4 files changed, 21 insertions, 26 deletions

diff --git a/tap.c b/tap.c
index 1049e02..7d06189 100644
--- a/tap.c
+++ b/tap.c
@@ -99,7 +99,6 @@ static PACKET_POOL_NOINIT(pool_tap4, TAP_MSGS_IP4);
 static PACKET_POOL_NOINIT(pool_tap6, TAP_MSGS_IP6);
 
 #define TAP_SEQS		128 /* Different L4 tuples in one batch */
-#define FRAGMENT_MSG_RATE	10  /* # seconds between fragment warnings */
 
 /**
  * tap_l2_max_len() - Maximum frame size (including L2 header) for current mode
@@ -686,17 +685,11 @@ static bool tap4_is_fragment(const struct iphdr *iph,
 			     const struct timespec *now)
 {
 	if (ntohs(iph->frag_off) & ~IP_DF) {
-		/* Ratelimit messages */
-		static time_t last_message;
 		static unsigned num_dropped;
 
 		num_dropped++;
-		if (now->tv_sec - last_message > FRAGMENT_MSG_RATE) {
-			warn("Can't process IPv4 fragments (%u dropped)",
-			     num_dropped);
-			last_message = now->tv_sec;
-			num_dropped = 0;
-		}
+		warn_ratelimit(now, "Can't process IPv4 fragments (%u dropped)",
+			       num_dropped);
 		return true;
 	}
 	return false;
@@ -1115,8 +1108,9 @@ void tap_add_packet(struct ctx *c, struct iov_tail *data,
 		char bufmac[ETH_ADDRSTRLEN];
 
 		memcpy(c->guest_mac, eh->h_source, ETH_ALEN);
-		debug("New guest MAC address observed: %s",
-		      eth_ntop(c->guest_mac, bufmac, sizeof(bufmac)));
+		info_ratelimit(now, "New guest MAC address observed: %s",
+			       eth_ntop(c->guest_mac, bufmac,
+					sizeof(bufmac)));
 		proto_update_l2_buf(c->guest_mac);
 	}
 
diff --git a/tcp.c b/tcp.c
index 8ea9be8..071bcae 100644
--- a/tcp.c
+++ b/tcp.c
@@ -1688,9 +1688,9 @@ static void tcp_conn_from_tap(const struct ctx *c, sa_family_t af,
 	    !inany_is_unicast(&ini->oaddr) || ini->oport == 0) {
 		char sstr[INANY_ADDRSTRLEN], dstr[INANY_ADDRSTRLEN];
 
-		debug("Invalid endpoint in TCP SYN: %s:%hu -> %s:%hu",
-		      inany_ntop(&ini->eaddr, sstr, sizeof(sstr)), ini->eport,
-		      inany_ntop(&ini->oaddr, dstr, sizeof(dstr)), ini->oport);
+		warn_ratelimit(now, "Invalid endpoint in TCP SYN: %s:%hu -> %s:%hu",
+			       inany_ntop(&ini->eaddr, sstr, sizeof(sstr)), ini->eport,
+			       inany_ntop(&ini->oaddr, dstr, sizeof(dstr)), ini->oport);
 		goto cancel;
 	}
 
diff --git a/udp.c b/udp.c
index 1fc5a42..52260b9 100644
--- a/udp.c
+++ b/udp.c
@@ -871,7 +871,7 @@ void udp_sock_fwd(const struct ctx *c, int s, int rule_hint,
 			/* Clear errors & carry on */
 			if (udp_sock_errs(c, s, FLOW_SIDX_NONE,
 					  frompif, port) < 0) {
-				err(
+				err_ratelimit(now,
 "UDP: Unrecoverable error on listening socket: (%s port %hu)",
 				    pif_name(frompif), port);
 				/* FIXME: what now?  close/re-open socket? */
@@ -898,7 +898,7 @@ void udp_sock_fwd(const struct ctx *c, int s, int rule_hint,
 				 pif_name(frompif), pif_name(topif));
 			discard = true;
 		} else {
-			debug("Discarding datagram without flow");
+			warn_ratelimit(now, "Discarding datagram without flow");
 			discard = true;
 		}
 
@@ -1042,10 +1042,10 @@ int udp_tap_handler(const struct ctx *c, uint8_t pif,
 	if (!(uflow = udp_at_sidx(tosidx))) {
 		char sstr[INET6_ADDRSTRLEN], dstr[INET6_ADDRSTRLEN];
 
-		debug("Dropping datagram with no flow %s %s:%hu -> %s:%hu",
-		      pif_name(pif),
-		      inet_ntop(af, saddr, sstr, sizeof(sstr)), src,
-		      inet_ntop(af, daddr, dstr, sizeof(dstr)), dst);
+		warn_ratelimit(now, "Dropping datagram with no flow %s %s:%hu -> %s:%hu",
+			       pif_name(pif),
+			       inet_ntop(af, saddr, sstr, sizeof(sstr)), src,
+			       inet_ntop(af, daddr, dstr, sizeof(dstr)), dst);
 		return 1;
 	}
 
diff --git a/udp_flow.c b/udp_flow.c
index 7e2453e..35417bc 100644
--- a/udp_flow.c
+++ b/udp_flow.c
@@ -235,8 +235,9 @@ flow_sidx_t udp_flow_from_sock(const struct ctx *c, uint8_t pif,
 	if (!(flow = flow_alloc())) {
 		char sastr[SOCKADDR_STRLEN];
 
-		debug("Couldn't allocate flow for UDP datagram from %s %s",
-		      pif_name(pif), sockaddr_ntop(s_in, sastr, sizeof(sastr)));
+		err_ratelimit(now, "Couldn't allocate flow for UDP datagram from %s %s",
+			      pif_name(pif),
+			      sockaddr_ntop(s_in, sastr, sizeof(sastr)));
 		return FLOW_SIDX_NONE;
 	}
 
@@ -292,10 +293,10 @@ flow_sidx_t udp_flow_from_tap(const struct ctx *c,
 	if (!(flow = flow_alloc())) {
 		char sstr[INET6_ADDRSTRLEN], dstr[INET6_ADDRSTRLEN];
 
-		debug("Couldn't allocate flow for UDP datagram from %s %s:%hu -> %s:%hu",
-		      pif_name(pif),
-		      inet_ntop(af, saddr, sstr, sizeof(sstr)), srcport,
-		      inet_ntop(af, daddr, dstr, sizeof(dstr)), dstport);
+		err_ratelimit(now, "Couldn't allocate flow for UDP datagram from %s %s:%hu -> %s:%hu",
+			      pif_name(pif),
+			      inet_ntop(af, saddr, sstr, sizeof(sstr)), srcport,
+			      inet_ntop(af, daddr, dstr, sizeof(dstr)), dstport);
 		return FLOW_SIDX_NONE;
 	}