Filter based on system load

    sub loadavg() {
        open LOAD, "/proc/loadavg" or return 0;
        my ($load) = (split /\s+/, scalar <LOAD>)[1];   # 1 min
        close LOAD;
        return $load;
    }

    ...

    if (loadavg > 5 &&
        $tcp->{dest_port} == 119 &&     # NNTP
        ($tcp->{flags} & SYN) &&        # SYN
        !($tcp->{flags} & ACK) &&       # !ACK
        $msg->indev_name)               # incoming
    {
        $ipq->set_verdict($msg->packet_id, NF_DROP);
        syslog "crit", "Throttling inbound connections";
    }

Could use Sys::CpuLoad to be portable, but we're already Linux specific anyway.

Next	© 2003 Michael C. Toren