Start counting droped icmp errors because the rate limit is exceeded.

OK benno@ deraadt@

2 files changed, 7 insertions, 4 deletions

diff --git a/sys/netinet/icmp_var.h b/sys/netinet/icmp_var.h
index c94acb94503..64aefff5a72 100644
--- a/sys/netinet/icmp_var.h
+++ b/sys/netinet/icmp_var.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: icmp_var.h,v 1.13 2007/12/13 20:00:53 reyk Exp $	*/
+/*	$OpenBSD: icmp_var.h,v 1.14 2014/01/19 05:01:50 claudio Exp $	*/
 /*	$NetBSD: icmp_var.h,v 1.8 1995/03/26 20:32:19 jtc Exp $	*/
 
 /*
@@ -42,6 +42,7 @@
 struct	icmpstat {
 /* statistics related to icmp packets generated */
 	u_long	icps_error;		/* # of calls to icmp_error */
+	u_long	icps_toofreq;		/* no error because rate limiter */
 	u_long	icps_oldshort;		/* no error because old ip too short */
 	u_long	icps_oldicmp;		/* no error because old was icmp */
 	u_long	icps_outhist[ICMP_MAXTYPE + 1];
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index fa601b885a5..9d41efa32ef 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_icmp.c,v 1.113 2014/01/09 06:29:06 tedu Exp $	*/
+/*	$OpenBSD: ip_icmp.c,v 1.114 2014/01/19 05:01:50 claudio Exp $	*/
 /*	$NetBSD: ip_icmp.c,v 1.19 1996/02/13 23:42:22 christos Exp $	*/
 
 /*
@@ -178,8 +178,10 @@ icmp_do_error(struct mbuf *n, int type, int code, n_long dest, int destmtu)
 	/*
 	 * First, do a rate limitation check.
 	 */
-	if (icmp_ratelimit(&oip->ip_src, type, code))
-		goto freeit;	/* XXX stat */
+	if (icmp_ratelimit(&oip->ip_src, type, code)) {
+		icmpstat.icps_toofreq++;
+		goto freeit;
+	}
 
 	/*
 	 * Now, formulate icmp message