my words one more time.</div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><ol><li style="margin-left:15px">Just what exactly is the <b>correct mask</b> in <b>Binary form</b> to <b>include all</b> known ICMP types instead of just the default mask? Been having a hard time with this one.</li></ol></div></div></div></blockquote></div></div><div dir="auto">It's simple to build it. Read again the section about icmp_ratemask.</div><div dir="auto"><br></div><div dir="auto">In the above-mentioned section there is a list with all types of ICMP messages. The construction of a mask is also explained with a very comprehensible example.<br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><ol><li style="margin-left:15px">Do we have something of this nature for <b>IPv6 </b>in the Kernel? I don't see it in most Linux based NetworkOSes as a documented feature.</li></ol></div></div></div></blockquote></div></div><div dir="auto">Check it by yourself. Do you have a /proc/sys/net/ipv4 directory? Well, you should also have a /proc/sys/net/ipv6 unless you've disabled IPv6.</div><div dir="auto"><br></div><div dir="auto">Look at the ./ipv6 directory and then under ./icmp.</div><div dir="auto"><br></div><div dir="auto">Regards,</div><div dir="auto"><br></div><div dir="auto">Fabio M. De Francesco</div></div>
</blockquote></div></div>