From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=K2ZC0CBF; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id 197085A0262 for ; Mon, 23 Mar 2026 10:11:36 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774257095; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HzXcmJ+RqOhoh/2vzzRLQwrQ+5qJ+3eRLO24unrO3Mk=; b=K2ZC0CBFJEhztTDmnWN17OJZ/FFjuoweHljdw44JDiUokUCyaayRxc9Zg5Woqlz4bIhz2N DkvJyJ7sTVroeSDuWDlkluzQe7RwE76Igr6GjN1uHW1+wnZYnKH5ArvY6t8RAVAihJ2hIY Z6rhM261pLB0x+5iaVFqWsdgce+gtIs= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-689-d4hXaMHPPGeladmC5q9uQw-1; Mon, 23 Mar 2026 05:11:33 -0400 X-MC-Unique: d4hXaMHPPGeladmC5q9uQw-1 X-Mimecast-MFC-AGG-ID: d4hXaMHPPGeladmC5q9uQw_1774257093 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id CB17319560B6 for ; Mon, 23 Mar 2026 09:11:32 +0000 (UTC) Received: from anskuma-thinkpadp1gen7.bengluru.csb (polycom_64167f9778de.blr.redhat.com [10.76.98.106]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id DBCE21955F21; Mon, 23 Mar 2026 09:11:30 +0000 (UTC) From: Anshu Kumari To: passt-dev@passt.top Subject: [PATCH] Bug 134: message rate limiting https://bugs.passt.top/show_bug.cgi?id=134 Date: Mon, 23 Mar 2026 14:33:07 +0530 Message-ID: <20260323090305.319573-3-anskuma@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: O5dQD71ndHNqoMBlSMQfILD8C990iWFg9FTGVr-zPNc_1774257093 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit content-type: text/plain; charset="US-ASCII"; x-default=true X-MailFrom: anskuma@redhat.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation Message-ID-Hash: 7W4TEWSHC5WVPMOU273W2APHPA6HZI43 X-Message-ID-Hash: 7W4TEWSHC5WVPMOU273W2APHPA6HZI43 X-Mailman-Approved-At: Mon, 23 Mar 2026 11:50:59 +0100 CC: sbrivio@redhat.com, dgibson@redhat.com, Anshu Kumari X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hi Everyone, Please review patch for Bug 134. Description:- Inorder to rate limit the messages, each logging function uses per-call-site static variables, so each macro expansion tracks its own rate independently. Allows up to LOG_RATELIMIT_BURST messages per window. When a new window starts after suppression, a summary of suppressed messages is logged. Signed-off-by: Anshu Kumari --- log.h | 41 +++++++++++++++++++++++++++++++++++++++++ tap.c | 19 ++++++------------- 2 files changed, 47 insertions(+), 13 deletions(-) diff --git a/log.h b/log.h index 6ceb686..e989760 100644 --- a/log.h +++ b/log.h @@ -48,6 +48,47 @@ void logmsg_perror(int pri, const char *format, ...) passt_exit(EXIT_FAILURE); \ } while (0) +#define LOG_RATELIMIT_BURST 5 /* Max messages per window per call site */ +#define LOG_RATELIMIT_INTERVAL 1 /* Default rate limit window in seconds */ + +/** + * logmsg_ratelimit() - Rate-limited log message + * @fn: Logging function + * @now: current timestamp + * @intv: Minimum interval in seconds between allowed messages + */ +#define logmsg_ratelimit(fn, now, intv, ...) \ + do { \ + static time_t _rl_last; \ + static unsigned int _rl_printed; \ + static unsigned int _rl_suppressed; \ + \ + if ((now)->tv_sec - _rl_last > (intv)) { \ + if (_rl_suppressed) \ + fn("(suppressed %u similar messages)", \ + _rl_suppressed); \ + _rl_last = (now)->tv_sec; \ + _rl_printed = 0; \ + _rl_suppressed = 0; \ + } \ + \ + if (_rl_printed < LOG_RATELIMIT_BURST) { \ + fn(__VA_ARGS__); \ + _rl_printed++; \ + } else { \ + _rl_suppressed++; \ + } \ + } while (0) + +#define err_ratelimit(now, intv, ...) \ + logmsg_ratelimit(err, now, intv, __VA_ARGS__) +#define warn_ratelimit(now, intv, ...) \ + logmsg_ratelimit(warn, now, intv, __VA_ARGS__) +#define info_ratelimit(now, intv, ...) \ + logmsg_ratelimit(info, now, intv, __VA_ARGS__) +#define debug_ratelimit(now, intv, ...) \ + logmsg_ratelimit(debug, now, intv, __VA_ARGS__) + extern int log_file; extern int log_trace; extern bool log_conf_parsed; diff --git a/tap.c b/tap.c index 1049e02..0812a8a 100644 --- a/tap.c +++ b/tap.c @@ -686,17 +686,8 @@ static bool tap4_is_fragment(const struct iphdr *iph, const struct timespec *now) { if (ntohs(iph->frag_off) & ~IP_DF) { - /* Ratelimit messages */ - static time_t last_message; - static unsigned num_dropped; - - num_dropped++; - if (now->tv_sec - last_message > FRAGMENT_MSG_RATE) { - warn("Can't process IPv4 fragments (%u dropped)", - num_dropped); - last_message = now->tv_sec; - num_dropped = 0; - } + warn_ratelimit(now, FRAGMENT_MSG_RATE, + "Can't process IPv4 fragment"); return true; } return false; @@ -1115,8 +1106,10 @@ void tap_add_packet(struct ctx *c, struct iov_tail *data, char bufmac[ETH_ADDRSTRLEN]; memcpy(c->guest_mac, eh->h_source, ETH_ALEN); - debug("New guest MAC address observed: %s", - eth_ntop(c->guest_mac, bufmac, sizeof(bufmac))); + info_ratelimit(now, LOG_RATELIMIT_INTERVAL, + "New guest MAC address observed: %s", + eth_ntop(c->guest_mac, bufmac, + sizeof(bufmac))); proto_update_l2_buf(c->guest_mac); } -- 2.53.0