From nobody Wed Feb 12 10:22:45 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YtDsK3Dsmz5mXN3; Wed, 12 Feb 2025 10:22:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YtDsK2kQrz3ZHW; Wed, 12 Feb 2025 10:22:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739355765; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eUzwJ6ZivrmhABU6Z3PMi8/JmpqBBcv7dUUWtsx8j/Q=; b=PDwlFdAJf5W998qIs5bmG/0YHoyr+xqntnWa5dOqm+6s/IID+12sUqNRFZB1SUbsCkeGC8 vKb49rtGepaxC+N/Iuv5hZU0iIXF385QwWxdySwlJOnirB1v24nWF2ZnueQYDyv6W8GVjt mn8vUg0QdyH6OoAoRSc9Y5xs2SgtNqgJF2bkIrq7LNxgtid9Ya3NLWxwHRxZHUB0tPLwO2 YrEEGqJabe+aV18pgn/OIkV2IIMmrvzm+gxXTwayTkUgi+yD/bmxP+FyHF2MDaJLBX1L90 wDyl1FR6NhEvGhaQJlc0MXWl0ut2Il3k5E7CtQtl/X+8vihUxOAuXHyfmHPd6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739355765; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eUzwJ6ZivrmhABU6Z3PMi8/JmpqBBcv7dUUWtsx8j/Q=; b=glxpTng3HmiqNl5gGrH5peFLuKDWbvMA2mTIHE2ui7SvN6j8FWfs3dRwgUHjWUfm/kV9cz bElZ1zLPq93cO0QR7R4GoFkTtMX87lMAZiogt+bFC0LC0LDSnhN4+b+0IUKvGIvVD/S24G //eCb44SHTk0ljF1Xs5DqZ4WtHiT0EHFEQVVZ5cLW9bWNO7Rz2DH/PRyvqf6W0F0tGGJD5 Q0UzlTexV4ELT3tEOBA+LUXt0VGGgljDXYvs4Z5atqMem6dbg6aHb9RzkHsQH2ZK62lU73 Hhw9n2HI2EBTt+BIH93m605644WiP6+8/b587nZY65v3iP3DdN/B7OIejL3A2g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739355765; a=rsa-sha256; cv=none; b=XfSP9mq7Rg3eipB+wbswyu1wh2UOFovgeA+wr5bYC5cerPwOoHFmNSWvYRK0fNDBqMnNpW Iu3QcNAC+84IbKtp1M5I7WtkvoVGwfT/tTexb6VI++Hb3VjTDrcoxszBukxkQZvG0qRc8S FBxeT+cNuuaZK6kwb7/hup4afCPbX7gmABnS9XMoyf3zO1zLmLxuoj2i34DMVG+vpHPiEU LGVqvhyGxql+CyC/F1Q6Bbww1PtwsJpUUkH0rgmapFjpzqVnrK4RrR9asAF2m5FZbDamuY zIig8EnVMi3woaAc0XaDEfW6mmkEOaFShQfzU7yf8LT9yaAZbKpyt0pXU+bhUw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YtDsK2KnxzvVV; Wed, 12 Feb 2025 10:22:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51CAMjG2029343; Wed, 12 Feb 2025 10:22:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51CAMjDh029340; Wed, 12 Feb 2025 10:22:45 GMT (envelope-from git) Date: Wed, 12 Feb 2025 10:22:45 GMT Message-Id: <202502121022.51CAMjDh029340@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: a71eee300ba7 - stable/13 - icmp: when logging ICMP ratelimiting message use correct jitter value List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: a71eee300ba7d94a1621c7b31eaaa79243db84ec Auto-Submitted: auto-generated The branch stable/13 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=a71eee300ba7d94a1621c7b31eaaa79243db84ec commit a71eee300ba7d94a1621c7b31eaaa79243db84ec Author: Gleb Smirnoff AuthorDate: 2024-03-24 16:13:23 +0000 Commit: Michael Tuexen CommitDate: 2025-02-12 10:22:14 +0000 icmp: when logging ICMP ratelimiting message use correct jitter value The limiting of the very last second has been done using certain jitter value. We update the jitter for the next second. But the logging should report the jitter before the change. Reviewed by: kp, tuexen, zlei Differential Revision: https://reviews.freebsd.org/D44477 (cherry picked from commit b508545ce044dbfdd83da772e73f969a3713d59d) --- sys/netinet/ip_icmp.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 5c8c17cba049..199b76aa9ad6 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1139,6 +1139,11 @@ badport_bandlim(int which) pps = counter_ratecheck(&V_icmp_rates[which], V_icmplim + V_icmplim_curr_jitter); if (pps > 0) { + if (V_icmplim_output) + log(LOG_NOTICE, + "Limiting %s response from %jd to %d packets/sec\n", + icmp_rate_descrs[which], (intmax_t )pps, + V_icmplim + V_icmplim_curr_jitter); /* * Adjust limit +/- to jitter the measurement to deny a * side-channel port scan as in CVE-2020-25705 @@ -1153,10 +1158,5 @@ badport_bandlim(int which) } if (pps == -1) return (-1); - if (pps > 0 && V_icmplim_output) - log(LOG_NOTICE, - "Limiting %s response from %jd to %d packets/sec\n", - icmp_rate_descrs[which], (intmax_t )pps, V_icmplim + - V_icmplim_curr_jitter); return (0); }