From nobody Thu Feb 13 16:46:12 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yv1KJ6JLvz5my9L; Thu, 13 Feb 2025 16:46:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yv1KJ51pWz3Mx6; Thu, 13 Feb 2025 16:46:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739465172; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=T3dhU8hx4pNb6E4g6k2PhBOAKNTKLL9KbIa34UE9XgM=; b=dWfCSktE1kRBw/sJhEK3H30wVtxmexaHlYrzo/CEFpyTfS2uLhK//htehWL1cAgXEI7oFE SWHjvMbTT7ULXE6ta+fyOTLlYDfbPP6nylPLoQwzGN29OE3GmWjLHA4u/qzZJ4N5npwKYb LXNJV7rcJP4eKCKR4ORMNSl7chKs/Hn7xOcu0x4r5/wpw83jIvu9MKqcQbsqo9Fu/6Ti/I gqDO4vaCCmrpzphhQoVNveaAmPzp+KBxixnCJwIGkprV8Zc9AYOeTyvgSAygpU2gaJzwG6 KJa4hE/hVwfYUPX7naKttoNKOyQHSoWumMR6RSXZFsB/Hrx1KvU2hn0zA3O0XA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739465172; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=T3dhU8hx4pNb6E4g6k2PhBOAKNTKLL9KbIa34UE9XgM=; b=Eo0KzqUErU3X4p+VQWs5UK/RjHZwVELRlXRWXPzmFQv/tG/rSdRxqdj1DWmH7mZjcqpWE+ s+6pYTVwPwv+9NxX0eHmgGaKjn8o8YRlbv6QiP7LsND9HKa9asEWiIVEC8l3/z320h26Tp cm/FkSbGfK2kNyYoDwp39cc4rY9Sn6A+InocOBzjo1zWlxPT2KhId0/luZHFT0oUn9Ny7h nF08bojq6v5Omiel/4m+Mh8+v7UdJ7+db6J9RY3btGPk/8TwpWHhJ10CXIN/3PQZjnIx+q Cz+lwb5f48VEY12orf+a0cvEhlPgyj4NxBiMOfFJjAtOyj4kgOihN81Q7ykXHw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739465172; a=rsa-sha256; cv=none; b=Ly+TT//0gXyTpRpV7v2Di6CSh84vGfo/vcfqDg2eCG+AHLaF4McYdbaQ4lBWp9NKy90HB6 oOEKAmIigxbYw4OCtf4Ih5vKsVs/2gfYiDNT1AtyS+jKk+xBDB+JfcRxqM0afxvYYHWMyK g9ekHTz5p2ZmPqA1GVyFunbSzuTTxoslLQuwdQr3Y97qTbBgfRL23dR5x2iWvMhZLqpzDp +BLBfUfc4hcPBPWGLch4noxCMV32hTKtFniPoj9k2lmRODryJ7LkvqRXdMO9fRqFljruIW RRjFjziK6jDFz7mFK3J3PZiYG4XGqyXFIItNdu4ifekHieBrn/OdIscKM8dKHw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yv1KJ4bXvzt9s; Thu, 13 Feb 2025 16:46:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51DGkCuY041547; Thu, 13 Feb 2025 16:46:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51DGkC9R041544; Thu, 13 Feb 2025 16:46:12 GMT (envelope-from git) Date: Thu, 13 Feb 2025 16:46:12 GMT Message-Id: <202502131646.51DGkC9R041544@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: b6dc6601559b - releng/13.5 - icmp: when logging ICMP ratelimiting message use correct jitter value List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: b6dc6601559b44348507df9dd8cce7e438bec4c9 Auto-Submitted: auto-generated The branch releng/13.5 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=b6dc6601559b44348507df9dd8cce7e438bec4c9 commit b6dc6601559b44348507df9dd8cce7e438bec4c9 Author: Gleb Smirnoff AuthorDate: 2024-03-24 16:13:23 +0000 Commit: Michael Tuexen CommitDate: 2025-02-13 13:59:09 +0000 icmp: when logging ICMP ratelimiting message use correct jitter value The limiting of the very last second has been done using certain jitter value. We update the jitter for the next second. But the logging should report the jitter before the change. Reviewed by: kp, tuexen, zlei Differential Revision: https://reviews.freebsd.org/D44477 Approved by: re (cperciva) (cherry picked from commit b508545ce044dbfdd83da772e73f969a3713d59d) (cherry picked from commit a71eee300ba7d94a1621c7b31eaaa79243db84ec) --- sys/netinet/ip_icmp.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 5c8c17cba049..199b76aa9ad6 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1139,6 +1139,11 @@ badport_bandlim(int which) pps = counter_ratecheck(&V_icmp_rates[which], V_icmplim + V_icmplim_curr_jitter); if (pps > 0) { + if (V_icmplim_output) + log(LOG_NOTICE, + "Limiting %s response from %jd to %d packets/sec\n", + icmp_rate_descrs[which], (intmax_t )pps, + V_icmplim + V_icmplim_curr_jitter); /* * Adjust limit +/- to jitter the measurement to deny a * side-channel port scan as in CVE-2020-25705 @@ -1153,10 +1158,5 @@ badport_bandlim(int which) } if (pps == -1) return (-1); - if (pps > 0 && V_icmplim_output) - log(LOG_NOTICE, - "Limiting %s response from %jd to %d packets/sec\n", - icmp_rate_descrs[which], (intmax_t )pps, V_icmplim + - V_icmplim_curr_jitter); return (0); }