Limit rate of syslog messages

Error messages caused by incoming packets need to be rate limited to avoid filling up disk space.
2025-12-04 16:45:07 -05:00 · 2010-01-13 19:02:07 +01:00
parent 7864c7a70c
commit 0b710499f9
5 changed files with 38 additions and 15 deletions
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -654,7 +654,7 @@ transmit_reply(CMD_Reply *msg, struct sockaddr_in *where_to)
  status = sendto(sock_fd, (void *) msg, tx_message_length, 0,
                  (struct sockaddr *) where_to, sizeof(struct sockaddr_in));

-  if (status < 0) {
+  if (status < 0 && !LOG_RateLimited()) {
    remote_ip = ntohl(where_to->sin_addr.s_addr);
    remote_port = ntohs(where_to->sin_port);
    LOG(LOGS_WARN, LOGF_CmdMon, "Could not send response to %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
@@ -1659,7 +1659,9 @@ read_from_cmd_socket(void *anything)
  }

  if (read_length != expected_length) {
-    LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
+    if (!LOG_RateLimited()) {
+      LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
+    }
    if (allowed)
      CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
    /* For now, just ignore the packet.  We may want to send a reply
@@ -1673,13 +1675,11 @@ read_from_cmd_socket(void *anything)
       regardless of the defined access rules - otherwise, we could
       shut ourselves out completely! */

-    /* We ought to find another way to log this, there is an attack
-       here against the host because an adversary can just keep
-       hitting us with bad packets until our log file(s) fill up. */
-
-    LOG(LOGS_WARN, LOGF_CmdMon, "Command packet received from unauthorised host %s port %d",
-        UTI_IPToDottedQuad(remote_ip),
-        remote_port);
+    if (!LOG_RateLimited()) {
+      LOG(LOGS_WARN, LOGF_CmdMon, "Command packet received from unauthorised host %s port %d",
+          UTI_IPToDottedQuad(remote_ip),
+          remote_port);
+    }

    tx_message.status = htons(STT_NOHOSTACCESS);
    transmit_reply(&tx_message, &where_from);
@@ -1764,7 +1764,7 @@ read_from_cmd_socket(void *anything)
      tx_message_length = PKL_ReplyLength(prev_tx_message);
      status = sendto(sock_fd, (void *) prev_tx_message, tx_message_length, 0,
                      (struct sockaddr *) &where_from, sizeof(where_from));
-      if (status < 0) {
+      if (status < 0 && !LOG_RateLimited()) {
        LOG(LOGS_WARN, LOGF_CmdMon, "Could not send response to %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
      }
      return;
@@ -1884,7 +1884,7 @@ read_from_cmd_socket(void *anything)

        case REQ_LOGON:
          /* If the log-on fails, record the reason why */
-          if (!issue_token) {
+          if (!issue_token && !LOG_RateLimited()) {
            LOG(LOGS_WARN, LOGF_CmdMon,
                "Bad command logon from %s port %d (md5_ok=%d valid_ts=%d)\n",
                UTI_IPToDottedQuad(remote_ip),