From owner-freebsd-questions Thu Oct 7 13:45:31 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mail3.atl.bellsouth.net (mail3.atl.bellsouth.net [205.152.0.38]) by hub.freebsd.org (Postfix) with ESMTP id 2E0641525C for ; Thu, 7 Oct 1999 13:45:25 -0700 (PDT) (envelope-from allenc@mindsieve.com) Received: from spamer_death (adsl-77-225-87.atl.bellsouth.net [216.77.225.87]) by mail3.atl.bellsouth.net (3.3.4alt/0.75.2) with SMTP id QAA00905 for ; Thu, 7 Oct 1999 16:43:43 -0400 (EDT) Message-Id: <3.0.5.32.19991007164244.00814680@mindsieve.com> X-Sender: allenc@mindsieve.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 07 Oct 1999 16:42:44 -0400 To: freebsd-questions@FreeBSD.ORG From: Allen Cleveland Subject: Getting more info from icmp-response bandwidth limit Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, I included the bandwidth limit in the kernel ( 3-3-RC atm ) and, as predicted, it's doing it's job. What I'm interested in is getting the IP address into the message that these packets are claiming to come from. I understand that the IP information may not be correct, due to spoofing, but I'd like this information in the message anyway. I'd also like to have the time in the security check output so I can provide the required information to the correct parties. This is the familar message: Oct 7 02:47:58 roswell /kernel: icmp-response bandwidth limit 115/100 pps and it looks like this in the security check output: roswell kernel log messages: >icmp-response bandwidth limit 115/100 pps And I'd like it to look something like: Oct 7 02:47:58 roswell /kernel: icmp-response bandwidth limit 115/100 pps from xxx.xxx.xxx.xxx And: roswell kernel log messages: >Oct 7 02:47:58 icmp-response bandwidth limit 115/100 pps from xxx.xxx.xxx.xxx I searched the mailing list and only found a reference to running 'tcpdump icmp' which I'd have to do during the limiting :/ Any ideas? -- Allen Cleveland allenc@mindsieve.com There is no try. Do, or do not do, but no try. -Yoda To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message