lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F98EDB1.5090702@b1-systems.de>
Date:	Thu, 26 Apr 2012 08:39:45 +0200
From:	Karsten Keil <keil@...systems.de>
To:	Tilman Schmidt <tilman@...p.cc>
CC:	Karsten Keil <isdn@...ux-pingi.de>,
	David Miller <davem@...emloft.net>,
	Hansjoerg Lipp <hjlipp@....de>,
	i4ldeveloper@...tserv.isdn4linux.de, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/8] isdn/gigaset: ratelimit CAPI message dumps

Am 26.04.2012 01:02, schrieb Tilman Schmidt:
> Introduce a global ratelimit for CAPI message dumps to protect
> against possible log flood.
> Drop the ratelimit for ignored messages which is now covered by the
> global one.
> 

Hmm, I think the only CAPI messages which would need a ratelimit are
related to the DATA_B3 messages. If you need CAPI debug messages in most
cases you do not need all of the DATA_B3, but you do not want to miss
any other message related to the call control. With a general rate limit
you do not have the control, which messages are logged and which are not.
And here maybe some cases, when even the DATA_B3 are important (e.g.
searching bugs in flow control), so I would make it still conditional
to allow to print all messages.
And I'm not sure, if this is really something for stable.

> Signed-off-by: Tilman Schmidt <tilman@...p.cc>
> CC: stable <stable@...nel.org>
> ---
>  drivers/isdn/gigaset/capi.c |   22 +++++++++-------------
>  1 files changed, 9 insertions(+), 13 deletions(-)
> 
> diff --git a/drivers/isdn/gigaset/capi.c b/drivers/isdn/gigaset/capi.c
> index 343b5c8..292ca2f 100644
> --- a/drivers/isdn/gigaset/capi.c
> +++ b/drivers/isdn/gigaset/capi.c
> @@ -14,6 +14,7 @@
>  #include "gigaset.h"
>  #include <linux/proc_fs.h>
>  #include <linux/seq_file.h>
> +#include <linux/ratelimit.h>
>  #include <linux/isdn/capilli.h>
>  #include <linux/isdn/capicmd.h>
>  #include <linux/isdn/capiutil.h>
> @@ -223,10 +224,14 @@ get_appl(struct gigaset_capi_ctr *iif, u16 appl)
>  static inline void dump_cmsg(enum debuglevel level, const char *tag, _cmsg *p)
>  {
>  #ifdef CONFIG_GIGASET_DEBUG
> +	/* dump at most 20 messages in 20 secs */
> +	static DEFINE_RATELIMIT_STATE(msg_dump_ratelimit, 20 * HZ, 20);
>  	_cdebbuf *cdb;
>  
>  	if (!(gigaset_debuglevel & level))
>  		return;
> +	if (!___ratelimit(&msg_dump_ratelimit, tag))
> +		return;
>  
>  	cdb = capi_cmsg2str(p);
>  	if (cdb) {
> @@ -2059,12 +2064,6 @@ static void do_reset_b3_req(struct gigaset_capi_ctr *iif,
>  }
>  
>  /*
> - * dump unsupported/ignored messages at most twice per minute,
> - * some apps send those very frequently
> - */
> -static unsigned long ignored_msg_dump_time;
> -
> -/*
>   * unsupported CAPI message handler
>   */
>  static void do_unsupported(struct gigaset_capi_ctr *iif,
> @@ -2073,8 +2072,7 @@ static void do_unsupported(struct gigaset_capi_ctr *iif,
>  {
>  	/* decode message */
>  	capi_message2cmsg(&iif->acmsg, skb->data);
> -	if (printk_timed_ratelimit(&ignored_msg_dump_time, 30 * 1000))
> -		dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
> +	dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
>  	send_conf(iif, ap, skb, CapiMessageNotSupportedInCurrentState);
>  }
>  
> @@ -2085,11 +2083,9 @@ static void do_nothing(struct gigaset_capi_ctr *iif,
>  		       struct gigaset_capi_appl *ap,
>  		       struct sk_buff *skb)
>  {
> -	if (printk_timed_ratelimit(&ignored_msg_dump_time, 30 * 1000)) {
> -		/* decode message */
> -		capi_message2cmsg(&iif->acmsg, skb->data);
> -		dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
> -	}
> +	/* decode message */
> +	capi_message2cmsg(&iif->acmsg, skb->data);
> +	dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
>  	dev_kfree_skb_any(skb);
>  }
>  


-- 
Karsten Keil
Linux Kernel Development
Tel: +49 175 7249132
Mail: keil@...systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ