git: 35b6e52c30a2 - main - net.inet6.ip6.log_interval: use ppsratecheck(9) internally

From: Pawel Biernacki <kaktus_at_FreeBSD.org>
Date: Mon, 13 Mar 2023 16:49:24 UTC 
The branch main has been updated by kaktus:

URL: https://cgit.FreeBSD.org/src/commit/?id=35b6e52c30a290e081710b87ff0be21f4941d3f4

commit 35b6e52c30a290e081710b87ff0be21f4941d3f4
Author:     Pawel Biernacki <kaktus@FreeBSD.org>
AuthorDate: 2023-03-13 16:39:20 +0000
Commit:     Pawel Biernacki <kaktus@FreeBSD.org>
CommitDate: 2023-03-13 16:47:06 +0000

    net.inet6.ip6.log_interval: use ppsratecheck(9) internally
    
    Reported by:    mjg
    Differential Revision:  https://reviews.freebsd.org/D38758
---
 sys/netinet6/in6_proto.c   | 18 ++++++++++++++++--
 sys/netinet6/ip6_forward.c |  8 ++------
 sys/netinet6/ip6_mroute.c  |  4 +---
 sys/netinet6/ip6_var.h     |  6 ++----
 4 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c
index 1f2a41dd51de..971b61c74899 100644
--- a/sys/netinet6/in6_proto.c
+++ b/sys/netinet6/in6_proto.c
@@ -161,7 +161,6 @@ VNET_DEFINE(int, ip6_accept_rtadv) = 0;
 VNET_DEFINE(int, ip6_no_radr) = 0;
 VNET_DEFINE(int, ip6_norbit_raif) = 0;
 VNET_DEFINE(int, ip6_rfc6204w3) = 0;
-VNET_DEFINE(int, ip6_log_interval) = 5;
 VNET_DEFINE(int, ip6_hdrnestlimit) = 15;/* How many header options will we
 					 * process? */
 VNET_DEFINE(int, ip6_dad_count) = 1;	/* DupAddrDetectionTransmits */
@@ -173,7 +172,6 @@ VNET_DEFINE(int, ip6_rr_prune) = 5;	/* router renumbering prefix
 VNET_DEFINE(int, ip6_mcast_pmtu) = 0;	/* enable pMTU discovery for multicast? */
 VNET_DEFINE(int, ip6_v6only) = 1;
 
-VNET_DEFINE(time_t, ip6_log_time) = (time_t)0L;
 #ifdef IPSTEALTH
 VNET_DEFINE(int, ip6stealth) = 0;
 #endif
@@ -199,6 +197,14 @@ VNET_DEFINE(int, icmp6_nodeinfo) =
     (ICMP6_NODEINFO_FQDNOK|ICMP6_NODEINFO_NODEADDROK);
 VNET_DEFINE(int, icmp6_nodeinfo_oldmcprefix) = 1;
 
+VNET_DEFINE_STATIC(int, ip6_log_interval) = 5;
+VNET_DEFINE_STATIC(int, ip6_log_count) = 0;
+VNET_DEFINE_STATIC(struct timeval, ip6_log_last) = { 0 };
+
+#define	V_ip6_log_interval	VNET(ip6_log_interval)
+#define	V_ip6_log_count		VNET(ip6_log_count)
+#define	V_ip6_log_last		VNET(ip6_log_last)
+
 /*
  * sysctl related items.
  */
@@ -254,6 +260,14 @@ sysctl_ip6_tempvltime(SYSCTL_HANDLER_ARGS)
 	return (0);
 }
 
+int
+ip6_log_ratelimit(void)
+{
+
+	return (ppsratecheck(&V_ip6_log_last, &V_ip6_log_count,
+	    V_ip6_log_interval));
+}
+
 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING, forwarding,
 	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_forwarding), 0,
 	"Enable forwarding of IPv6 packets between interfaces");
diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c
index fc00eab4b784..293fcd977344 100644
--- a/sys/netinet6/ip6_forward.c
+++ b/sys/netinet6/ip6_forward.c
@@ -114,9 +114,7 @@ ip6_forward(struct mbuf *m, int srcrt)
 	    IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
 		IP6STAT_INC(ip6s_cantforward);
 		/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
-		if (V_ip6_log_cannot_forward &&
-		    (V_ip6_log_time + V_ip6_log_interval < time_uptime)) {
-			V_ip6_log_time = time_uptime;
+		if (V_ip6_log_cannot_forward && ip6_log_ratelimit()) {
 			log(LOG_DEBUG,
 			    "cannot forward "
 			    "from %s to %s nxt %d received on %s\n",
@@ -222,9 +220,7 @@ again:
 		IP6STAT_INC(ip6s_badscope);
 		in6_ifstat_inc(nh->nh_ifp, ifs6_in_discard);
 
-		if (V_ip6_log_cannot_forward &&
-		    (V_ip6_log_time + V_ip6_log_interval < time_uptime)) {
-			V_ip6_log_time = time_uptime;
+		if (V_ip6_log_cannot_forward && ip6_log_ratelimit()) {
 			log(LOG_DEBUG,
 			    "cannot forward "
 			    "src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c
index cdccd04abc63..9b2325c8e7a2 100644
--- a/sys/netinet6/ip6_mroute.c
+++ b/sys/netinet6/ip6_mroute.c
@@ -1099,9 +1099,7 @@ X_ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m)
 	 */
 	if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
 		IP6STAT_INC(ip6s_cantforward);
-		if (V_ip6_log_cannot_forward &&
-		    (V_ip6_log_time + V_ip6_log_interval < time_uptime)) {
-			V_ip6_log_time = time_uptime;
+		if (V_ip6_log_cannot_forward && ip6_log_ratelimit()) {
 			log(LOG_DEBUG,
 			    "cannot forward "
 			    "from %s to %s nxt %d received on %s\n",
diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
index 469b49459e2c..bfc9f72be8ea 100644
--- a/sys/netinet6/ip6_var.h
+++ b/sys/netinet6/ip6_var.h
@@ -293,8 +293,6 @@ VNET_DECLARE(int, ip6_norbit_raif);	/* Disable R-bit in NA on RA
 					 * receiving IF. */
 VNET_DECLARE(int, ip6_rfc6204w3);	/* Accept defroute from RA even when
 					   forwarding enabled */
-VNET_DECLARE(int, ip6_log_interval);
-VNET_DECLARE(time_t, ip6_log_time);
 VNET_DECLARE(int, ip6_hdrnestlimit);	/* upper limit of # of extension
 					 * headers */
 VNET_DECLARE(int, ip6_dad_count);	/* DupAddrDetectionTransmits */
@@ -304,8 +302,6 @@ VNET_DECLARE(int, ip6_dad_count);	/* DupAddrDetectionTransmits */
 #define	V_ip6_no_radr			VNET(ip6_no_radr)
 #define	V_ip6_norbit_raif		VNET(ip6_norbit_raif)
 #define	V_ip6_rfc6204w3			VNET(ip6_rfc6204w3)
-#define	V_ip6_log_interval		VNET(ip6_log_interval)
-#define	V_ip6_log_time			VNET(ip6_log_time)
 #define	V_ip6_hdrnestlimit		VNET(ip6_hdrnestlimit)
 #define	V_ip6_dad_count			VNET(ip6_dad_count)
 
@@ -415,6 +411,8 @@ u_int32_t ip6_randomid(void);
 u_int32_t ip6_randomflowlabel(void);
 void in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset);
 
+int	ip6_log_ratelimit(void);
+
 /*
  * Argument type for the last arg of ip6proto_ctlinput_t().
  *