Date: Wed, 17 Jul 2002 02:26:19 -0700 From: Luigi Rizzo <rizzo@icir.org> To: "Crist J. Clark" <cjc@FreeBSD.ORG> Cc: ipfw@FreeBSD.ORG Subject: Re: Ouch! ipfw log and DoS Message-ID: <20020717022619.A8351@iguana.icir.org> In-Reply-To: <20020717064647.GC22967@blossom.cjclark.org>; from crist.clark@attbi.com on Tue, Jul 16, 2002 at 11:46:47PM -0700 References: <20020716124059.A2635@iguana.icir.org> <20020717064647.GC22967@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 16, 2002 at 11:46:47PM -0700, Crist J. Clark wrote:
...
> > Bottom line is that (i believe) log messages generated by ipfw should
> > be rate-limited to some not-too-large value (maybe controlled by
> > a sysctl variable).
...
> > static last_log, log_left;
> >
> > if (last_log != time_second) {
> > last_log = time_second;
> > log_left = ipfw_log_rate;
> > }
> > if (log_left == 0)
> > return;
> > log_left--;
> > ----------------
>
> Errr... Isn't this syslogd(8)'s job?
i do not see any such option in syslogd. The only thing syslogd does is
.... last message repeated 29 times
but that will not break the loop that you could generate
by improperly setting an ipfw rule. That's the whole point of
my proposal above -- and given it is two instructions per log-entry,
plus another 3 instructions per second, i think it is worthwhile
having it.
cheers
luigi
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020717022619.A8351>