From owner-svn-src-all@FreeBSD.ORG Sat May 11 10:51:32 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id D9EF9ACB; Sat, 11 May 2013 10:51:32 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id BB2DF22E; Sat, 11 May 2013 10:51:32 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r4BApW8P044108; Sat, 11 May 2013 10:51:32 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r4BApWEn044106; Sat, 11 May 2013 10:51:32 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201305111051.r4BApWEn044106@svn.freebsd.org> From: Gleb Smirnoff Date: Sat, 11 May 2013 10:51:32 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r250504 - in head: sys/netinet usr.sbin/arp X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 May 2013 10:51:32 -0000 Author: glebius Date: Sat May 11 10:51:32 2013 New Revision: 250504 URL: http://svnweb.freebsd.org/changeset/base/250504 Log: Rate limit the number of remotely triggered ARP log messages to 1 log message per second. Modified: head/sys/netinet/if_ether.c head/usr.sbin/arp/arp.4 Modified: head/sys/netinet/if_ether.c ============================================================================== --- head/sys/netinet/if_ether.c Sat May 11 09:51:44 2013 (r250503) +++ head/sys/netinet/if_ether.c Sat May 11 10:51:32 2013 (r250504) @@ -505,6 +505,9 @@ static int log_arp_wrong_iface = 1; static int log_arp_movements = 1; static int log_arp_permanent_modify = 1; static int allow_multicast = 0; +static struct timeval arp_lastlog; +static int arp_curpps; +static int arp_maxpps = 1; SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_wrong_iface, CTLFLAG_RW, &log_arp_wrong_iface, 0, @@ -517,6 +520,15 @@ SYSCTL_INT(_net_link_ether_inet, OID_AUT "log arp replies from MACs different than the one in the permanent arp entry"); SYSCTL_INT(_net_link_ether_inet, OID_AUTO, allow_multicast, CTLFLAG_RW, &allow_multicast, 0, "accept multicast addresses"); +SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_log_per_second, + CTLFLAG_RW, &arp_maxpps, 0, + "Maximum number of remotely triggered ARP messages that can be " + "logged per second"); + +#define ARP_LOG(pri, ...) do { \ + if (ppsratecheck(&arp_lastlog, &arp_curpps, arp_maxpps)) \ + log((pri), "arp: " __VA_ARGS__); \ +} while (0) static void in_arpinput(struct mbuf *m) @@ -546,7 +558,7 @@ in_arpinput(struct mbuf *m) req_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr)); if (m->m_len < req_len && (m = m_pullup(m, req_len)) == NULL) { - log(LOG_NOTICE, "in_arp: runt packet -- m_pullup failed\n"); + ARP_LOG(LOG_NOTICE, "runt packet -- m_pullup failed\n"); return; } @@ -556,13 +568,13 @@ in_arpinput(struct mbuf *m) * a protocol length not equal to an IPv4 address. */ if (ah->ar_pln != sizeof(struct in_addr)) { - log(LOG_NOTICE, "in_arp: requested protocol length != %zu\n", + ARP_LOG(LOG_NOTICE, "requested protocol length != %zu\n", sizeof(struct in_addr)); goto drop; } if (allow_multicast == 0 && ETHER_IS_MULTICAST(ar_sha(ah))) { - log(LOG_NOTICE, "arp: %*D is multicast\n", + ARP_LOG(LOG_NOTICE, "%*D is multicast\n", ifp->if_addrlen, (u_char *)ar_sha(ah), ":"); goto drop; } @@ -658,9 +670,8 @@ match: if (!bcmp(ar_sha(ah), enaddr, ifp->if_addrlen)) goto drop; /* it's from me, ignore it. */ if (!bcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) { - log(LOG_NOTICE, - "arp: link address is broadcast for IP address %s!\n", - inet_ntoa(isaddr)); + ARP_LOG(LOG_NOTICE, "link address is broadcast for IP address " + "%s!\n", inet_ntoa(isaddr)); goto drop; } /* @@ -671,7 +682,7 @@ match: */ if (!bridged && !carped && isaddr.s_addr == myaddr.s_addr && myaddr.s_addr != 0) { - log(LOG_ERR, "arp: %*D is using my IP address %s on %s!\n", + ARP_LOG(LOG_ERR, "%*D is using my IP address %s on %s!\n", ifp->if_addrlen, (u_char *)ar_sha(ah), ":", inet_ntoa(isaddr), ifp->if_xname); itaddr = myaddr; @@ -694,7 +705,7 @@ match: /* the following is not an error when doing bridging */ if (!bridged && la->lle_tbl->llt_ifp != ifp) { if (log_arp_wrong_iface) - log(LOG_WARNING, "arp: %s is on %s " + ARP_LOG(LOG_WARNING, "%s is on %s " "but got reply from %*D on %s\n", inet_ntoa(isaddr), la->lle_tbl->llt_ifp->if_xname, @@ -708,8 +719,8 @@ match: if (la->la_flags & LLE_STATIC) { LLE_WUNLOCK(la); if (log_arp_permanent_modify) - log(LOG_ERR, - "arp: %*D attempts to modify " + ARP_LOG(LOG_ERR, + "%*D attempts to modify " "permanent entry for %s on %s\n", ifp->if_addrlen, (u_char *)ar_sha(ah), ":", @@ -717,7 +728,7 @@ match: goto reply; } if (log_arp_movements) { - log(LOG_INFO, "arp: %s moved from %*D " + ARP_LOG(LOG_INFO, "%s moved from %*D " "to %*D on %s\n", inet_ntoa(isaddr), ifp->if_addrlen, @@ -729,7 +740,7 @@ match: if (ifp->if_addrlen != ah->ar_hln) { LLE_WUNLOCK(la); - log(LOG_WARNING, "arp from %*D: addr len: new %d, " + ARP_LOG(LOG_WARNING, "from %*D: addr len: new %d, " "i/f %d (ignored)\n", ifp->if_addrlen, (u_char *) ar_sha(ah), ":", ah->ar_hln, ifp->if_addrlen); @@ -837,7 +848,7 @@ reply: if (!rt) goto drop; if (rt->rt_ifp != ifp) { - log(LOG_INFO, "arp_proxy: ignoring request" + ARP_LOG(LOG_INFO, "proxy: ignoring request" " from %s via %s, expecting %s\n", inet_ntoa(isaddr), ifp->if_xname, rt->rt_ifp->if_xname); Modified: head/usr.sbin/arp/arp.4 ============================================================================== --- head/usr.sbin/arp/arp.4 Sat May 11 09:51:44 2013 (r250503) +++ head/usr.sbin/arp/arp.4 Sat May 11 10:51:32 2013 (r250504) @@ -28,7 +28,7 @@ .\" @(#)arp4.4 6.5 (Berkeley) 4/18/94 .\" $FreeBSD$ .\" -.Dd September 3, 2012 +.Dd May 11, 2013 .Dt ARP 4 .Os .Sh NAME @@ -148,6 +148,10 @@ See .Sx DIAGNOSTICS below. Turned on by default. +.It Va max_log_per_second +Limit number of remotely triggered logging events to a configured value +per second. +Default is 1 log message per second. .It Va max_age How long an ARP entry is held in the cache until it needs to be refreshed. Default is 1200 seconds.