|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
From 0b710499f994823bd938fc6895f097eefb9cc59f Mon Sep 17 00:00:00 2001
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
From: Miroslav Lichvar <mlichvar@redhat.com>
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
Date: Wed, 13 Jan 2010 19:02:07 +0100
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
Subject: [PATCH 2/3] Limit rate of syslog messages
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
Error messages caused by incoming packets need to be rate limited
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
to avoid filling up disk space.
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
---
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
cmdmon.c | 22 +++++++++++-----------
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
logging.c | 18 ++++++++++++++++++
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
logging.h | 3 +++
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
ntp_core.c | 4 ++--
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
ntp_io.c | 6 ++++--
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
5 files changed, 38 insertions(+), 15 deletions(-)
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
diff --git a/cmdmon.c b/cmdmon.c
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
index c9ce0e9..f79d282 100644
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
--- a/cmdmon.c
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+++ b/cmdmon.c
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
@@ -654,7 +654,7 @@ transmit_reply(CMD_Reply *msg, struct sockaddr_in *where_to)
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
status = sendto(sock_fd, (void *) msg, tx_message_length, 0,
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
(struct sockaddr *) where_to, sizeof(struct sockaddr_in));
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- if (status < 0) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ if (status < 0 && !LOG_RateLimited()) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
remote_ip = ntohl(where_to->sin_addr.s_addr);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
remote_port = ntohs(where_to->sin_port);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
LOG(LOGS_WARN, LOGF_CmdMon, "Could not send response to %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
@@ -1659,7 +1659,9 @@ read_from_cmd_socket(void *anything)
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
}
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
if (read_length != expected_length) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ if (!LOG_RateLimited()) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ }
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
if (allowed)
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
/* For now, just ignore the packet. We may want to send a reply
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
@@ -1673,13 +1675,11 @@ read_from_cmd_socket(void *anything)
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
regardless of the defined access rules - otherwise, we could
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
shut ourselves out completely! */
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- /* We ought to find another way to log this, there is an attack
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- here against the host because an adversary can just keep
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- hitting us with bad packets until our log file(s) fill up. */
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
-
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- LOG(LOGS_WARN, LOGF_CmdMon, "Command packet received from unauthorised host %s port %d",
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- UTI_IPToDottedQuad(remote_ip),
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- remote_port);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ if (!LOG_RateLimited()) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ LOG(LOGS_WARN, LOGF_CmdMon, "Command packet received from unauthorised host %s port %d",
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ UTI_IPToDottedQuad(remote_ip),
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ remote_port);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ }
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
tx_message.status = htons(STT_NOHOSTACCESS);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
transmit_reply(&tx_message, &where_from);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
@@ -1764,7 +1764,7 @@ read_from_cmd_socket(void *anything)
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
tx_message_length = PKL_ReplyLength(prev_tx_message);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
status = sendto(sock_fd, (void *) prev_tx_message, tx_message_length, 0,
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
(struct sockaddr *) &where_from, sizeof(where_from));
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- if (status < 0) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ if (status < 0 && !LOG_RateLimited()) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
LOG(LOGS_WARN, LOGF_CmdMon, "Could not send response to %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
}
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
return;
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
@@ -1884,7 +1884,7 @@ read_from_cmd_socket(void *anything)
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
case REQ_LOGON:
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
/* If the log-on fails, record the reason why */
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- if (!issue_token) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ if (!issue_token && !LOG_RateLimited()) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
LOG(LOGS_WARN, LOGF_CmdMon,
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
"Bad command logon from %s port %d (md5_ok=%d valid_ts=%d)\n",
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
UTI_IPToDottedQuad(remote_ip),
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
diff --git a/logging.c b/logging.c
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
index d432762..8311640 100644
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
--- a/logging.c
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+++ b/logging.c
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
@@ -40,6 +40,8 @@ static int initialised = 0;
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
static int is_detached = 0;
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+static time_t last_limited = 0;
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
#ifdef WINNT
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
static FILE *logfile;
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
#endif
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
@@ -214,3 +216,19 @@ LOG_GoDaemon(void)
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
}
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
/* ================================================== */
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+int
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+LOG_RateLimited(void)
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+{
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ time_t now;
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ now = time(NULL);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ if (last_limited + 10 > now && last_limited <= now)
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ return 1;
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ last_limited = now;
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ return 0;
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+}
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+/* ================================================== */
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
diff --git a/logging.h b/logging.h
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
index 6e73dbb..41975ec 100644
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
--- a/logging.h
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+++ b/logging.h
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
@@ -84,6 +84,9 @@ extern void LOG_Position(const char *filename, int line_number, const char *func
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
extern void LOG_GoDaemon(void);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+/* Return zero once per 10 seconds */
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+extern int LOG_RateLimited(void);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
/* Line logging macro. If the compiler is GNU C, we take advantage of
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
being able to get the function name also. */
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
#if defined(__GNUC__)
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
diff --git a/ntp_core.c b/ntp_core.c
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
index 60d433c..9576296 100644
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
--- a/ntp_core.c
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+++ b/ntp_core.c
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
@@ -1358,7 +1358,7 @@ process_known
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
&inst->local_ntp_tx,
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
&inst->remote_addr);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- } else {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ } else if (!LOG_RateLimited()) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
LOG(LOGS_WARN, LOGF_NtpCore, "NTP packet received from unauthorised host %s port %d",
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
UTI_IPToDottedQuad(inst->remote_addr.ip_addr),
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
inst->remote_addr.port);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
@@ -1526,7 +1526,7 @@ NCR_ProcessNoauthUnknown(NTP_Packet *message, struct timeval *now, NTP_Remote_Ad
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
remote_addr);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
}
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- } else {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ } else if (!LOG_RateLimited()) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
LOG(LOGS_WARN, LOGF_NtpCore, "NTP packet received from unauthorised host %s port %d",
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
UTI_IPToDottedQuad(remote_addr->ip_addr),
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
remote_addr->port);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
diff --git a/ntp_io.c b/ntp_io.c
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
index afb6ad1..aaa3cbc 100644
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
--- a/ntp_io.c
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+++ b/ntp_io.c
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
@@ -243,7 +243,8 @@ NIO_SendNormalPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr)
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
remote.sin_addr.s_addr = htonl(remote_addr->ip_addr);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
if (sendto(sock_fd, (void *) packet, NTP_NORMAL_PACKET_SIZE, 0,
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- (struct sockaddr *) &remote, sizeof(remote)) < 0) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ (struct sockaddr *) &remote, sizeof(remote)) < 0 &&
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ !LOG_RateLimited()) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
LOG(LOGS_WARN, LOGF_NtpIO, "Could not send to %s:%d : %s",
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
UTI_IPToDottedQuad(remote_addr->ip_addr), remote_addr->port, strerror(errno));
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
}
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
@@ -266,7 +267,8 @@ NIO_SendAuthenticatedPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr)
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
remote.sin_addr.s_addr = htonl(remote_addr->ip_addr);
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
if (sendto(sock_fd, (void *) packet, sizeof(NTP_Packet), 0,
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
- (struct sockaddr *) &remote, sizeof(remote)) < 0) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ (struct sockaddr *) &remote, sizeof(remote)) < 0 &&
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
+ !LOG_RateLimited()) {
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
LOG(LOGS_WARN, LOGF_NtpIO, "Could not send to %s:%d : %s",
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
UTI_IPToDottedQuad(remote_addr->ip_addr), remote_addr->port, strerror(errno));
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
}
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
--
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
1.6.5.2
|
|
![](https://seccdn.libravatar.org/avatar/c8b061d59e0ddce6a5ad9e0c1d33f7e97c31d03c77de387ecd7798e993eb4d87?s=16&d=retro) |
83b78ef |
|