From owner-cvs-all@FreeBSD.ORG  Tue Feb 22 08:26:01 2005
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id DD9EF16A4CE; Tue, 22 Feb 2005 08:26:01 +0000 (GMT)
Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id D807543D41; Tue, 22 Feb 2005 08:26:00 +0000 (GMT)
	(envelope-from glebius@freebsd.org)
Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68])
	by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j1M8PxAT030743
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL);
	Tue, 22 Feb 2005 11:25:59 +0300 (MSK)
	(envelope-from glebius@freebsd.org)
Received: from cell.sick.ru (glebius@localhost [127.0.0.1])
	by cell.sick.ru (8.13.1/8.12.8) with ESMTP id j1M8PwnU010702
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 22 Feb 2005 11:25:58 +0300 (MSK)
	(envelope-from glebius@freebsd.org)
Received: (from glebius@localhost)
	by cell.sick.ru (8.13.1/8.13.1/Submit) id j1M8PwLs010701;
	Tue, 22 Feb 2005 11:25:58 +0300 (MSK)
	(envelope-from glebius@freebsd.org)
X-Authentication-Warning: cell.sick.ru: glebius set sender to
	glebius@freebsd.org using -f
Date: Tue, 22 Feb 2005 11:25:58 +0300
From: Gleb Smirnoff <glebius@freebsd.org>
To: Mike Silbersack <silby@silby.com>
Message-ID: <20050222082558.GB10624@cell.sick.ru>
References: <200502220803.j1M839fn013604@repoman.freebsd.org>
	<20050222021322.U702@odysseus.silby.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <20050222021322.U702@odysseus.silby.com>
User-Agent: Mutt/1.5.6i
X-Virus-Scanned: ClamAV version devel-20050125, clamav-milter version 0.80ff
	on relay.bestcom.ru
X-Virus-Status: Clean
cc: cvs-src@freebsd.org
cc: src-committers@freebsd.org
cc: cvs-all@freebsd.org
Subject: Re: cvs commit: src/etc syslog.conf
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Feb 2005 08:26:02 -0000

On Tue, Feb 22, 2005 at 02:20:40AM -0600, Mike Silbersack wrote:
M> > Security:       this change fixes a DoS condition, when default system
M> >                 console is serial, and box is flooded with bogus ARP
M> >                 packets
M> 
M> Go rate-limit those messages, like we do with other kernel messages.  grep 
M> for "ppsratecheck" in /usr/src/sys/kern to see the other users of that 
M> function.
M> 
M> If losing information about the flood is an issue, you could use 
M> ppsratecheck to ensure that a generic "arp flood" message goes to the 
M> console, but the actual messages are sent with a lower priority.

No information is lost. All kern.debug is written to /var/log/messages.

-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE