linux/Documentation
Eric Dumazet 4cdf507d54 icmp: add a global rate limitation
Current ICMP rate limiting uses inetpeer cache, which is an RBL tree
protected by a lock, meaning that hosts can be stuck hard if all cpus
want to check ICMP limits.

When say a DNS or NTP server process is restarted, inetpeer tree grows
quick and machine comes to its knees.

iptables can not help because the bottleneck happens before ICMP
messages are even cooked and sent.

This patch adds a new global limitation, using a token bucket filter,
controlled by two new sysctl :

icmp_msgs_per_sec - INTEGER
    Limit maximal number of ICMP packets sent per second from this host.
    Only messages whose type matches icmp_ratemask are
    controlled by this limit.
    Default: 1000

icmp_msgs_burst - INTEGER
    icmp_msgs_per_sec controls number of ICMP packets sent per second,
    while icmp_msgs_burst controls the burst size of these packets.
    Default: 50

Note that if we really want to send millions of ICMP messages per
second, we might extend idea and infra added in commit 04ca6973f7
("ip: make IP identifiers less predictable") :
add a token bucket in the ip_idents hash and no longer rely on inetpeer.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-09-23 12:47:38 -04:00
..
ABI xfs: update for 3.17-rc1 2014-08-13 17:49:53 -06:00
accounting Documentation/accounting/getdelays.c: add missing null-terminate after strncpy call 2014-06-23 16:47:44 -07:00
acpi ACPI / documentation: Remove reference to acpi_platform_device_ids from enumeration.txt 2014-07-12 00:07:05 +02:00
aoe
arm ARM: SoC driver changes for 3.17 2014-08-08 11:34:32 -07:00
arm64 KVM/ARM New features for 3.17 include: 2014-08-05 09:47:45 +02:00
auxdisplay
backlight
blackfin Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
block Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
blockdev zram: propagate error to user 2014-04-07 16:36:02 -07:00
bus-devices
cdrom
cgroups mm: memcontrol: rewrite uncharge API 2014-08-08 15:57:17 -07:00
connector w1: optional bundling of netlink kernel replies 2014-05-27 13:56:21 -07:00
console
cpu-freq intel_pstate: Update documentation of {max,min}_perf_pct sysfs files 2014-07-07 01:22:19 +02:00
cpuidle
cris
crypto
development-process
device-mapper dm switch: efficiently support repetitive patterns 2014-08-01 12:30:37 -04:00
devicetree Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-09-23 12:09:27 -04:00
DocBook drm/doc: Refer to proper source file 2014-08-15 09:50:41 +10:00
driver-model Documentation: devres: Sort managed interfaces 2014-07-11 17:56:55 -07:00
dvb [media] get_dvb_firmware: Add firmware extractor for si2165 2014-07-27 17:01:12 -03:00
early-userspace
EDID drm: Add 800x600 (SVGA) screen resolution to the built-in EDIDs 2014-05-26 12:53:40 +10:00
extcon extcon: fix switch class porting guide (Documentation) 2014-01-07 11:54:28 +09:00
fault-injection
fb doc: spelling error changes 2014-05-05 15:32:05 +02:00
filesystems Documentation: NFS/RDMA: Document separate Kconfig symbols 2014-09-07 15:21:13 -07:00
firmware_class doc: fix minor typos in firmware_class README 2014-07-17 18:43:40 -07:00
fmc FMC: make eeprom attribute writable 2014-02-28 15:12:08 -08:00
frv
gpio Documentation: gpio: documentation for optional getters functions 2014-08-29 08:53:53 +02:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
hwmon hwmon: Add pwm-fan driver 2014-08-04 07:01:38 -07:00
i2c Documentation: i2c: rename variable "register" to "reg" 2014-09-07 15:21:13 -07:00
i2o
ia64
ide Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
infiniband IB/mad: add new ioctl to ABI to support new registration options 2014-08-10 20:36:00 -07:00
input Merge branch 'next' into for-linus 2014-08-06 23:36:12 -07:00
ioctl Documentation: add How to avoid botching up ioctls 2014-08-09 09:13:40 -07:00
isdn
ja_JP Documentation: Update stable address in Chinese and Japanese translations 2014-04-16 14:13:27 -07:00
kbuild Merge branch 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2014-08-14 11:14:29 -06:00
kdump Documentation/kdump/kdump.txt: add ARM description 2014-08-29 16:28:17 -07:00
ko_KR Documentation: HOWTO: Updates on subsystem trees, patchwork, -next (vs. -mm) in ko_KR 2014-01-08 15:32:51 -08:00
laptops Documentation: Add file about toshiba_haps module 2014-08-16 01:23:56 -07:00
leds Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
m68k Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
memory-devices
metag
mic misc: mic: add support for loading/unloading dma driver 2014-07-11 18:31:12 -07:00
mips
misc-devices Documentation: misc-devices: Rename freefall.c from hpfall.c in lis2lv02d 2014-09-07 15:21:13 -07:00
mmc
mn10300
mtd MTD updates for 3.16: 2014-06-11 08:35:34 -07:00
namespaces
netlabel
networking icmp: add a global rate limitation 2014-09-23 12:47:38 -04:00
nfc
parisc
PCI doc: replace "practise" with "practice" in Documentation 2014-06-19 15:28:56 +02:00
pcmcia
phy phy: Add new Exynos USB 2.0 PHY driver 2014-03-08 12:39:44 +05:30
platform Documentation: Add list of laptop models supported by the Compal driver 2014-06-10 19:11:06 -04:00
power regulator: Proofread documentation 2014-08-27 22:04:36 +01:00
powerpc KVM: PPC: Remove 440 support 2014-07-28 15:23:15 +02:00
pps
prctl
pti
ptp ptp: In the testptp utility, use clock_adjtime from glibc when available 2014-06-16 21:32:31 -07:00
rapidio rapidio/tsi721_dma: rework scatter-gather list handling 2014-08-08 15:57:24 -07:00
RCU list: fix order of arguments for hlist_add_after(_rcu) 2014-08-06 18:01:24 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
scheduler asm/system.h: clean asm/system.h from docs 2014-04-07 16:36:11 -07:00
scsi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-08-06 21:03:53 -07:00
security Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-08-06 21:03:53 -07:00
serial tty/serial: Add GPIOLIB helpers for controlling modem lines 2014-05-28 12:49:14 -07:00
sh
sound ALSA: virtuoso: add Xonar Essence STX II support 2014-08-04 15:20:48 +02:00
spi Merge remote-tracking branches 'spi/topic/s3c64xx', 'spi/topic/sc18is602', 'spi/topic/sh-hspi', 'spi/topic/sh-msiof', 'spi/topic/sh-sci', 'spi/topic/sirf' and 'spi/topic/spidev' into spi-next 2014-03-30 00:51:34 +00:00
sysctl tipc: add name distributor resiliency queue 2014-09-01 17:51:48 -07:00
target
thermal drm/nouveau/doc: update the thermal documentation 2014-06-17 14:50:17 +10:00
timers clocksource: document some basic timekeeping concepts 2014-07-23 15:07:13 -07:00
tpm
trace mm: trace-vmscan-postprocess.pl: report the number of file/anon pages respectively 2014-08-06 18:01:20 -07:00
usb usb: doc: hotplug.txt code typos 2014-07-09 16:05:42 -07:00
vDSO x86/vdso/doc: Make vDSO examples more portable 2014-06-12 19:01:24 -07:00
video4linux [media] update cx23885 and em28xx cardlists 2014-07-26 11:55:10 -03:00
virtual Patch queue for ppc - 2014-08-01 2014-08-05 09:58:11 +02:00
vm mm: mark remap_file_pages() syscall as deprecated 2014-06-06 16:08:17 -07:00
w1 w1: new w1_ds2406 driver 2014-06-19 17:45:14 -07:00
watchdog Documentation: fix two typos in watchdog-api.txt 2014-08-05 22:43:21 +02:00
wimax
x86 x86/doc: Fix the 'tlb_single_page_flush_ceiling' sysconfig path 2014-08-10 09:09:26 +02:00
xtensa xtensa: remap io area defined in device tree 2014-01-15 00:25:14 +04:00
zh_CN Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-08-06 21:03:53 -07:00
.gitignore
00-INDEX Merge branch 'x86-nuke-platforms-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-04-02 13:15:58 -07:00
applying-patches.txt
assoc_array.txt
atomic_ops.txt arch,doc: Convert smp_mb__*() 2014-04-18 14:20:48 +02:00
bad_memory.txt
basic_profiling.txt
bcache.txt
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt
cachetlb.txt
Changes Documentation/Changes: clean up mcelog paragraph 2014-07-12 11:30:36 -07:00
circular-buffers.txt
clk.txt clk: Improve clk_ops documentation 2014-05-12 17:08:33 -07:00
coccinelle.txt
CodingStyle Documentation: expand/clarify debug documentation 2014-06-04 16:54:17 -07:00
cpu-hotplug.txt Doc/cpu-hotplug: Specify race-free way to register CPU hotplug callbacks 2014-03-20 13:43:40 +01:00
cpu-load.txt
cputopology.txt
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt firewire: revert to 4 GB RDMA, fix protocols using Memory Space 2014-05-29 15:50:30 +02:00
dell_rbu.txt
devices.txt Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-04-04 09:50:07 -07:00
digsig.txt
DMA-API-HOWTO.txt DMA-API: Update dma_pool_create ()and dma_pool_alloc() descriptions 2014-05-26 17:28:28 -06:00
DMA-API.txt DMA-API: Capitalize "CPU" consistently 2014-05-26 17:28:27 -06:00
DMA-attributes.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
dma-buf-sharing.txt Documentation/dma-buf-sharing.txt: update API descriptions 2014-08-28 11:57:24 +05:30
DMA-ISA-LPC.txt DMA-API: Clarify physical/bus address distinction 2014-05-20 16:54:21 -06:00
dmaengine.txt dmaengine: Clarify device parameter for dma_sync_*_for_*() 2014-07-25 14:21:23 +05:30
dmatest.txt
dontdiff Documentation: LLVMLinux: Update Documentation/dontdiff 2014-04-09 13:44:34 -07:00
dynamic-debug-howto.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
edac.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial into next 2014-06-04 08:50:34 -07:00
efi-stub.txt doc: arm64: add description of EFI stub support 2014-04-30 19:57:05 +01:00
eisa.txt
email-clients.txt Documentation: add section about git to email-clients.txt 2014-06-29 13:38:33 -07:00
flexible-arrays.txt
futex-requeue-pi.txt doc: fix double words 2014-03-21 13:16:58 +01:00
gcov.txt
highuid.txt
HOWTO
hsi.txt Documentation: HSI: Add some general description for the HSI subsystem 2014-05-04 09:49:46 +02:00
hw_random.txt
hwspinlock.txt
init.txt
initrd.txt
intel_txt.txt
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt
iostats.txt
IPMI.txt
IRQ-affinity.txt
IRQ-domain.txt genirq: Improve documentation to match current implementation 2014-05-27 10:16:44 +02:00
IRQ.txt
irqflags-tracing.txt asm/system.h: clean asm/system.h from docs 2014-04-07 16:36:11 -07:00
isapnp.txt
java.txt Documentation: update java sample wrapper for java 7 2014-05-25 12:39:00 -07:00
kernel-doc-nano-HOWTO.txt
kernel-docs.txt
kernel-parameters.txt USB: document the 'u' flag for usb-storage quirks parameter 2014-09-08 14:33:09 -07:00
kernel-per-CPU-kthreads.txt Documentation/kernel-per-CPU-kthreads.txt: Workqueue affinity 2014-02-17 14:56:08 -08:00
kmemcheck.txt doc: fix double words 2014-03-21 13:16:58 +01:00
kmemleak.txt mm: introduce kmemleak_update_trace() 2014-06-06 16:08:17 -07:00
kobject.txt
kprobes.txt kprobes: Introduce NOKPROBE_SYMBOL() macro to maintain kprobes blacklist 2014-04-24 10:02:56 +02:00
kref.txt
ldm.txt
local_ops.txt
lockdep-design.txt
lockstat.txt
lockup-watchdogs.txt
logo.gif
logo.txt
magic-number.txt Documentation/serial: Delete obsolete driver documentation 2014-04-16 14:20:34 -07:00
Makefile
ManagementStyle
md.txt
media-framework.txt
memory-barriers.txt documentation: Add acquire/release barriers to pairing rules 2014-07-08 08:32:51 -07:00
memory-hotplug.txt mm, hotplug: probe interface is available on several platforms 2014-06-23 16:47:43 -07:00
module-signing.txt Nothing major: the stricter permissions checking for sysfs broke 2014-04-06 09:38:07 -07:00
mono.txt
mutex-design.txt locking/mutexes: Documentation update/rewrite 2014-06-05 13:29:37 +02:00
nommu-mmap.txt
numastat.txt
oops-tracing.txt panic: add TAINT_SOFTLOCKUP 2014-08-08 15:57:24 -07:00
padata.txt
parport-lowlevel.txt
parport.txt
percpu-rw-semaphore.txt
phy.txt phy: core: Let node ptr of PHY point to PHY and not of PHY provider 2014-07-22 12:46:11 +05:30
pi-futex.txt
pinctrl.txt pinctrl: Fix some typos and grammar issues in the documentation 2014-01-15 13:59:50 +01:00
pnp.txt
preempt-locking.txt
printk-formats.txt doc: printk-formats: do not mention casts for u64/s64 2014-05-05 15:32:42 +02:00
pwm.txt pwm: modify PWM_LOOKUP to initialize all struct pwm_lookup members 2014-05-21 11:19:36 +02:00
ramoops.txt
rbtree.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
remoteproc.txt
rfkill.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
robust-futex-ABI.txt
robust-futexes.txt doc: spelling error changes 2014-05-05 15:32:05 +02:00
rpmsg.txt
rt-mutex-design.txt
rt-mutex.txt
rtc.txt
SAK.txt
SecurityBugs
serial-console.txt
sgi-ioc4.txt
SM501.txt
smsc_ece1099.txt
sparse.txt
spinlocks.txt
stable_api_nonsense.txt
stable_kernel_rules.txt stable_kernel_rules: Add pointer to netdev-FAQ for network patches 2014-07-09 15:54:27 -07:00
static-keys.txt
SubmitChecklist
SubmittingDrivers doc: SubmittingPatches: remove dead link, kerneltrap.org no longer works 2014-06-19 15:15:27 +02:00
SubmittingPatches Documentation: new page link in SubmittingPatches 2014-09-07 15:21:13 -07:00
svga.txt
sysfs-rules.txt
sysrq.txt
this_cpu_ops.txt Documentation: this_cpu_ops.txt: Update description of this_cpu_ops 2014-08-26 13:49:57 -07:00
unaligned-memory-access.txt
unicode.txt
unshare.txt
vfio.txt drivers/vfio: EEH support for VFIO PCI device 2014-08-05 15:28:48 +10:00
VGA-softcursor.txt
vgaarbiter.txt
video-output.txt
vme_api.txt
volatile-considered-harmful.txt
workqueue.txt
ww-mutex-design.txt
xz.txt
zorro.txt