diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -161,7 +161,6 @@ VNET_DEFINE(int, ip6_no_radr) = 0; VNET_DEFINE(int, ip6_norbit_raif) = 0; VNET_DEFINE(int, ip6_rfc6204w3) = 0; -VNET_DEFINE(int, ip6_log_interval) = 5; VNET_DEFINE(int, ip6_hdrnestlimit) = 15;/* How many header options will we * process? */ VNET_DEFINE(int, ip6_dad_count) = 1; /* DupAddrDetectionTransmits */ @@ -173,7 +172,6 @@ VNET_DEFINE(int, ip6_mcast_pmtu) = 0; /* enable pMTU discovery for multicast? */ VNET_DEFINE(int, ip6_v6only) = 1; -VNET_DEFINE(time_t, ip6_log_time) = (time_t)0L; #ifdef IPSTEALTH VNET_DEFINE(int, ip6stealth) = 0; #endif @@ -199,6 +197,14 @@ (ICMP6_NODEINFO_FQDNOK|ICMP6_NODEINFO_NODEADDROK); VNET_DEFINE(int, icmp6_nodeinfo_oldmcprefix) = 1; +VNET_DEFINE_STATIC(int, ip6_log_interval) = 5; +VNET_DEFINE_STATIC(int, ip6_log_count) = 0; +VNET_DEFINE_STATIC(struct timeval, ip6_log_last) = { 0 }; + +#define V_ip6_log_interval VNET(ip6_log_interval) +#define V_ip6_log_count VNET(ip6_log_count) +#define V_ip6_log_last VNET(ip6_log_last) + /* * sysctl related items. */ @@ -254,6 +260,14 @@ return (0); } +int +ip6_log_ratelimit(void) +{ + + return (ppsratecheck(&V_ip6_log_last, &V_ip6_log_count, + V_ip6_log_interval)); +} + SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING, forwarding, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_forwarding), 0, "Enable forwarding of IPv6 packets between interfaces"); diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -114,9 +114,7 @@ IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) { IP6STAT_INC(ip6s_cantforward); /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ - if (V_ip6_log_cannot_forward && - (V_ip6_log_time + V_ip6_log_interval < time_uptime)) { - V_ip6_log_time = time_uptime; + if (V_ip6_log_cannot_forward && ip6_log_ratelimit()) { log(LOG_DEBUG, "cannot forward " "from %s to %s nxt %d received on %s\n", @@ -222,9 +220,7 @@ IP6STAT_INC(ip6s_badscope); in6_ifstat_inc(nh->nh_ifp, ifs6_in_discard); - if (V_ip6_log_cannot_forward && - (V_ip6_log_time + V_ip6_log_interval < time_uptime)) { - V_ip6_log_time = time_uptime; + if (V_ip6_log_cannot_forward && ip6_log_ratelimit()) { log(LOG_DEBUG, "cannot forward " "src %s, dst %s, nxt %d, rcvif %s, outif %s\n", diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -1099,9 +1099,7 @@ */ if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) { IP6STAT_INC(ip6s_cantforward); - if (V_ip6_log_cannot_forward && - (V_ip6_log_time + V_ip6_log_interval < time_uptime)) { - V_ip6_log_time = time_uptime; + if (V_ip6_log_cannot_forward && ip6_log_ratelimit()) { log(LOG_DEBUG, "cannot forward " "from %s to %s nxt %d received on %s\n", diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -293,8 +293,6 @@ * receiving IF. */ VNET_DECLARE(int, ip6_rfc6204w3); /* Accept defroute from RA even when forwarding enabled */ -VNET_DECLARE(int, ip6_log_interval); -VNET_DECLARE(time_t, ip6_log_time); VNET_DECLARE(int, ip6_hdrnestlimit); /* upper limit of # of extension * headers */ VNET_DECLARE(int, ip6_dad_count); /* DupAddrDetectionTransmits */ @@ -304,8 +302,6 @@ #define V_ip6_no_radr VNET(ip6_no_radr) #define V_ip6_norbit_raif VNET(ip6_norbit_raif) #define V_ip6_rfc6204w3 VNET(ip6_rfc6204w3) -#define V_ip6_log_interval VNET(ip6_log_interval) -#define V_ip6_log_time VNET(ip6_log_time) #define V_ip6_hdrnestlimit VNET(ip6_hdrnestlimit) #define V_ip6_dad_count VNET(ip6_dad_count) @@ -415,6 +411,8 @@ u_int32_t ip6_randomflowlabel(void); void in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset); +int ip6_log_ratelimit(void); + /* * Argument type for the last arg of ip6proto_ctlinput_t(). *