> <Linux specific>
> I could make that trouble happen while testing by overloading the kernel
> logging facility with a dumb logger ipchains policy looking like [...]
The behaviour you describe only applies to kernel-generated log messages.
This is because kernel messages are put in a circular buffer for later
retrivial by user space (when syslogd gets scheduled for execution).
If the buffer overlaps, you loose one-buffer-worth of data. Use of a
dynamic buffer for kernel messages would not be wise, as it might lead
to an easy DoS attack.
> (BTW, if anyone could tell me how to increase that buffer, I'm still
> interested)
It wouldn't really help, in my opinion: you'll loose data more rarely,
but you'll loose much more data when that happens. Anyways,
change LOG_BUF_LEN in kernel/printk.c.
/alessandro
