Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 Apr 1996 22:45:44 +0200 (MET DST)
From:      J Wunsch <j@uriah.heep.sax.de>
To:        freebsd-current@FreeBSD.org (FreeBSD-current users)
Subject:   Re: log_in_vain stuff
Message-ID:  <199604122045.WAA11307@uriah.heep.sax.de>
In-Reply-To: <9391.829083934@critter.tfs.com> from "Poul-Henning Kamp" at Apr 9, 96 09:05:34 pm
next in thread | previous in thread | raw e-mail | index | archive | help 
As Poul-Henning Kamp wrote:

> > You need to figure out a way to rate-limit these messages, otherwise you
> > can trivially knock a box into the ground with a packet generator.
> syslogd should rate-limit, not the kernel.

It does, but you're sometimes overflowing the kernel message buffer
(as it seems to me), before syslog can fetch them all:

Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079
Apr 11 23:39:33 uriah /kernel: n attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079
Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079
Apr 11 23:39:33 uriah last message repeated 61 times
Apr 11 23:39:33 uriah /kernel: n attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079
Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079
Apr 11 23:39:33 uriah last message repeated 61 times
Apr 11 23:39:33 uriah /kernel: n attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079
Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079
Apr 11 23:39:33 uriah last message repeated 61 times
Apr 11 23:39:33 uriah /kernel: n attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079
Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079
Apr 11 23:39:35 uriah last message repeated 557 times

This has been caused by a simple perl script that shot 1000 ``sendto''s
to port 32123.  You notice the crippled messages above, as well as the
fact that only 750 attempts out of 1000 have been logged at all.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604122045.WAA11307>