From nobody@FreeBSD.org  Thu Aug 23 14:35:17 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BCC9016A420
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 23 Aug 2007 14:35:17 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id AA47413C458
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 23 Aug 2007 14:35:17 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l7NEZHKw075157
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 23 Aug 2007 14:35:17 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.1/8.14.1/Submit) id l7NEZHhL075144;
	Thu, 23 Aug 2007 14:35:17 GMT
	(envelope-from nobody)
Message-Id: <200708231435.l7NEZHhL075144@www.freebsd.org>
Date: Thu, 23 Aug 2007 14:35:17 GMT
From: Sergey Matveychuk <sem@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [ipfw][patch] unify message and add a rule number where limit was reached
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         115755
>Category:       kern
>Synopsis:       [ipfw] [patch] unify message and add a rule number where limit was reached
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 23 14:40:11 GMT 2007
>Closed-Date:    Sun Nov 08 15:34:38 UTC 2009
>Last-Modified:  Sun Nov 08 15:34:38 UTC 2009
>Originator:     Sergey Matveychuk
>Release:        6.2-STABLE
>Organization:
Yandex
>Environment:
FreeBSD orange.yandex.net 6.2-STABLE FreeBSD 6.2-STABLE #6: Thu Aug 23 14:14:05 UTC 2007     root@orange.yandex.net:/usr/obj/usr/src/sys/ORANGE  i386
>Description:
When you have a few rules with a limit you can't see which of them has been reached. Moreover all log entries starts from "ipfw: <number>", so stick to this form in the limit message.
>How-To-Repeat:
add a few rules with a limit. when limit will be reached, you'll see in log a line like this:

kernel: drop session 111.111.111.111:65373 -> 222.222.222.222:22, too many entries

You don't know what rule has been matched.

With the patch the line will look like this:

kernel: ipfw: 1500 drop session 111.111.111.111:65373 -> 222.222.222.222:22, too many entries
>Fix:


Patch attached with submission follows:

--- sys/netinet/ip_fw2.c.orig	Thu Aug 23 13:19:37 2007
+++ sys/netinet/ip_fw2.c	Thu Aug 23 14:12:49 2007
@@ -1591,7 +1591,8 @@
 						inet_ntoa_r(da, dst);
 					}
 					log(LOG_SECURITY | LOG_DEBUG,
-					    "%s %s:%u -> %s:%u, %s\n",
+					    "ipfw: %d %s %s:%u -> %s:%u, %s\n",
+					    parent->rule->rulenum,
 					    "drop session",
 					    src, (args->f_id.src_port),
 					    dst, (args->f_id.dst_port),


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: sem 
Responsible-Changed-When: Thu Aug 23 14:41:31 UTC 2007 
Responsible-Changed-Why:  
Over to maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115755 
State-Changed-From-To: open->patched 
State-Changed-By: maxim 
State-Changed-When: Sat Sep 29 15:02:06 UTC 2007 
State-Changed-Why:  
Committed to HEAD.  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115755 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/115755: commit references a PR
Date: Sat, 29 Sep 2007 15:01:51 +0000 (UTC)

 maxim       2007-09-29 15:01:42 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/netinet          ip_fw2.c 
   Log:
   o For dynamic rules log a parent rule number.  Prefix a log message
   by 'ipfw: '.
   
   PR:             kern/115755
   Submitted by:   sem
   Approved by:    re (gnn)
   MFC after:      4 weeks
   
   Revision  Changes    Path
   1.174     +2 -1      src/sys/netinet/ip_fw2.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: Gavin Atkinson <gavin@FreeBSD.org>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/115755: [ipfw][patch] unify message and add a rule number
	where limit was reached
Date: Fri, 06 Jun 2008 13:04:12 +0100

 This has not yet been MFC'd to RELENG_6.  However, I'm not sure it can
 be, as it does change the format of a logged message, so may be
 unsuitable to merge to a STABLE branch.  Opinions?  Please close if it
 can't be merged.
 
 Gavin
State-Changed-From-To: patched->closed 
State-Changed-By: gavin 
State-Changed-When: Sun Nov 8 15:33:49 UTC 2009 
State-Changed-Why:  
I can't see this ever being merged to 6.x now as it changes the 
format of the log file. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115755 
>Unformatted:
