Limit rate of syslog messages
Error messages caused by incoming packets need to be rate limited to avoid filling up disk space.
This commit is contained in:
Miroslav Lichvar
parent
5e86eeacfb
commit
032ac800aa
5 changed files with 38 additions and 15 deletions
16
cmdmon.c
16
cmdmon.c
|
|
@ -746,7 +746,7 @@ transmit_reply(CMD_Reply *msg, union sockaddr_in46 *where_to)
|
|||
status = sendto(sock_fd, (void *) msg, tx_message_length, 0,
|
||||
&where_to->u, addrlen);
|
||||
|
||||
if (status < 0) {
|
||||
if (status < 0 && !LOG_RateLimited()) {
|
||||
unsigned short port;
|
||||
IPAddr ip;
|
||||
|
||||
|
|
@ -1821,7 +1821,9 @@ read_from_cmd_socket(void *anything)
|
|||
|
||||
if (rx_message.version != PROTO_VERSION_NUMBER) {
|
||||
tx_message.status = htons(STT_NOHOSTACCESS);
|
||||
if (!LOG_RateLimited()) {
|
||||
LOG(LOGS_WARN, LOGF_CmdMon, "Read packet with protocol version %d (expected %d) from %s:%hu", rx_message.version, PROTO_VERSION_NUMBER, UTI_IPToString(&remote_ip), remote_port);
|
||||
}
|
||||
if (allowed)
|
||||
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
||||
|
||||
|
|
@ -1833,7 +1835,9 @@ read_from_cmd_socket(void *anything)
|
|||
}
|
||||
|
||||
if (read_length != expected_length) {
|
||||
if (!LOG_RateLimited()) {
|
||||
LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToString(&remote_ip), remote_port);
|
||||
}
|
||||
if (allowed)
|
||||
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
||||
|
||||
|
|
@ -1848,13 +1852,11 @@ read_from_cmd_socket(void *anything)
|
|||
regardless of the defined access rules - otherwise, we could
|
||||
shut ourselves out completely! */
|
||||
|
||||
/* We ought to find another way to log this, there is an attack
|
||||
here against the host because an adversary can just keep
|
||||
hitting us with bad packets until our log file(s) fill up. */
|
||||
|
||||
if (!LOG_RateLimited()) {
|
||||
LOG(LOGS_WARN, LOGF_CmdMon, "Command packet received from unauthorised host %s port %d",
|
||||
UTI_IPToString(&remote_ip),
|
||||
remote_port);
|
||||
}
|
||||
|
||||
tx_message.status = htons(STT_NOHOSTACCESS);
|
||||
transmit_reply(&tx_message, &where_from);
|
||||
|
|
@ -1938,7 +1940,7 @@ read_from_cmd_socket(void *anything)
|
|||
tx_message_length = PKL_ReplyLength(prev_tx_message);
|
||||
status = sendto(sock_fd, (void *) prev_tx_message, tx_message_length, 0,
|
||||
&where_from.u, from_length);
|
||||
if (status < 0) {
|
||||
if (status < 0 && !LOG_RateLimited()) {
|
||||
LOG(LOGS_WARN, LOGF_CmdMon, "Could not send response to %s:%hu", UTI_IPToString(&remote_ip), remote_port);
|
||||
}
|
||||
return;
|
||||
|
|
@ -2064,7 +2066,7 @@ read_from_cmd_socket(void *anything)
|
|||
|
||||
case REQ_LOGON:
|
||||
/* If the log-on fails, record the reason why */
|
||||
if (!issue_token) {
|
||||
if (!issue_token && !LOG_RateLimited()) {
|
||||
LOG(LOGS_WARN, LOGF_CmdMon,
|
||||
"Bad command logon from %s port %d (md5_ok=%d valid_ts=%d)\n",
|
||||
UTI_IPToString(&remote_ip),
|
||||
|
|
|
|||
18
logging.c
18
logging.c
|
|
@ -40,6 +40,8 @@ static int initialised = 0;
|
|||
|
||||
static int is_detached = 0;
|
||||
|
||||
static time_t last_limited = 0;
|
||||
|
||||
#ifdef WINNT
|
||||
static FILE *logfile;
|
||||
#endif
|
||||
|
|
@ -213,6 +215,22 @@ LOG_GoDaemon(void)
|
|||
#endif
|
||||
}
|
||||
|
||||
/* ================================================== */
|
||||
|
||||
int
|
||||
LOG_RateLimited(void)
|
||||
{
|
||||
time_t now;
|
||||
|
||||
now = time(NULL);
|
||||
|
||||
if (last_limited + 10 > now && last_limited <= now)
|
||||
return 1;
|
||||
|
||||
last_limited = now;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* ================================================== */
|
||||
/* Force a core dump and exit without doing abort() or assert(0).
|
||||
These do funny things with the call stack in the core file that is
|
||||
|
|
|
|||
|
|
@ -87,6 +87,9 @@ extern void LOG_Position(const char *filename, int line_number, const char *func
|
|||
|
||||
extern void LOG_GoDaemon(void);
|
||||
|
||||
/* Return zero once per 10 seconds */
|
||||
extern int LOG_RateLimited(void);
|
||||
|
||||
/* Line logging macro. If the compiler is GNU C, we take advantage of
|
||||
being able to get the function name also. */
|
||||
#if defined(__GNUC__)
|
||||
|
|
|
|||
|
|
@ -1393,7 +1393,7 @@ process_known
|
|||
&inst->local_ntp_tx,
|
||||
&inst->remote_addr);
|
||||
|
||||
} else {
|
||||
} else if (!LOG_RateLimited()) {
|
||||
LOG(LOGS_WARN, LOGF_NtpCore, "NTP packet received from unauthorised host %s port %d",
|
||||
UTI_IPToString(&inst->remote_addr.ip_addr),
|
||||
inst->remote_addr.port);
|
||||
|
|
@ -1561,7 +1561,7 @@ NCR_ProcessNoauthUnknown(NTP_Packet *message, struct timeval *now, NTP_Remote_Ad
|
|||
remote_addr);
|
||||
|
||||
}
|
||||
} else {
|
||||
} else if (!LOG_RateLimited()) {
|
||||
LOG(LOGS_WARN, LOGF_NtpCore, "NTP packet received from unauthorised host %s port %d",
|
||||
UTI_IPToString(&remote_addr->ip_addr),
|
||||
remote_addr->port);
|
||||
|
|
|
|||
2
ntp_io.c
2
ntp_io.c
|
|
@ -460,7 +460,7 @@ send_packet(void *packet, int packetlen, NTP_Remote_Address *remote_addr)
|
|||
if (!cmsglen)
|
||||
msg.msg_control = NULL;
|
||||
|
||||
if (sendmsg(sock_fd, &msg, 0) < 0) {
|
||||
if (sendmsg(sock_fd, &msg, 0) < 0 && !LOG_RateLimited()) {
|
||||
LOG(LOGS_WARN, LOGF_NtpIO, "Could not send to %s:%d : %s",
|
||||
UTI_IPToString(&remote_addr->ip_addr), remote_addr->port, strerror(errno));
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue