Imported Upstream version 7.3.8upstream/7.3.8

2 files changed, 104 insertions, 139 deletions

diff --git a/plugins/imuxsock/Makefile.in b/plugins/imuxsock/Makefile.in
index a6196b1..9de97b2 100644
--- a/plugins/imuxsock/Makefile.in
+++ b/plugins/imuxsock/Makefile.in
@@ -1,9 +1,9 @@
-# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# Makefile.in generated by automake 1.11.3 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
-# Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -69,14 +69,20 @@ am__nobase_list = $(am__nobase_strip_setup); \
 am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
 am__installdirs = "$(DESTDIR)$(pkglibdir)"
 LTLIBRARIES = $(pkglib_LTLIBRARIES)
 am__DEPENDENCIES_1 =
 imuxsock_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
 am_imuxsock_la_OBJECTS = imuxsock_la-imuxsock.lo
 imuxsock_la_OBJECTS = $(am_imuxsock_la_OBJECTS)
-AM_V_lt = $(am__v_lt_$(V))
-am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 imuxsock_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
@@ -91,21 +97,21 @@ LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
 	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
 	$(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_$(V))
-am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
 am__v_CC_0 = @echo "  CC    " $@;
-AM_V_at = $(am__v_at_$(V))
-am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
 am__v_at_0 = @
 CCLD = $(CC)
 LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_$(V))
-am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD  " $@;
-AM_V_GEN = $(am__v_GEN_$(V))
-am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
 am__v_GEN_0 = @echo "  GEN   " $@;
 SOURCES = $(imuxsock_la_SOURCES)
 DIST_SOURCES = $(imuxsock_la_SOURCES)
@@ -132,6 +138,7 @@ CZMQ_CFLAGS = @CZMQ_CFLAGS@
 CZMQ_LIBS = @CZMQ_LIBS@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
 DL_LIBS = @DL_LIBS@
 DSYMUTIL = @DSYMUTIL@
 DUMPBIN = @DUMPBIN@
@@ -178,6 +185,8 @@ LIBMONGO_CLIENT_CFLAGS = @LIBMONGO_CLIENT_CFLAGS@
 LIBMONGO_CLIENT_LIBS = @LIBMONGO_CLIENT_LIBS@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
+LIBSYSTEMD_JOURNAL_CFLAGS = @LIBSYSTEMD_JOURNAL_CFLAGS@
+LIBSYSTEMD_JOURNAL_LIBS = @LIBSYSTEMD_JOURNAL_LIBS@
 LIBTOOL = @LIBTOOL@
 LIBUUID_CFLAGS = @LIBUUID_CFLAGS@
 LIBUUID_LIBS = @LIBUUID_LIBS@
@@ -185,6 +194,7 @@ LIPO = @LIPO@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
 MYSQL_CFLAGS = @MYSQL_CFLAGS@
 MYSQL_LIBS = @MYSQL_LIBS@
@@ -236,6 +246,7 @@ abs_builddir = @abs_builddir@
 abs_srcdir = @abs_srcdir@
 abs_top_builddir = @abs_top_builddir@
 abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
 am__include = @am__include@
@@ -269,7 +280,6 @@ libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
 localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 moddirs = @moddirs@
@@ -357,7 +367,7 @@ clean-pkglibLTLIBRARIES:
 	  echo "rm -f \"$${dir}/so_locations\""; \
 	  rm -f "$${dir}/so_locations"; \
 	done
-imuxsock.la: $(imuxsock_la_OBJECTS) $(imuxsock_la_DEPENDENCIES) 
+imuxsock.la: $(imuxsock_la_OBJECTS) $(imuxsock_la_DEPENDENCIES) $(EXTRA_imuxsock_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(imuxsock_la_LINK) -rpath $(pkglibdir) $(imuxsock_la_OBJECTS) $(imuxsock_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
@@ -371,34 +381,30 @@ distclean-compile:
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@am__fastdepCC_FALSE@	$(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@am__fastdepCC_FALSE@	$(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@am__fastdepCC_FALSE@	$(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
 
 imuxsock_la-imuxsock.lo: imuxsock.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(imuxsock_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT imuxsock_la-imuxsock.lo -MD -MP -MF $(DEPDIR)/imuxsock_la-imuxsock.Tpo -c -o imuxsock_la-imuxsock.lo `test -f 'imuxsock.c' || echo '$(srcdir)/'`imuxsock.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/imuxsock_la-imuxsock.Tpo $(DEPDIR)/imuxsock_la-imuxsock.Plo
-@am__fastdepCC_FALSE@	$(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='imuxsock.c' object='imuxsock_la-imuxsock.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='imuxsock.c' object='imuxsock_la-imuxsock.lo' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(imuxsock_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o imuxsock_la-imuxsock.lo `test -f 'imuxsock.c' || echo '$(srcdir)/'`imuxsock.c
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(imuxsock_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o imuxsock_la-imuxsock.lo `test -f 'imuxsock.c' || echo '$(srcdir)/'`imuxsock.c
 
 mostlyclean-libtool:
 	-rm -f *.lo
@@ -505,10 +511,15 @@ install-am: all-am
 
 installcheck: installcheck-am
 install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
 mostlyclean-generic:
 
 clean-generic:
diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c
index 871a1fa..773cb8d 100644
--- a/plugins/imuxsock/imuxsock.c
+++ b/plugins/imuxsock/imuxsock.c
@@ -6,7 +6,7 @@
  *
  * File begun on 2007-12-20 by RGerhards (extracted from syslogd.c)
  *
- * Copyright 2007-2012 Rainer Gerhards and Adiscon GmbH.
+ * Copyright 2007-2013 Rainer Gerhards and Adiscon GmbH.
  *
  * This file is part of rsyslog.
  *
@@ -55,6 +55,7 @@
 #include "statsobj.h"
 #include "datetime.h"
 #include "hashtable.h"
+#include "ratelimit.h"
 
 MODULE_TYPE_INPUT
 MODULE_TYPE_NOKEEP
@@ -105,15 +106,6 @@ STATSCOUNTER_DEF(ctrSubmit, mutCtrSubmit)
 STATSCOUNTER_DEF(ctrLostRatelimit, mutCtrLostRatelimit)
 STATSCOUNTER_DEF(ctrNumRatelimiters, mutCtrNumRatelimiters)
 
-struct rs_ratelimit_state {
-	unsigned short interval;
-	unsigned short burst;
-	unsigned done;
-	unsigned missed;
-	time_t begin;
-};
-typedef struct rs_ratelimit_state rs_ratelimit_state_t;
-
 
 /* a very simple "hash function" for process IDs - we simply use the
  * pid itself: it is quite expected that all pids may log some time, but
@@ -143,6 +135,7 @@ typedef struct lstn_s {
 	int flowCtl;		/* flow control settings for this socket */
 	int ratelimitInterval;
 	int ratelimitBurst;
+	ratelimit_t *dflt_ratelimiter;/*ratelimiter to apply if none else is to be used */
 	intTiny ratelimitSev;	/* severity level (and below) for which rate-limiting shall apply */
 	struct hashtable *ht;	/* our hashtable for rate-limiting */
 	sbool bParseHost;	/* should parser parse host name?  read-only after startup */
@@ -151,6 +144,7 @@ typedef struct lstn_s {
 	sbool bAnnotate;	/* annotate events with trusted properties */
 	sbool bParseTrusted;	/* parse trusted properties */
 	sbool bWritePid;	/* write original PID into tag */
+	sbool bDiscardOwnMsgs;	/* discard messages that originated from ourselves */
 	sbool bUseSysTimeStamp;	/* use timestamp from system (instead of from message) */
 } lstn_t;
 static lstn_t listeners[MAXFUNIX];
@@ -206,6 +200,7 @@ struct instanceConf_s {
 	int ratelimitSeverity;
 	int bAnnotate;			/* annotate trusted properties */
 	int bParseTrusted;		/* parse trusted properties */
+	sbool bDiscardOwnMsgs;		/* discard messages that originated from our own pid? */
 	struct instanceConf_s *next;
 };
 
@@ -223,6 +218,7 @@ struct modConfData_s {
 	sbool bOmitLocalLogging;
 	sbool bWritePidSysSock;
 	sbool bUseSysTimeStamp;
+	sbool bDiscardOwnMsgs;
 	sbool configSetViaV2Method;
 };
 static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */
@@ -233,9 +229,11 @@ static struct cnfparamdescr modpdescr[] = {
 	{ "syssock.use", eCmdHdlrBinary, 0 },
 	{ "syssock.name", eCmdHdlrGetWord, 0 },
 	{ "syssock.ignoretimestamp", eCmdHdlrBinary, 0 },
+	{ "syssock.ignoreownmessages", eCmdHdlrBinary, 0 },
 	{ "syssock.flowcontrol", eCmdHdlrBinary, 0 },
 	{ "syssock.usesystimestamp", eCmdHdlrBinary, 0 },
 	{ "syssock.annotate", eCmdHdlrBinary, 0 },
+	{ "syssock.parsetrusted", eCmdHdlrBinary, 0 },
 	{ "syssock.usepidfromsystem", eCmdHdlrBinary, 0 },
 	{ "syssock.ratelimit.interval", eCmdHdlrInt, 0 },
 	{ "syssock.ratelimit.burst", eCmdHdlrInt, 0 },
@@ -252,6 +250,7 @@ static struct cnfparamdescr inppdescr[] = {
 	{ "socket", eCmdHdlrString, CNFPARAM_REQUIRED }, /* legacy: addunixlistensocket */
 	{ "createpath", eCmdHdlrBinary, 0 },
 	{ "parsetrusted", eCmdHdlrBinary, 0 },
+	{ "ignoreownmessages", eCmdHdlrBinary, 0 },
 	{ "hostname", eCmdHdlrString, 0 },
 	{ "ignoretimestamp", eCmdHdlrBinary, 0 },
 	{ "flowcontrol", eCmdHdlrBinary, 0 },
@@ -271,74 +270,9 @@ static struct cnfparamblk inppblk =
 /* we do not use this, because we do not bind to a ruleset so far
  * enable when this is changed: #include "im-helper.h" */ /* must be included AFTER the type definitions! */
 
-static void 
-initRatelimitState(struct rs_ratelimit_state *rs, unsigned short interval, unsigned short burst)
-{
-	rs->interval = interval;
-	rs->burst = burst;
-	rs->done = 0;
-	rs->missed = 0;
-	rs->begin = 0;
-}
-
 static int bLegacyCnfModGlobalsPermitted;/* are legacy module-global config parameters permitted? */
 
 
-/* ratelimiting support, modelled after the linux kernel
- * returns 1 if message is within rate limit and shall be 
- * processed, 0 otherwise.
- * This implementation is NOT THREAD-SAFE and must not 
- * be called concurrently.
- */
-static inline int
-withinRatelimit(struct rs_ratelimit_state *rs, time_t tt, pid_t pid)
-{
-	int ret;
-	uchar msgbuf[1024];
-
-	if(rs->interval == 0) {
-		ret = 1;
-		goto finalize_it;
-	}
-
-	assert(rs->burst != 0);
-
-	if(rs->begin == 0)
-		rs->begin = tt;
-
-	/* resume if we go out of out time window */
-	if(tt > rs->begin + rs->interval) {
-		if(rs->missed) {
-			snprintf((char*)msgbuf, sizeof(msgbuf),
-			         "imuxsock lost %u messages from pid %lu due to rate-limiting",
-				 rs->missed, (unsigned long) pid);
-			logmsgInternal(RS_RET_RATE_LIMITED, LOG_SYSLOG|LOG_INFO, msgbuf, 0);
-			rs->missed = 0;
-		}
-		rs->begin = 0;
-		rs->done = 0;
-	}
-
-	/* do actual limit check */
-	if(rs->burst > rs->done) {
-		rs->done++;
-		ret = 1;
-	} else {
-		if(rs->missed == 0) {
-			snprintf((char*)msgbuf, sizeof(msgbuf),
-			         "imuxsock begins to drop messages from pid %lu due to rate-limiting",
-				 (unsigned long) pid);
-			logmsgInternal(RS_RET_RATE_LIMITED, LOG_SYSLOG|LOG_INFO, msgbuf, 0);
-		}
-		rs->missed++;
-		ret = 0;
-	}
-
-finalize_it:
-	return ret;
-}
-
-
 /* create input instance, set default paramters, and
  * add it to the list of instances.
  */
@@ -360,6 +294,7 @@ createInstance(instanceConf_t **pinst)
 	inst->bWritePid = 0;
 	inst->bAnnotate = 0;
 	inst->bParseTrusted = 0;
+	inst->bDiscardOwnMsgs = 1;
 	inst->next = NULL;
 
 	/* node created, let's add to config */
@@ -445,7 +380,8 @@ addListner(instanceConf_t *inst)
 			CHKiRet(prop.ConstructFinalize(listeners[nfd].hostName));
 		}
 		if(inst->ratelimitInterval > 0) {
-			if((listeners[nfd].ht = create_hashtable(100, hash_from_key_fn, key_equals_fn, NULL)) == NULL) {
+			if((listeners[nfd].ht = create_hashtable(100, hash_from_key_fn, key_equals_fn,
+				(void(*)(void*))ratelimitDestruct)) == NULL) {
 				/* in this case, we simply turn off rate-limiting */
 				DBGPRINTF("imuxsock: turning off rate limiting because we could not "
 					  "create hash table\n");
@@ -459,11 +395,16 @@ addListner(instanceConf_t *inst)
 		listeners[nfd].flags = inst->bIgnoreTimestamp ? IGNDATE : NOFLAG;
 		listeners[nfd].bCreatePath = inst->bCreatePath;
 		listeners[nfd].sockName = ustrdup(inst->sockName);
-		listeners[nfd].bUseCreds = (inst->bWritePid || inst->ratelimitInterval || inst->bAnnotate) ? 1 : 0;
+		listeners[nfd].bUseCreds = (inst->bDiscardOwnMsgs || inst->bWritePid || inst->ratelimitInterval || inst->bAnnotate) ? 1 : 0;
 		listeners[nfd].bAnnotate = inst->bAnnotate;
 		listeners[nfd].bParseTrusted = inst->bParseTrusted;
+		listeners[nfd].bDiscardOwnMsgs = inst->bDiscardOwnMsgs;
 		listeners[nfd].bWritePid = inst->bWritePid;
 		listeners[nfd].bUseSysTimeStamp = inst->bUseSysTimeStamp;
+		CHKiRet(ratelimitNew(&listeners[nfd].dflt_ratelimiter, "imuxsock", NULL));
+		ratelimitSetLinuxLike(listeners[nfd].dflt_ratelimiter,
+				      listeners[nfd].ratelimitInterval,
+				      listeners[nfd].ratelimitBurst);
 		nfd++;
 	} else {
 		errmsg.LogError(0, NO_ERRCODE, "Out of unix socket name descriptors, ignoring %s\n",
@@ -475,7 +416,7 @@ finalize_it:
 }
 
 
-/* discard all log sockets except for "socket" 0. Data for it comes from
+/* discard/Destruct all log sockets except for "socket" 0. Data for it comes from
  * the constant memory pool - and if not, it is freeed via some other pointer.
  */
 static rsRetVal discardLogSockets(void)
@@ -493,6 +434,7 @@ static rsRetVal discardLogSockets(void)
 		if(listeners[i].ht != NULL) {
 			hashtable_destroy(listeners[i].ht, 1); /* 1 => free all values automatically */
 		}
+		ratelimitDestruct(listeners[i].dflt_ratelimiter);
 	}
 
 	return RS_RET_OK;
@@ -604,19 +546,22 @@ finalize_it:
  * listener (the latter being a performance enhancement).
  */
 static inline rsRetVal
-findRatelimiter(lstn_t *pLstn, struct ucred *cred, rs_ratelimit_state_t **prl)
+findRatelimiter(lstn_t *pLstn, struct ucred *cred, ratelimit_t **prl)
 {
-	rs_ratelimit_state_t *rl;
+	ratelimit_t *rl;
 	int r;
 	pid_t *keybuf;
+	char pidbuf[256];
 	DEFiRet;
 
 	if(cred == NULL)
 		FINALIZE;
+#if 0 // TODO: check deactivated?
 	if(pLstn->ratelimitInterval == 0) {
 		*prl = NULL;
 		FINALIZE;
 	}
+#endif
 
 	rl = hashtable_search(pLstn->ht, &cred->pid);
 	if(rl == NULL) {
@@ -624,10 +569,13 @@ findRatelimiter(lstn_t *pLstn, struct ucred *cred, rs_ratelimit_state_t **prl)
 		DBGPRINTF("imuxsock: no ratelimiter for pid %lu, creating one\n",
 			  (unsigned long) cred->pid);
 		STATSCOUNTER_INC(ctrNumRatelimiters, mutCtrNumRatelimiters);
-		CHKmalloc(rl = malloc(sizeof(rs_ratelimit_state_t)));
+		snprintf(pidbuf, sizeof(pidbuf), "pid %lu",
+			(unsigned long) cred->pid);
+		pidbuf[sizeof(pidbuf)-1] = '\0'; /* to be on safe side */
+		CHKiRet(ratelimitNew(&rl, "imuxsock", pidbuf));
+		ratelimitSetLinuxLike(rl, pLstn->ratelimitInterval, pLstn->ratelimitBurst);
 		CHKmalloc(keybuf = malloc(sizeof(pid_t)));
 		*keybuf = cred->pid;
-		initRatelimitState(rl, pLstn->ratelimitInterval, pLstn->ratelimitBurst);
 		r = hashtable_insert(pLstn->ht, keybuf, rl);
 		if(r == 0)
 			ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY);
@@ -636,6 +584,8 @@ findRatelimiter(lstn_t *pLstn, struct ucred *cred, rs_ratelimit_state_t **prl)
 	*prl = rl;
 
 finalize_it:
+	if(*prl == NULL)
+		*prl = pLstn->dflt_ratelimiter;
 	RETiRet;
 }
 
@@ -762,28 +712,6 @@ copyescaped(uchar *dstbuf, uchar *inbuf, int inlen)
 }
 
 
-#if 0
-/* Creates new field to be added to event
- * used for SystemLogParseTrusted parsing
- */
-struct ee_field *
-createNewField(char *fieldname, char *value, int lenValue) {
-	es_str_t *newStr;
-	struct ee_value *newVal;
-	struct ee_field *newField;
-
-	newStr = es_newStrFromBuf(value, (es_size_t) lenValue);
-
-	newVal = ee_newValue(ctxee);
-	ee_setStrValue(newVal, newStr);
-
-	newField = ee_newFieldFromNV(ctxee, fieldname, newVal);
-
-	return newField;
-}
-#endif
-
-
 /* submit received message to the queue engine
  * We now parse the message according to expected format so that we
  * can also mangle it if necessary.
@@ -802,8 +730,8 @@ SubmitMsg(uchar *pRcv, int lenRcv, lstn_t *pLstn, struct ucred *cred, struct tim
 	uchar bufParseTAG[CONF_TAG_MAXSIZE];
 	struct syslogTime st;
 	time_t tt;
-	rs_ratelimit_state_t *ratelimiter = NULL;
 	int lenProp;
+	ratelimit_t *ratelimiter = NULL;
 	uchar propBuf[1024];
 	uchar msgbuf[8192];
 	uchar *pmsgbuf;
@@ -812,6 +740,11 @@ SubmitMsg(uchar *pRcv, int lenRcv, lstn_t *pLstn, struct ucred *cred, struct tim
 	struct json_object *json = NULL, *jval;
 	DEFiRet;
 
+	if(pLstn->bDiscardOwnMsgs && cred != NULL && cred->pid == glblGetOurPid()) {
+		DBGPRINTF("imuxsock: discarding message from our own pid\n");
+		FINALIZE;
+	}
+
 	/* TODO: handle format errors?? */
 	/* we need to parse the pri first, because we need the severity for
 	 * rate-limiting as well.
@@ -842,10 +775,12 @@ SubmitMsg(uchar *pRcv, int lenRcv, lstn_t *pLstn, struct ucred *cred, struct tim
 		tt = ts->tv_sec;
 	}
 
+#if 0 // TODO: think about stats counters (or wait for request...?)
 	if(ratelimiter != NULL && !withinRatelimit(ratelimiter, tt, cred->pid)) {
 		STATSCOUNTER_INC(ctrLostRatelimit, mutCtrLostRatelimit);
 		FINALIZE;
 	}
+#endif
 
 	/* created trusted properties */
 	if(cred != NULL && pLstn->bAnnotate) {
@@ -980,8 +915,7 @@ SubmitMsg(uchar *pRcv, int lenRcv, lstn_t *pLstn, struct ucred *cred, struct tim
 
 	MsgSetRcvFrom(pMsg, pLstn->hostName == NULL ? glbl.GetLocalHostNameProp() : pLstn->hostName);
 	CHKiRet(MsgSetRcvFromIP(pMsg, pLocalHostIP));
-	CHKiRet(submitMsg(pMsg));
-
+	ratelimitAddMsg(ratelimiter, NULL, pMsg);
 	STATSCOUNTER_INC(ctrSubmit, mutCtrSubmit);
 finalize_it:
 	RETiRet;
@@ -1116,13 +1050,18 @@ activateListeners()
 	listeners[0].ratelimitInterval = runModConf->ratelimitIntervalSysSock;
 	listeners[0].ratelimitBurst = runModConf->ratelimitBurstSysSock;
 	listeners[0].ratelimitSev = runModConf->ratelimitSeveritySysSock;
-	listeners[0].bUseCreds = (runModConf->bWritePidSysSock || runModConf->ratelimitIntervalSysSock || runModConf->bAnnotateSysSock) ? 1 : 0;
+	listeners[0].bUseCreds = (runModConf->bWritePidSysSock || runModConf->ratelimitIntervalSysSock || runModConf->bAnnotateSysSock || runModConf->bDiscardOwnMsgs) ? 1 : 0;
 	listeners[0].bWritePid = runModConf->bWritePidSysSock;
 	listeners[0].bAnnotate = runModConf->bAnnotateSysSock;
 	listeners[0].bParseTrusted = runModConf->bParseTrusted;
+	listeners[0].bDiscardOwnMsgs = runModConf->bDiscardOwnMsgs;
 	listeners[0].bUseSysTimeStamp = runModConf->bUseSysTimeStamp;
 	listeners[0].flags = runModConf->bIgnoreTimestamp ? IGNDATE : NOFLAG;
 	listeners[0].flowCtl = runModConf->bUseFlowCtl ? eFLOWCTL_LIGHT_DELAY : eFLOWCTL_NO_DELAY;
+	CHKiRet(ratelimitNew(&listeners[0].dflt_ratelimiter, "imuxsock", NULL));
+		ratelimitSetLinuxLike(listeners[0].dflt_ratelimiter,
+		listeners[0].ratelimitInterval,
+		listeners[0].ratelimitBurst);
 
 	sd_fds = sd_listen_fds(0);
 	if(sd_fds < 0) {
@@ -1164,6 +1103,7 @@ CODESTARTbeginCnfLoad
 	pModConf->bWritePidSysSock = 0;
 	pModConf->bAnnotateSysSock = 0;
 	pModConf->bParseTrusted = 0;
+	pModConf->bDiscardOwnMsgs = 1;
 	pModConf->ratelimitIntervalSysSock = DFLT_ratelimitInterval;
 	pModConf->ratelimitBurstSysSock = DFLT_ratelimitBurst;
 	pModConf->ratelimitSeveritySysSock = DFLT_ratelimitSeverity;
@@ -1198,12 +1138,16 @@ CODESTARTsetModCnf
 			loadModConf->pLogSockName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.ignoretimestamp")) {
 			loadModConf->bIgnoreTimestamp = (int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "syssock.ignoreownmessages")) {
+			loadModConf->bDiscardOwnMsgs = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.flowcontrol")) {
 			loadModConf->bUseFlowCtl = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.usesystimestamp")) {
 			loadModConf->bUseSysTimeStamp = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.annotate")) {
 			loadModConf->bAnnotateSysSock = (int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "syssock.parsetrusted")) {
+			loadModConf->bParseTrusted = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.usepidfromsystem")) {
 			loadModConf->bWritePidSysSock = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "syssock.ratelimit.interval")) {
@@ -1258,6 +1202,8 @@ CODESTARTnewInpInst
 			inst->bCreatePath = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "parsetrusted")) {
 			inst->bParseTrusted = (int) pvals[i].val.d.n;
+		} else if(!strcmp(modpblk.descr[i].name, "ignoreownmessages")) {
+			inst->bDiscardOwnMsgs = (int) pvals[i].val.d.n;
 		} else if(!strcmp(modpblk.descr[i].name, "hostname")) {
 			inst->pLogHostName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
 		} else if(!strcmp(modpblk.descr[i].name, "ignoretimestamp")) {
@@ -1547,8 +1493,16 @@ CODEmodInit_QueryRegCFSLineHdlr
 	listeners[0].bUseCreds = 0;
 	listeners[0].bAnnotate = 0;
 	listeners[0].bParseTrusted = 0;
+	listeners[0].bDiscardOwnMsgs = 1;
 	listeners[0].bCreatePath = 0;
 	listeners[0].bUseSysTimeStamp = 1;
+	if((listeners[0].ht = create_hashtable(100, hash_from_key_fn, key_equals_fn,
+		(void(*)(void*))ratelimitDestruct)) == NULL) {
+		/* in this case, we simply turn off rate-limiting */
+		DBGPRINTF("imuxsock: turning off rate limiting for system socket "
+			  "because we could not create hash table\n");
+		listeners[0].ratelimitInterval = 0;
+	}
 
 	/* initialize socket names */
 	for(i = 1 ; i < MAXFUNIX ; ++i) {