早期速率限制的遗漏... 早期速率限制的遗漏...
你能阻止或忽略ICMP数据包吗?
ICMP发送速率限制/忽略 (Jukka Santala)
Oops, what a mistake. I missed the fact that icmp_send()
isn't actually used for replying to ICMP_ECHO_REQUEST's etc.
so no matter how you change the table in question, none
of the replies are going to be limited... so what you need
to do is add a call to the check in question to icmp_reply()
as well, which is something that can already be called real
kernel hacking. Here's how I'm doing it; however...
1) I haven't yet rebooted with this code... wish me luck ;)
2) Am I missing something? ping -f and ping -l get mostly ignored
Here's the bit of code, in icmp_reply() right at the beginning (after local varable definitions) :
#ifndef CONFIG_NO_ICMP_LIMIT
if(!xrlim_allow(icmp_param->icmph.type, skb->nh.iph->saddr))
return;
#endif
I'll let you know how my tests with the thing proceed ;)
(Sorry for bad formatting, I managed to break my PPP thingy playing around with filedescriptors, it seems, and this remote lynx doesn't quite handle text-fields properly, it seems... :P)
|
补丁生效... 作者 Jukka Santala