Bug 23240

The current icmp/rst rate limiting code works well to slow the rate of outgoing RST and icmp unreachables, but has two flaws:

1.  The messages generated during rate limiting are inexact and confusing to many.

2.  ICMP echo and tstamp requests are not rate limited.

Fixing these two flaws will allow those under attack to be more informed, and ensure that pingfloods will be less of a problem.

Fix: 

A patch is available at http://www.silby.com/patches/ratelimit-enhancement-2.patch

This patch enhances the rate limiting to include echo and tstamp requests as well as provide a more verbose report of what's happening, as follows:


       Suppressing udp flood/scan: 212/200 pps
       Suppressing outgoing RST due to port scan: 202/200 pps
       Suppressing outgoing RST due to ACK flood: 19725/200 pps
       Suppressing ping flood: 230/200 pps
       Suppressing icmp tstamp flood: 210/200 pps

Note that "port scan" and "ACK flood" are great oversimplifications.  However, they are useful simplifications in that they give a good, simple explanation to what's happening for junior sysadmins.  People doing investigation of a heavy DoS will have to use packet sniffers to get exact information, as before.

A previous version of this patch passed a quick review by green and bosko, the only changes made were cosmetic.