From: Yu Watanabe Date: Fri, 12 Jan 2024 01:00:31 +0000 (+0900) Subject: network/ndisc: do not try to set too large value for ICMP ratelimting X-Git-Tag: v256-rc1~1176 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=be89a76a4613e6fdfbd027d735dc7c4d4e5f495a;p=thirdparty%2Fsystemd.git network/ndisc: do not try to set too large value for ICMP ratelimting Follow-up for 6197db53ba3c61de2268eb723a7a9cd4b3f5f87c. When we set too large value, the kernel just refuse it. So, this does not change the net behavior. Prompted by https://github.com/systemd/systemd/pull/30490#discussion_r1449477125. --- diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c index 61dc7acb83f..7bb2825b3c2 100644 --- a/src/network/networkd-ndisc.c +++ b/src/network/networkd-ndisc.c @@ -358,8 +358,7 @@ static int ndisc_router_process_default(Link *link, sd_ndisc_router *rt) { } static int ndisc_router_process_icmp6_ratelimit(Link *link, sd_ndisc_router *rt) { - char buf[DECIMAL_STR_MAX(usec_t)]; - usec_t icmp6_ratelimit; + usec_t icmp6_ratelimit, msec; int r; assert(link); @@ -375,14 +374,17 @@ static int ndisc_router_process_icmp6_ratelimit(Link *link, sd_ndisc_router *rt) return 0; } + /* We do not allow 0 here. */ if (!timestamp_is_set(icmp6_ratelimit)) return 0; + msec = DIV_ROUND_UP(icmp6_ratelimit, USEC_PER_MSEC); + if (msec <= 0 || msec > INT_MAX) + return 0; + /* Limit the maximal rates for sending ICMPv6 packets. 0 to disable any limiting, otherwise the * minimal space between responses in milliseconds. Default: 1000. */ - xsprintf(buf, USEC_FMT, DIV_ROUND_UP(icmp6_ratelimit, USEC_PER_MSEC)); - - r = sysctl_write_ip_property(AF_INET6, NULL, "icmp/ratelimit", buf); + r = sysctl_write_ip_property_int(AF_INET6, NULL, "icmp/ratelimit", (int) msec); if (r < 0) log_link_warning_errno(link, r, "Failed to apply ICMP6 ratelimit, ignoring: %m");