From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Plf4Zcsx; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 3F6195A0265 for ; Tue, 24 Mar 2026 17:55:46 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774371345; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=foo+W61IMMQM2DGxkM+1mObjRIdr21EiiYvc0Jso8CY=; b=Plf4ZcsxjWosUvC+C8OtxBs1tOIlAjphSGwk+u68TJzkQs3H4JlyhjSUdD7Q8k98VPP9Tm LHV/iJEuXPoQ7ashOYrhMFDVJpKahyq6xk5MXJrSmAXGANnDYXF4+wr+9W2En/KFdHQ+GZ sdnK+2Smb5EZ7qXGrXE2LkV6BJaJuJs= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-342-Ja7ynxk4OeWOfptkpzGcMg-1; Tue, 24 Mar 2026 12:55:43 -0400 X-MC-Unique: Ja7ynxk4OeWOfptkpzGcMg-1 X-Mimecast-MFC-AGG-ID: Ja7ynxk4OeWOfptkpzGcMg_1774371342 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 29761195608E for ; Tue, 24 Mar 2026 16:55:42 +0000 (UTC) Received: from anskuma-thinkpadp1gen7.bengluru.csb (unknown [10.74.80.41]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 909781800107; Tue, 24 Mar 2026 16:55:40 +0000 (UTC) From: Anshu Kumari To: passt-dev@passt.top Subject: [PATCH v2] Bug 134: message rate limiting Date: Tue, 24 Mar 2026 22:23:01 +0530 Message-ID: <20260324165300.86066-2-anskuma@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: XDgps1riYytpYAC5RBrOeRBcTuY5sPWVhFqnqDGbHzw_1774371342 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit content-type: text/plain; charset="US-ASCII"; x-default=true Message-ID-Hash: P5CZMOTNHGXK5Y5Z7JZ7B4JPXWCLYECU X-Message-ID-Hash: P5CZMOTNHGXK5Y5Z7JZ7B4JPXWCLYECU X-MailFrom: anskuma@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Anshu Kumari X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Signed-off-by: Anshu Kumari --- log.h | 40 ++++++++++++++++++++++++++++++++++++++++ tap.c | 19 ++++++------------- 2 files changed, 46 insertions(+), 13 deletions(-) diff --git a/log.h b/log.h index 6ceb686..2e9286e 100644 --- a/log.h +++ b/log.h @@ -48,6 +48,46 @@ void logmsg_perror(int pri, const char *format, ...) passt_exit(EXIT_FAILURE); \ } while (0) +#define LOG_RATELIMIT_BURST 5 /* Max messages per window per call site */ +#define LOG_RATELIMIT_INTERVAL 1 /* Default rate limit window in seconds */ + +/** + * logmsg_ratelimit() - Rate-limited log message + * @fn: Logging function + * @now: current timestamp + */ +#define logmsg_ratelimit(fn, now, ...) \ + do { \ + static time_t rl_last_; \ + static unsigned int rl_printed_; \ + static unsigned int rl_suppressed_; \ + \ + if ((now)->tv_sec - rl_last_ > LOG_RATELIMIT_INTERVAL) { \ + if (rl_suppressed_) \ + fn("(suppressed %u similar messages)", \ + rl_suppressed_); \ + rl_last_ = (now)->tv_sec; \ + rl_printed_ = 0; \ + rl_suppressed_ = 0; \ + } \ + \ + if (rl_printed_ < LOG_RATELIMIT_BURST) { \ + fn(__VA_ARGS__); \ + rl_printed_++; \ + } else { \ + rl_suppressed_++; \ + } \ + } while (0) + +#define err_ratelimit(now, ...) \ + logmsg_ratelimit(err, now, __VA_ARGS__) +#define warn_ratelimit(now, ...) \ + logmsg_ratelimit(warn, now, __VA_ARGS__) +#define info_ratelimit(now, ...) \ + logmsg_ratelimit(info, now, __VA_ARGS__) +#define debug_ratelimit(now, ...) \ + logmsg_ratelimit(debug, now, __VA_ARGS__) + extern int log_file; extern int log_trace; extern bool log_conf_parsed; diff --git a/tap.c b/tap.c index 1049e02..656b6e9 100644 --- a/tap.c +++ b/tap.c @@ -686,17 +686,8 @@ static bool tap4_is_fragment(const struct iphdr *iph, const struct timespec *now) { if (ntohs(iph->frag_off) & ~IP_DF) { - /* Ratelimit messages */ - static time_t last_message; - static unsigned num_dropped; - - num_dropped++; - if (now->tv_sec - last_message > FRAGMENT_MSG_RATE) { - warn("Can't process IPv4 fragments (%u dropped)", - num_dropped); - last_message = now->tv_sec; - num_dropped = 0; - } + warn_ratelimit(now, + "Can't process IPv4 fragment"); return true; } return false; @@ -1115,8 +1106,10 @@ void tap_add_packet(struct ctx *c, struct iov_tail *data, char bufmac[ETH_ADDRSTRLEN]; memcpy(c->guest_mac, eh->h_source, ETH_ALEN); - debug("New guest MAC address observed: %s", - eth_ntop(c->guest_mac, bufmac, sizeof(bufmac))); + info_ratelimit(now, + "New guest MAC address observed: %s", + eth_ntop(c->guest_mac, bufmac, + sizeof(bufmac))); proto_update_l2_buf(c->guest_mac); } -- 2.53.0