diff options
author | Bruno Dal Bo <brunodalbo@google.com> | 2021-09-22 15:01:15 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-09-22 15:07:05 -0700 |
commit | 586f147cd6f0324328a318324049b2b54e3e7bcd (patch) | |
tree | 7c4775e1ed3a46c7084ad9011914331cbb8885a9 /pkg/sentry/state | |
parent | 4f67756752002dc72bb64cdecd1fa17746f8217f (diff) |
Do not rate limit ICMP Echos by default
As per https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
linux does not limit ICMP Echos by default.
icmp_ratemask - INTEGER
Mask made of ICMP types for which rates are being limited.
Significant bits: IHGFEDCBA9876543210
Default mask: 0000001100000011000 (6168)
Bit definitions (see include/linux/icmp.h):
0 Echo Reply
3 Destination Unreachable *
4 Source Quench *
5 Redirect
8 Echo Request
B Time Exceeded *
C Parameter Problem *
D Timestamp Request
E Timestamp Reply
F Info Request
G Info Reply
H Address Mask Request
I Address Mask Reply
* These are rate limited by default (see default mask above)
Equivalently for ICMPv6.
Lay out foundation for ICMP rate masks, exposing that configuration will be
addressed later when the need arises (#6521).
Fixes #6519
PiperOrigin-RevId: 398337963
Diffstat (limited to 'pkg/sentry/state')
0 files changed, 0 insertions, 0 deletions