mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-29 13:15:05 +00:00
Add option ICMP_BANDLIM_SUPPRESS_OUTPUT to the mix. With this option,
badport_bandlim() will not muck up your console with printf() messages.
This commit is contained in:
Dan Moschuk
parent
1ec5e8e681
commit
fcdc02160f
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=60797
|
|
@ -544,9 +544,11 @@ options TCP_RESTRICT_RST #restrict emission of TCP RST
|
|||
|
||||
# ICMP_BANDLIM enables icmp error response bandwidth limiting. You
|
||||
# typically want this option as it will help protect the machine from
|
||||
# D.O.S. packet attacks.
|
||||
# D.O.S. packet attacks. Use ICMP_BANDLIM_SUPPRESS_OUTPUT to prevent
|
||||
# bandwidth limit messages from being dumped to console.
|
||||
#
|
||||
options ICMP_BANDLIM
|
||||
options ICMP_BANDLIM_SUPPRESS_OUTPUT
|
||||
|
||||
# DUMMYNET enables the "dummynet" bandwidth limiter. You need
|
||||
# IPFIREWALL as well. See the dummynet(4) manpage for more info.
|
||||
|
|
|
|||
|
|
@ -88,6 +88,7 @@ MSGSSZ opt_sysvipc.h
|
|||
MSGTQL opt_sysvipc.h
|
||||
UCONSOLE
|
||||
ICMP_BANDLIM
|
||||
ICMP_BANDLIM_SUPPRESS_OUTPUT opt_icmp_bandlim.h
|
||||
VFS_AIO
|
||||
|
||||
# POSIX kernel options
|
||||
|
|
|
|||
|
|
@ -544,9 +544,11 @@ options TCP_RESTRICT_RST #restrict emission of TCP RST
|
|||
|
||||
# ICMP_BANDLIM enables icmp error response bandwidth limiting. You
|
||||
# typically want this option as it will help protect the machine from
|
||||
# D.O.S. packet attacks.
|
||||
# D.O.S. packet attacks. Use ICMP_BANDLIM_SUPPRESS_OUTPUT to prevent
|
||||
# bandwidth limit messages from being dumped to console.
|
||||
#
|
||||
options ICMP_BANDLIM
|
||||
options ICMP_BANDLIM_SUPPRESS_OUTPUT
|
||||
|
||||
# DUMMYNET enables the "dummynet" bandwidth limiter. You need
|
||||
# IPFIREWALL as well. See the dummynet(4) manpage for more info.
|
||||
|
|
|
|||
|
|
@ -544,9 +544,11 @@ options TCP_RESTRICT_RST #restrict emission of TCP RST
|
|||
|
||||
# ICMP_BANDLIM enables icmp error response bandwidth limiting. You
|
||||
# typically want this option as it will help protect the machine from
|
||||
# D.O.S. packet attacks.
|
||||
# D.O.S. packet attacks. Use ICMP_BANDLIM_SUPPRESS_OUTPUT to prevent
|
||||
# bandwidth limit messages from being dumped to console.
|
||||
#
|
||||
options ICMP_BANDLIM
|
||||
options ICMP_BANDLIM_SUPPRESS_OUTPUT
|
||||
|
||||
# DUMMYNET enables the "dummynet" bandwidth limiter. You need
|
||||
# IPFIREWALL as well. See the dummynet(4) manpage for more info.
|
||||
|
|
|
|||
|
|
@ -843,10 +843,12 @@ badport_bandlim(int which)
|
|||
|
||||
if ((unsigned int)dticks > hz) {
|
||||
if (lpackets[which] > icmplim) {
|
||||
#ifndef ICMP_BANDLIM_SUPPRESS_OUTPUT
|
||||
printf("icmp-response bandwidth limit %d/%d pps\n",
|
||||
lpackets[which],
|
||||
icmplim
|
||||
);
|
||||
#endif
|
||||
}
|
||||
lticks[which] = ticks;
|
||||
lpackets[which] = 0;
|
||||
|
|
|
|||
Loading…
Reference in a new issue