From c8c7f518b17402fd5a589a86f1b4374cc2a7e408 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 2 Apr 2024 11:37:39 +0200
Subject: [PATCH] clientlog: return enum from CLG_LimitServiceRate()

Change CLG_LimitServiceRate() to return an enum in preparation for
adding KoD RATE support.
---
 clientlog.c           | 10 +++++-----
 clientlog.h           |  7 ++++++-
 cmdmon.c              |  7 ++++---
 ntp_core.c            |  4 +++-
 nts_ke_server.c       |  2 +-
 test/unit/clientlog.c |  2 +-
 6 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/clientlog.c b/clientlog.c
index c408e8d..5c8a981 100644
--- a/clientlog.c
+++ b/clientlog.c
@@ -600,7 +600,7 @@ limit_response_random(int leak_rate)
 
 /* ================================================== */
 
-int
+CLG_Limit
 CLG_LimitServiceRate(CLG_Service service, int index)
 {
   Record *record;
@@ -609,14 +609,14 @@ CLG_LimitServiceRate(CLG_Service service, int index)
   check_service_number(service);
 
   if (tokens_per_hit[service] == 0)
-    return 0;
+    return CLG_PASS;
 
   record = ARR_GetElement(records, index);
   record->drop_flags &= ~(1U << service);
 
   if (record->tokens[service] >= tokens_per_hit[service]) {
     record->tokens[service] -= tokens_per_hit[service];
-    return 0;
+    return CLG_PASS;
   }
 
   drop = limit_response_random(leak_rate[service]);
@@ -632,14 +632,14 @@ CLG_LimitServiceRate(CLG_Service service, int index)
 
   if (!drop) {
     record->tokens[service] = 0;
-    return 0;
+    return CLG_PASS;
   }
 
   record->drop_flags |= 1U << service;
   record->drops[service]++;
   total_drops[service]++;
 
-  return 1;
+  return CLG_DROP;
 }
 
 /* ================================================== */
diff --git a/clientlog.h b/clientlog.h
index 9ea0a3f..0d7df00 100644
--- a/clientlog.h
+++ b/clientlog.h
@@ -37,11 +37,16 @@ typedef enum {
   CLG_CMDMON,
 } CLG_Service;
 
+typedef enum {
+  CLG_PASS = 0,
+  CLG_DROP,
+} CLG_Limit;
+
 extern void CLG_Initialise(void);
 extern void CLG_Finalise(void);
 extern int CLG_GetClientIndex(IPAddr *client);
 extern int CLG_LogServiceAccess(CLG_Service service, IPAddr *client, struct timespec *now);
-extern int CLG_LimitServiceRate(CLG_Service service, int index);
+extern CLG_Limit CLG_LimitServiceRate(CLG_Service service, int index);
 extern void CLG_UpdateNtpStats(int auth, NTP_Timestamp_Source rx_ts_src,
                                NTP_Timestamp_Source tx_ts_src);
 extern int CLG_GetNtpMinPoll(void);
diff --git a/cmdmon.c b/cmdmon.c
index 716775f..b2cdc14 100644
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -1511,9 +1511,10 @@ read_from_cmd_socket(int sock_fd, int event, void *anything)
 
   /* Don't reply to all requests from hosts other than localhost if the rate
      is excessive */
-  if (!localhost && log_index >= 0 && CLG_LimitServiceRate(CLG_CMDMON, log_index)) {
-      DEBUG_LOG("Command packet discarded to limit response rate");
-      return;
+  if (!localhost && log_index >= 0 &&
+      CLG_LimitServiceRate(CLG_CMDMON, log_index) != CLG_PASS) {
+    DEBUG_LOG("Command packet discarded to limit response rate");
+    return;
   }
 
   expected_length = PKL_CommandLength(&rx_message);
diff --git a/ntp_core.c b/ntp_core.c
index 99360de..6aa8e18 100644
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -2656,6 +2656,7 @@ NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_a
   NTP_Local_Timestamp local_tx, *tx_ts;
   NTP_int64 ntp_rx, *local_ntp_rx;
   int log_index, interleaved, poll, version;
+  CLG_Limit limit;
   uint32_t kod;
 
   /* Ignore the packet if it wasn't received by server socket */
@@ -2701,7 +2702,8 @@ NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_a
   log_index = CLG_LogServiceAccess(CLG_NTP, &remote_addr->ip_addr, &rx_ts->ts);
 
   /* Don't reply to all requests if the rate is excessive */
-  if (log_index >= 0 && CLG_LimitServiceRate(CLG_NTP, log_index)) {
+  limit = log_index >= 0 ? CLG_LimitServiceRate(CLG_NTP, log_index) : CLG_PASS;
+  if (limit == CLG_DROP) {
       DEBUG_LOG("NTP packet discarded to limit response rate");
       return;
   }
diff --git a/nts_ke_server.c b/nts_ke_server.c
index 3fe99db..6d617b4 100644
--- a/nts_ke_server.c
+++ b/nts_ke_server.c
@@ -242,7 +242,7 @@ accept_connection(int listening_fd, int event, void *arg)
   SCH_GetLastEventTime(&now, NULL, NULL);
 
   log_index = CLG_LogServiceAccess(CLG_NTSKE, &addr.ip_addr, &now);
-  if (log_index >= 0 && CLG_LimitServiceRate(CLG_NTSKE, log_index)) {
+  if (log_index >= 0 && CLG_LimitServiceRate(CLG_NTSKE, log_index) != CLG_PASS) {
     DEBUG_LOG("Rejected connection from %s (%s)",
               UTI_IPSockAddrToString(&addr), "rate limit");
     SCK_CloseSocket(sock_fd);
diff --git a/test/unit/clientlog.c b/test/unit/clientlog.c
index e5bf1f4..59ec2b7 100644
--- a/test/unit/clientlog.c
+++ b/test/unit/clientlog.c
@@ -86,7 +86,7 @@ test_unit(void)
     ts.tv_sec += 1;
     index = CLG_LogServiceAccess(s, &ip, &ts);
     TEST_CHECK(index >= 0);
-    if (!CLG_LimitServiceRate(s, index))
+    if (CLG_LimitServiceRate(s, index) == CLG_PASS)
       j++;
   }