upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 00:32:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

icmp: do not store per-VNET identical array of strings

Browse source 
We need per-VNET struct counter_rate, but we don't need per-VNET set of
const char *.  Also, identical word "response" can go into the format
string instead of being stored 7 times.

Reviewed by:		kp, zlei, tuexen
Differential Revision:	https://reviews.freebsd.org/D44475

(cherry picked from commit 7142ab4790)
This commit is contained in:
Gleb Smirnoff 2024-03-24 09:13:23 -07:00 committed by Zhenlei Huang
parent 443a4ce9d4
commit 2193c63f9a
1 changed files with 18 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
sys/netinet/ip_icmp.c
View file

@ -1093,28 +1093,26 @@ ip_next_mtu(int mtu, int dir)
* the 'final' error, but it doesn't make sense to solve the printing
* delay with more complex code.
*/
struct icmp_rate {
const char *descr;
struct counter_rate cr;
};
VNET_DEFINE_STATIC(struct icmp_rate, icmp_rates[BANDLIM_MAX]) = {
{ "icmp unreach response" },
{ "icmp ping response" },
{ "icmp tstamp response" },
{ "closed port RST response" },
{ "open port RST response" },
{ "icmp6 unreach response" },
{ "sctp ootb response" }
};
VNET_DEFINE_STATIC(struct counter_rate, icmp_rates[BANDLIM_MAX]);
#define V_icmp_rates VNET(icmp_rates)
static const char *icmp_rate_descrs[BANDLIM_MAX] = {
[BANDLIM_ICMP_UNREACH] = "icmp unreach",
[BANDLIM_ICMP_ECHO] = "icmp ping",
[BANDLIM_ICMP_TSTAMP] = "icmp tstamp",
[BANDLIM_RST_CLOSEDPORT] = "closed port RST",
[BANDLIM_RST_OPENPORT] = "open port RST",
[BANDLIM_ICMP6_UNREACH] = "icmp6 unreach",
[BANDLIM_SCTP_OOTB] = "sctp ootb",
};
static void
icmp_bandlimit_init(void)
{
for (int i = 0; i < BANDLIM_MAX; i++) {
V_icmp_rates[i].cr.cr_rate = counter_u64_alloc(M_WAITOK);
V_icmp_rates[i].cr.cr_ticks = ticks;
V_icmp_rates[i].cr_rate = counter_u64_alloc(M_WAITOK);
V_icmp_rates[i].cr_ticks = ticks;
}
}
VNET_SYSINIT(icmp_bandlimit, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY,
@ -1125,7 +1123,7 @@ icmp_bandlimit_uninit(void)
{
for (int i = 0; i < BANDLIM_MAX; i++)
counter_u64_free(V_icmp_rates[i].cr.cr_rate);
counter_u64_free(V_icmp_rates[i].cr_rate);
}
VNET_SYSUNINIT(icmp_bandlimit, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD,
icmp_bandlimit_uninit, NULL);
@ -1144,7 +1142,7 @@ badport_bandlim(int which)
if ((V_icmplim + V_icmplim_curr_jitter) <= 0)
V_icmplim_curr_jitter = -V_icmplim + 1;
pps = counter_ratecheck(&V_icmp_rates[which].cr, V_icmplim +
pps = counter_ratecheck(&V_icmp_rates[which], V_icmplim +
V_icmplim_curr_jitter);
if (pps > 0) {
/*
@ -1162,8 +1160,9 @@ badport_bandlim(int which)
if (pps == -1)
return (-1);
if (pps > 0 && V_icmplim_output)
log(LOG_NOTICE, "Limiting %s from %jd to %d packets/sec\n",
V_icmp_rates[which].descr, (intmax_t )pps, V_icmplim +
log(LOG_NOTICE,
"Limiting %s response from %jd to %d packets/sec\n",
icmp_rate_descrs[which], (intmax_t )pps, V_icmplim +
V_icmplim_curr_jitter);
return (0);
}