On Sun, 25 Feb 2018, Andrew Cagney wrote:
I'm looking at code like this (and copying it, adding more cases):
/* could this be a log line instead?
too much log with scans */
DBG(DBG_CONTROL,
DBG_log("IKE SA initiator received
a message with I(Initiator) flag set; dropping packet"));
but wonder if a better solution would be to code up something like:
attack_log(...)
static int nr = 0;
if (nr++ > 1000) {
DBG(DBG_MASK, DBG_log(...))
else
libreswan_log(....)
that is, start out logging these packets like all others but, when
some completely arbitrary threshold is crossed, go silent unless debug
logging is enabled.
Works for me, possible call it ratelog() not attack_log().
I'd like that number to be reset to 0 after some time though. Like just
set it to 0 every 15 minutes or so ?
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
