I'm looking at code like this (and copying it, adding more cases):
/* could this be a log line instead?
too much log with scans */
DBG(DBG_CONTROL,
DBG_log("IKE SA initiator received
a message with I(Initiator) flag set; dropping packet"));
but wonder if a better solution would be to code up something like:
attack_log(...)
static int nr = 0;
if (nr++ > 1000) {
DBG(DBG_MASK, DBG_log(...))
else
libreswan_log(....)
that is, start out logging these packets like all others but, when
some completely arbitrary threshold is crossed, go silent unless debug
logging is enabled.
thoughts,
Andrew
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
