From nobody Sun Mar 24 16:19:29 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V2h8x46MPz5G0LJ; Sun, 24 Mar 2024 16:19:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V2h8x1tLgz4Fn2; Sun, 24 Mar 2024 16:19:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711297169; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=j/dDAPSEucDltsEaEdcKLbQHa5X/WehYDn5zX18GdiI=; b=lBXzDCCwasJifeYzZWA4Jo0OJ4lIMlOCpUgnKa0GN9Hj+A6Ghz1EcaxxOTRnlz2YGDabvG YRtAU2nVpCb+bhA+RfXd3XF17jSP+5SRTQRwdWot3GOiKg1wht43M4j9A7DQyL+HLMh1Sq vUMGdUcQQ4Z+GxdaX/EbQwdzw3tGY9u+Vp6ksgXAmk8+edw4xb5nqPj2siokLq3g+Ja13j TDWy5WO2eq1axzPFuOmoV4yEM22eumpAFbddr/QV2A5ee0CxC0rpot+K0ajA94M4CCLWYY ea4YCa64dBniUkYNkD1u9vY5O9iLDoxSstxgBeKO+Nhzg+Y/vRmjOKg5pGv+AQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1711297169; a=rsa-sha256; cv=none; b=IS/H7L2qIu2eRVwG7+gFhKJlXcy5WNs0AwVln4DEOVcJIFcQnwk7JCjdunb7QHB6Lk0KRD RmQ0z6DAJFH9G4HjCT7mW+zI4RaX8772rr09Zb0U2kvztyfgGcAVfn2C3bQJ1jOL24JJOE Yq15aTEyv5it9MZA52kzyuCiD53nVmYslTm2E0BafVMWSWz6XGr6SCkulb+UfkegXwnazn fRxZJzz0G9J/mNd3pM0deeEODWxJh/KWmOQIaf0sJ6WMz3kHATTn6fr+zGHu++xaWmw4BY ivGsOwi3qukC99PjbBYiGco2LH3RzGWASt6ggzKh6OdcLtnk7KFry5KTsyz1Xw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711297169; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=j/dDAPSEucDltsEaEdcKLbQHa5X/WehYDn5zX18GdiI=; b=boS6GS61GCNbJmVhTgxhviINpilZWLfyCzAQ1fjqXyGuJTocE++w36NUj4UCz3HO54GCn+ ANiUUmlRvicRnTUuO0yj5WENYMBld87q/2rtC71a/PJtL/6D64vXmgr/XO+n15OWlPYi7y Iaaqi5UJN58G7aFqHA1ZSGKGFsQaXj4PjjjapGG+PNpmGWk97i+8oTZHhHFiyEm7Mme/IQ 9idQ1gB2bBh9WCFwu7NBvkxLXaTM2aZYwibEuDjgYQdopU7ZXK5PneNbXgH6lZ2l95S7oT pqRhfh39XghkidVrumomPgv/sxurh/2C83ae2v7OWR4MVSljRv74WFeZ5KwAaA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4V2h8x1C5xzfwM; Sun, 24 Mar 2024 16:19:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 42OGJTmT079412; Sun, 24 Mar 2024 16:19:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 42OGJTDc079409; Sun, 24 Mar 2024 16:19:29 GMT (envelope-from git) Date: Sun, 24 Mar 2024 16:19:29 GMT Message-Id: <202403241619.42OGJTDc079409@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: b508545ce044 - main - icmp: when logging ICMP ratelimiting message use correct jitter value List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b508545ce044dbfdd83da772e73f969a3713d59d Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=b508545ce044dbfdd83da772e73f969a3713d59d commit b508545ce044dbfdd83da772e73f969a3713d59d Author: Gleb Smirnoff AuthorDate: 2024-03-24 16:13:23 +0000 Commit: Gleb Smirnoff CommitDate: 2024-03-24 16:13:23 +0000 icmp: when logging ICMP ratelimiting message use correct jitter value The limiting of the very last second has been done using certain jitter value. We update the jitter for the next second. But the logging should report the jitter before the change. Reviewed by: kp, tuexen, zlei Differential Revision: https://reviews.freebsd.org/D44477 --- sys/netinet/ip_icmp.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index fd9342831e43..245e1c8040a4 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1145,6 +1145,11 @@ badport_bandlim(int which) pps = counter_ratecheck(&V_icmp_rates[which], V_icmplim + V_icmplim_curr_jitter); if (pps > 0) { + if (V_icmplim_output) + log(LOG_NOTICE, + "Limiting %s response from %jd to %d packets/sec\n", + icmp_rate_descrs[which], (intmax_t )pps, + V_icmplim + V_icmplim_curr_jitter); /* * Adjust limit +/- to jitter the measurement to deny a * side-channel port scan as in CVE-2020-25705 @@ -1159,10 +1164,5 @@ badport_bandlim(int which) } if (pps == -1) return (-1); - if (pps > 0 && V_icmplim_output) - log(LOG_NOTICE, - "Limiting %s response from %jd to %d packets/sec\n", - icmp_rate_descrs[which], (intmax_t )pps, V_icmplim + - V_icmplim_curr_jitter); return (0); }