diff options
| author | dan <dan@FreeBSD.org> | 2000-05-22 15:00:41 +0000 |
|---|---|---|
| committer | dan <dan@FreeBSD.org> | 2000-05-22 15:00:41 +0000 |
| commit | 187df3a0fbe92bcb52f715bf42ea38c9c2034c4b (patch) | |
| tree | 7ba9302f4c7ef1666c53161acb9306df168fe492 /sys | |
| parent | 4a00d6a024a8331ebe9b8886320aa74c21101faf (diff) | |
| download | FreeBSD-src-187df3a0fbe92bcb52f715bf42ea38c9c2034c4b.zip FreeBSD-src-187df3a0fbe92bcb52f715bf42ea38c9c2034c4b.tar.gz | |
Add option ICMP_BANDLIM_SUPPRESS_OUTPUT to the mix. With this option,
badport_bandlim() will not muck up your console with printf() messages.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/conf/NOTES | 4 | ||||
| -rw-r--r-- | sys/conf/options | 1 | ||||
| -rw-r--r-- | sys/i386/conf/LINT | 4 | ||||
| -rw-r--r-- | sys/i386/conf/NOTES | 4 | ||||
| -rw-r--r-- | sys/netinet/ip_icmp.c | 2 |
5 files changed, 12 insertions, 3 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index d8e67f8..c84085d 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -544,9 +544,11 @@ options TCP_RESTRICT_RST #restrict emission of TCP RST # ICMP_BANDLIM enables icmp error response bandwidth limiting. You # typically want this option as it will help protect the machine from -# D.O.S. packet attacks. +# D.O.S. packet attacks. Use ICMP_BANDLIM_SUPPRESS_OUTPUT to prevent +# bandwidth limit messages from being dumped to console. # options ICMP_BANDLIM +options ICMP_BANDLIM_SUPPRESS_OUTPUT # DUMMYNET enables the "dummynet" bandwidth limiter. You need # IPFIREWALL as well. See the dummynet(4) manpage for more info. diff --git a/sys/conf/options b/sys/conf/options index b103db6..811ed94 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -88,6 +88,7 @@ MSGSSZ opt_sysvipc.h MSGTQL opt_sysvipc.h UCONSOLE ICMP_BANDLIM +ICMP_BANDLIM_SUPPRESS_OUTPUT opt_icmp_bandlim.h VFS_AIO # POSIX kernel options diff --git a/sys/i386/conf/LINT b/sys/i386/conf/LINT index d8e67f8..c84085d 100644 --- a/sys/i386/conf/LINT +++ b/sys/i386/conf/LINT @@ -544,9 +544,11 @@ options TCP_RESTRICT_RST #restrict emission of TCP RST # ICMP_BANDLIM enables icmp error response bandwidth limiting. You # typically want this option as it will help protect the machine from -# D.O.S. packet attacks. +# D.O.S. packet attacks. Use ICMP_BANDLIM_SUPPRESS_OUTPUT to prevent +# bandwidth limit messages from being dumped to console. # options ICMP_BANDLIM +options ICMP_BANDLIM_SUPPRESS_OUTPUT # DUMMYNET enables the "dummynet" bandwidth limiter. You need # IPFIREWALL as well. See the dummynet(4) manpage for more info. diff --git a/sys/i386/conf/NOTES b/sys/i386/conf/NOTES index d8e67f8..c84085d 100644 --- a/sys/i386/conf/NOTES +++ b/sys/i386/conf/NOTES @@ -544,9 +544,11 @@ options TCP_RESTRICT_RST #restrict emission of TCP RST # ICMP_BANDLIM enables icmp error response bandwidth limiting. You # typically want this option as it will help protect the machine from -# D.O.S. packet attacks. +# D.O.S. packet attacks. Use ICMP_BANDLIM_SUPPRESS_OUTPUT to prevent +# bandwidth limit messages from being dumped to console. # options ICMP_BANDLIM +options ICMP_BANDLIM_SUPPRESS_OUTPUT # DUMMYNET enables the "dummynet" bandwidth limiter. You need # IPFIREWALL as well. See the dummynet(4) manpage for more info. diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 1b2a14e..a18f875 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -843,10 +843,12 @@ badport_bandlim(int which) if ((unsigned int)dticks > hz) { if (lpackets[which] > icmplim) { +#ifndef ICMP_BANDLIM_SUPPRESS_OUTPUT printf("icmp-response bandwidth limit %d/%d pps\n", lpackets[which], icmplim ); +#endif } lticks[which] = ticks; lpackets[which] = 0; |
