[Swan-dev] attack_log()
Andrew Cagney
andrew.cagney at gmail.com
Sun Feb 25 22:29:50 UTC 2018
I'm looking at code like this (and copying it, adding more cases):
/* could this be a log line instead?
too much log with scans */
DBG(DBG_CONTROL,
DBG_log("IKE SA initiator received
a message with I(Initiator) flag set; dropping packet"));
but wonder if a better solution would be to code up something like:
attack_log(...)
static int nr = 0;
if (nr++ > 1000) {
DBG(DBG_MASK, DBG_log(...))
else
libreswan_log(....)
that is, start out logging these packets like all others but, when
some completely arbitrary threshold is crossed, go silent unless debug
logging is enabled.
thoughts,
Andrew
More information about the Swan-dev
mailing list