Change the messages of the ICMP bad port bandwidth limiter from

a kernel printf to a log output with the priority of LOG_NOTICE. This way the messages still show up in /var/log/messages but no longer spam the console every other second on busy servers that are port scanned: "Limiting open port RST response from 114 to 100 packets/sec" PR: kern/147352 Submitted by: Eugene Grosbein <eugen-at-eg sd rdtc ru> MFC after: 1 week
2010-08-14 21:04:27 +00:00 · 2010-08-14 21:04:27 +00:00 · 40fe9eff47
commit 40fe9eff47
parent bee4e5afa9
1 changed files with 2 additions and 1 deletions
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/time.h>
 #include <sys/kernel.h>
 #include <sys/sysctl.h>
+#include <sys/syslog.h>

 #include <net/if.h>
 #include <net/if_types.h>
@ -975,7 +976,7 @@ badport_bandlim(int which)
 		 * the previous behaviour at the expense of added complexity.
 		 */
 		if (V_icmplim_output && opps > V_icmplim)
-			printf("Limiting %s from %d to %d packets/sec\n",
+			log(LOG_NOTICE, "Limiting %s from %d to %d packets/sec\n",
 				r->type, opps, V_icmplim);
 	}
 	return 0;			/* okay to send packet */