[Swan-dev] attack_log()
Paul Wouters
paul at nohats.ca
Mon Feb 26 00:11:33 UTC 2018
On Sun, 25 Feb 2018, Andrew Cagney wrote:
>
> I'm looking at code like this (and copying it, adding more cases):
>
> /* could this be a log line instead?
> too much log with scans */
> DBG(DBG_CONTROL,
> DBG_log("IKE SA initiator received
> a message with I(Initiator) flag set; dropping packet"));
>
> but wonder if a better solution would be to code up something like:
>
> attack_log(...)
> static int nr = 0;
> if (nr++ > 1000) {
> DBG(DBG_MASK, DBG_log(...))
> else
> libreswan_log(....)
>
> that is, start out logging these packets like all others but, when
> some completely arbitrary threshold is crossed, go silent unless debug
> logging is enabled.
Works for me, possible call it ratelog() not attack_log().
I'd like that number to be reset to 0 after some time though. Like just
set it to 0 every 15 minutes or so ?
Paul
More information about the Swan-dev
mailing list