diff options
| author | Gleb Smirnoff <glebius@FreeBSD.org> | 2024-03-24 16:13:23 +0000 |
|---|---|---|
| committer | Michael Tuexen <tuexen@FreeBSD.org> | 2025-02-12 10:22:14 +0000 |
| commit | a71eee300ba7d94a1621c7b31eaaa79243db84ec (patch) | |
| tree | cbbba641530022c33a43ab06a921777578a77a90 /sys | |
| parent | a6d5c6a04fe9408cdfd1f56f8dc3142661214eb8 (diff) | |
icmp: when logging ICMP ratelimiting message use correct jitter value
The limiting of the very last second has been done using certain jitter
value. We update the jitter for the next second. But the logging should
report the jitter before the change.
Reviewed by: kp, tuexen, zlei
Differential Revision: https://reviews.freebsd.org/D44477
(cherry picked from commit b508545ce044dbfdd83da772e73f969a3713d59d)
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet/ip_icmp.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 5c8c17cba049..199b76aa9ad6 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1139,6 +1139,11 @@ badport_bandlim(int which) pps = counter_ratecheck(&V_icmp_rates[which], V_icmplim + V_icmplim_curr_jitter); if (pps > 0) { + if (V_icmplim_output) + log(LOG_NOTICE, + "Limiting %s response from %jd to %d packets/sec\n", + icmp_rate_descrs[which], (intmax_t )pps, + V_icmplim + V_icmplim_curr_jitter); /* * Adjust limit +/- to jitter the measurement to deny a * side-channel port scan as in CVE-2020-25705 @@ -1153,10 +1158,5 @@ badport_bandlim(int which) } if (pps == -1) return (-1); - if (pps > 0 && V_icmplim_output) - log(LOG_NOTICE, - "Limiting %s response from %jd to %d packets/sec\n", - icmp_rate_descrs[which], (intmax_t )pps, V_icmplim + - V_icmplim_curr_jitter); return (0); } |