Add rate limitation for SCTP OOTB responses.

MFC after: 3 days

sys/netinet/icmp_var.h

@@ -102,7 +102,8 @@ extern int badport_bandlim(int);
 #define BANDLIM_RST_CLOSEDPORT 3 /* No connection, and no listeners */
 #define BANDLIM_RST_OPENPORT 4   /* No connection, listener */
 #define BANDLIM_ICMP6_UNREACH 5
-#define BANDLIM_MAX 5
+#define BANDLIM_SCTP_OOTB 6
+#define BANDLIM_MAX 6
 #endif
 
 #endif

sys/netinet/ip_icmp.c

@@ -965,7 +965,8 @@ badport_bandlim(int which)
 		{ "icmp tstamp response" },
 		{ "closed port RST response" },
 		{ "open port RST response" },
-		{ "icmp6 unreach response" }
+		{ "icmp6 unreach response" },
+		{ "sctp ootb response" }
 	};
 
 	/*

sys/netinet/sctp_input.c

@@ -6060,15 +6060,8 @@ sctp_skip_csum_4:
 		struct sctp_init_chunk *init_chk, chunk_buf;
 
 		SCTP_STAT_INCR(sctps_noport);
-#ifdef ICMP_BANDLIM
+		if (badport_bandlim(BANDLIM_SCTP_OOTB) < 0)
-		/*
-		 * we use the bandwidth limiting to protect against sending
-		 * too many ABORTS all at once. In this case these count the
-		 * same as an ICMP message.
-		 */
-		if (badport_bandlim(0) < 0)
 			goto bad;
-#endif				/* ICMP_BANDLIM */
 		SCTPDBG(SCTP_DEBUG_INPUT1,
 		    "Sending a ABORT from packet entry!\n");
 		if (ch->chunk_type == SCTP_INITIATION) {