Documentation confusion on ICMP Rate Mask/Rate Limiting

Daryll Swer daryllswer15 at gmail.com
Sun Jan 9 04:10:19 EST 2022 

> In the above-mentioned section there is a list with all types of ICMP
messages. The construction of a mask is also explained with a very
comprehensible example.

The order of the bits/spacing between the bits are not continuous and hence
the confusion. I did provide the suspected correct mask in binary form,
which seems to have been missed:
"My best guess is that is is the answer to question *2*:
*1111111100100111001"*

> Look at the ./ipv6 directory and then under ./icmp.
The value is here doesn't correlate with the man page.
root at host:/proc/sys/net/ipv6/icmp# cat ratemask
0-1,3-127

*--*
Best Regards
Daryll Swer
Website: daryllswer.com
<https://mailtrack.io/trace/link/7a507c081daea9db4f442e8fdb6fdd1f8f72aee6?url=https%3A%2F%2Fwww.daryllswer.com&userId=2153471&signature=7f328f9caeb95b4c>


On Sun, 9 Jan 2022 at 14:28, FMDF <fmdefrancesco at gmail.com> wrote:

> On Fri, 31 Dec 2021, 20:55 Daryll Swer, <daryllswer15 at gmail.com> wrote:
>
>> Hi Folks
>>
>> So I will get straight to the point, I am trying to figure out some
>> answers on *icmp_ratelimit* and *icmp_ratemask* based on the man page
>> <https://man7.org/linux/man-pages/man7/icmp.7.html>.
>>
>> The questions are:
>>
>>    1. How can we determine the Packet per second rate on any given
>>    rate-limit value (say 10)?
>>
>> The values of icmp_ratelimit are expressed in milliseconds. The default
> is 1000 milliseconds.
>
> Therefore, as in your questions, a limit of 10 milliseconds means that the
> rate limit is 1 message per 10 millisecond, that is 100 messages per second.
>
> Where is the problem?
>
> Please don't ask people here to do the trivial homework for you. :(
>
> Maybe that this the reason why nobody has yet answered your 10 days old
> questions...
>
>
>>    1. Without of course going the hard way of benchmarking it by ICMP
>>    flooding.
>>
>> This is not needed and, honestly, I cannot understand why you need to
> test it...
>
> Please read the manual and my words one more time.
>
>>
>>    1. Just what exactly is the *correct mask* in *Binary form* to *include
>>    all* known ICMP types instead of just the default mask? Been having a
>>    hard time with this one.
>>
>> It's simple to build it. Read again the section about icmp_ratemask.
>
> In the above-mentioned section there is a list with all types of ICMP
> messages. The construction of a mask is also explained with a very
> comprehensible example.
>
>>
>>    1. Do we have something of this nature for *IPv6 *in the Kernel? I
>>    don't see it in most Linux based NetworkOSes as a documented feature.
>>
>> Check it by yourself. Do you have a /proc/sys/net/ipv4 directory? Well,
> you should also have a /proc/sys/net/ipv6 unless you've disabled IPv6.
>
> Look at the ./ipv6 directory and then under ./icmp.
>
> Regards,
>
> Fabio M. De Francesco
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20220109/cc4de614/attachment.html>

More information about the Kernelnewbies mailing list