propolice and syslog-ng

Robert Connolly robert at
Thu Sep 30 05:37:23 PDT 2004

And another idea (the time)..

        if (i < sizeof(__guard) / 4) {
                int fd;
                size_t size;
                /* Sysctl Erandom doesn't work? Try /dev/urandom */
                fd = open ("/dev/urandom", O_RDONLY);
                if (fd != -1) {
                 size = read (fd, (char*)&__guard, sizeof(__guard));
                 close (fd) ;
                 if (size == sizeof(__guard))
                 } else {

                        /* If above was unsuccessful, use the time. */
                        struct timeval tv;
                        gettimeofday (&tv, NULL);
                        ((unsigned char *)__guard)[0] = tv.tv_usec;
                        ((unsigned char *)__guard)[1] = tv.tv_sec;
                        ((unsigned char *)__guard)[2] = '\n';
                        ((unsigned char *)__guard)[3] = 255;

Is there a better way to do this maybe? I don't see any point in filling all 
the elements with the same timestamp. tv_usec and tv_sec give different 
values though. Together they change the last 3 characters of __guard, giving 
a few thousand possible combinations. It's better then just using the 
terminator canary. Are there any conditions where gettimeofday() will block, 
hang, or not be available?

More information about the hlfs-dev mailing list