icmp: when logging ICMP ratelimiting message use correct jitter value

The limiting of the very last second has been done using certain jitter value. We update the jitter for the next second. But the logging should report the jitter before the change. Reviewed by: kp, tuexen, zlei Differential Revision: https://reviews.freebsd.org/D44477 (cherry picked from commit b508545ce0)
2026-06-08 16:22:46 -04:00 · 2024-03-24 09:13:23 -07:00 · 2024-03-24 09:13:23 -07:00 · 09a05224b0
commit 09a05224b0
parent c04006ea03
1 changed files with 5 additions and 5 deletions
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@ -1147,6 +1147,11 @@ badport_bandlim(int which)
 	pps = counter_ratecheck(&V_icmp_rates[which], V_icmplim +
 	    V_icmplim_curr_jitter);
 	if (pps > 0) {
+		if (V_icmplim_output)
+			log(LOG_NOTICE,
+			    "Limiting %s response from %jd to %d packets/sec\n",
+			    icmp_rate_descrs[which], (intmax_t )pps,
+			    V_icmplim + V_icmplim_curr_jitter);
 		/*
 		 * Adjust limit +/- to jitter the measurement to deny a
 		 * side-channel port scan as in CVE-2020-25705
@ -1161,10 +1166,5 @@ badport_bandlim(int which)
 	}
 	if (pps == -1)
 		return (-1);
-	if (pps > 0 && V_icmplim_output)
-		log(LOG_NOTICE,
-		    "Limiting %s response from %jd to %d packets/sec\n",
-		    icmp_rate_descrs[which], (intmax_t )pps, V_icmplim +
-		    V_icmplim_curr_jitter);
 	return (0);
 }