From nobody  Thu Aug 21 06:59:43 1997
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id GAA21707;
          Thu, 21 Aug 1997 06:59:43 -0700 (PDT)
Message-Id: <199708211359.GAA21707@hub.freebsd.org>
Date: Thu, 21 Aug 1997 06:59:43 -0700 (PDT)
From: rbickers@intercenter.net
To: freebsd-gnats-submit@freebsd.org
Subject: ipfw logging limit is not fully acknowledged
X-Send-Pr-Version: www-1.0

>Number:         4351
>Category:       kern
>Synopsis:       ipfw logging limit is not fully acknowledged
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 21 07:00:01 PDT 1997
>Closed-Date:    Sat Aug 23 07:32:09 PDT 1997
>Last-Modified:  Sat Aug 23 07:33:25 PDT 1997
>Originator:     Ron Bickers
>Release:        2.2-stable
>Organization:
The Internet Center, Inc.
>Environment:
FreeBSD atlantis.intercenter.net 2.2-STABLE FreeBSD 2.2-STABLE #0: Wed Aug 20 11:10:45 EDT 1997
     rbickers@atlantis.intercenter.net:/usr/src/sys/compile/atlantis  i386

>Description:
When the ipfw logging limit is reached, partial information is
still displayed.  Sample output follows:

ipfw: 1900 Deny UDP 207.211.129.97:137 207.211.128.12:137 in via ep0
ipfw: limit reached on rule #1900
ipfw: 1900 Deny ipfw: 1900 Deny ipfw: 1900 Deny ipfw: 1900 Deny ipfw: 1900 Deny ipfw: 1900 Deny
 ipfw: 1900 Deny ipfw: 1900 Deny ipfw: 1900 Deny ipfw: 1900 Deny ipfw: 1900 Deny ipfw: 1900 Den

>How-To-Repeat:
Force the limit of any ipfw logging rule to be reached and look
at the console or dmesg

>Fix:
The following patch to /usr/src/sys/netinet/ip_fw.c works for me.

--- ip_fw.c.old Wed Aug 20 10:30:26 1997
+++ ip_fw.c     Wed Aug 20 11:02:16 1997
@@ -259,6 +259,10 @@
        struct icmp *const icmp = (struct icmp *) ((u_long *) ip + ip->ip_hl);
        int count;
 
+       count = f ? f->fw_pcnt : ++counter;
+       if (fw_verbose_limit != 0 && count > fw_verbose_limit)
+               return;
+
        /* Print command name */
        printf("ipfw: %d ", f ? f->fw_number : -1);
        if (!f)
@@ -295,9 +299,6 @@
                }
        printf(" ");
 
-       count = f ? f->fw_pcnt : ++counter;
-       if (fw_verbose_limit != 0 && count > fw_verbose_limit)
-               return;
        switch (ip->ip_p) {
        case IPPROTO_TCP:
                printf("TCP ");

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: alex 
State-Changed-When: Sat Aug 23 07:32:09 PDT 1997 
State-Changed-Why:  
Patch applied to revs 1.62 and 1.51.2.4 of ip_fw.c.  Thanks! 
>Unformatted:
