From nobody Wed Jun 26 04:50:21 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W88QQ2wrjz5P0Jr; Wed, 26 Jun 2024 04:50:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4W88QQ0VM0z571n; Wed, 26 Jun 2024 04:50:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1719377422; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B8Z1nqayFjrqFlUQzXZSH5Ly3icVrbDlx7fZ8JMvlnc=; b=Ut4DHCXduRXSKi7ye46ps5BRgCXtryqLYjcyYX6t++Cey3LebtKj+yQw631oijGq5SrZwY SDrL2hZXJ1JR4S6qOzNvZSYL3dmrGkjs5qPoa1z976I0SCgkjsZYPgaN4uLT2EhcPNeRDj eyZvkEoGbKIcdrFUwb58WtJV2bpE0R4wmh+nYGLGnTL8gk22M1KvSFb8BY/lPzQShV3u4H o+JoC7Uf+OTotogBPA7ekvyeFwRo4nBgqNOfrgzxjd6c6b18iH2m0jWBY1lp0SP+f1Dy9N QOcCpvo3gpPo2ank3OP2DooKYx7yFqRCrQ1/OyvOxNzNeebrX+Xuzt+fIaLqdA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1719377422; a=rsa-sha256; cv=none; b=wAK1TfXHhPLfTbrUnBQ67qYG/BoRauRURVqbrbloUdkXNDQ7dbmlkLDDWP4Hf5w4423Xqa O1tTSUHbV+7dzukAz5zO6mj8GlNFqSPQ8N42GWsnVFx98kofNh8g5nF5qW5Xg2UCVUmJW+ VEFlSi5d2lW2zo14oDxB/il9skVhrjf7uwqFidb7eNykoB1RuW8JFHf/GZh0lgt/450GqG V81Veop//8DWdHGn7gZNNuFH+Fik3lYPSEupGhrx/UETQ/T/733xmWLyjpKLdJPNBvZuIi 8PVpddQwsTbVUwU39GSvwhm8Y0ElmJVZUMczIhnRWeNpXSgwVREZAELN0lElUA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1719377422; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B8Z1nqayFjrqFlUQzXZSH5Ly3icVrbDlx7fZ8JMvlnc=; b=qvxCCYX4FEkBIdaiyRG+6epkSknY3cH63GRk0er2h4ni8LUYM1XdEoII9SjDuBFvGE+GmE VcslXfCCksd+Y2Z8TdFB9+zVtk4E3sA1mJrzaWZDsAFyrdq1RlivZNAaJDKVUQu+6YsHZy sXImyXuVlXURHeZ63fic4eWmVFnW/D3qAGLSE63CwGXqoyb9wRHntO5nieCt0wW6uJvb0j 6L7A4ME5UJhti/O083vqoZkEfQTSeCyx7Pp4Zw/ItTG8IoVB1JHzAYEWbwKsvVBgZwZj4g T7SHTCItZfE5yB3qGU8SfM02pGZg3fJIL/41WaOsXYCp/KlgDw/HIiqC6jnnfA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4W88QQ05jczXBv; Wed, 26 Jun 2024 04:50:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 45Q4oL5L063675; Wed, 26 Jun 2024 04:50:21 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 45Q4oLov063672; Wed, 26 Jun 2024 04:50:21 GMT (envelope-from git) Date: Wed, 26 Jun 2024 04:50:21 GMT Message-Id: <202406260450.45Q4oLov063672@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Zhenlei Huang Subject: git: 09a05224b04f - stable/14 - icmp: when logging ICMP ratelimiting message use correct jitter value List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: zlei X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 09a05224b04f4c67e1ebd8367788dc0068a47fc6 Auto-Submitted: auto-generated The branch stable/14 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=09a05224b04f4c67e1ebd8367788dc0068a47fc6 commit 09a05224b04f4c67e1ebd8367788dc0068a47fc6 Author: Gleb Smirnoff AuthorDate: 2024-03-24 16:13:23 +0000 Commit: Zhenlei Huang CommitDate: 2024-06-26 04:48:43 +0000 icmp: when logging ICMP ratelimiting message use correct jitter value The limiting of the very last second has been done using certain jitter value. We update the jitter for the next second. But the logging should report the jitter before the change. Reviewed by: kp, tuexen, zlei Differential Revision: https://reviews.freebsd.org/D44477 (cherry picked from commit b508545ce044dbfdd83da772e73f969a3713d59d) --- sys/netinet/ip_icmp.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 39eb46fd2d90..83034f9d9dd4 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1147,6 +1147,11 @@ badport_bandlim(int which) pps = counter_ratecheck(&V_icmp_rates[which], V_icmplim + V_icmplim_curr_jitter); if (pps > 0) { + if (V_icmplim_output) + log(LOG_NOTICE, + "Limiting %s response from %jd to %d packets/sec\n", + icmp_rate_descrs[which], (intmax_t )pps, + V_icmplim + V_icmplim_curr_jitter); /* * Adjust limit +/- to jitter the measurement to deny a * side-channel port scan as in CVE-2020-25705 @@ -1161,10 +1166,5 @@ badport_bandlim(int which) } if (pps == -1) return (-1); - if (pps > 0 && V_icmplim_output) - log(LOG_NOTICE, - "Limiting %s response from %jd to %d packets/sec\n", - icmp_rate_descrs[which], (intmax_t )pps, V_icmplim + - V_icmplim_curr_jitter); return (0); }