git: b508545ce044 - main - icmp: when logging ICMP ratelimiting message use correct jitter value

The branch main has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=b508545ce044dbfdd83da772e73f969a3713d59d

commit b508545ce044dbfdd83da772e73f969a3713d59d
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2024-03-24 16:13:23 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2024-03-24 16:13:23 +0000

    icmp: when logging ICMP ratelimiting message use correct jitter value
    
    The limiting of the very last second has been done using certain jitter
    value.  We update the jitter for the next second.  But the logging should
    report the jitter before the change.
    
    Reviewed by:            kp, tuexen, zlei
    Differential Revision:  https://reviews.freebsd.org/D44477
---
 sys/netinet/ip_icmp.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index fd9342831e43..245e1c8040a4 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -1145,6 +1145,11 @@ badport_bandlim(int which)
 	pps = counter_ratecheck(&V_icmp_rates[which], V_icmplim +
 	    V_icmplim_curr_jitter);
 	if (pps > 0) {
+		if (V_icmplim_output)
+			log(LOG_NOTICE,
+			    "Limiting %s response from %jd to %d packets/sec\n",
+			    icmp_rate_descrs[which], (intmax_t )pps,
+			    V_icmplim + V_icmplim_curr_jitter);
 		/*
 		 * Adjust limit +/- to jitter the measurement to deny a
 		 * side-channel port scan as in CVE-2020-25705
@@ -1159,10 +1164,5 @@ badport_bandlim(int which)
 	}
 	if (pps == -1)
 		return (-1);
-	if (pps > 0 && V_icmplim_output)
-		log(LOG_NOTICE,
-		    "Limiting %s response from %jd to %d packets/sec\n",
-		    icmp_rate_descrs[which], (intmax_t )pps, V_icmplim +
-		    V_icmplim_curr_jitter);
 	return (0);
 }