From owner-freebsd-bugs@FreeBSD.ORG  Tue Jul 11 09:46:41 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@FreeBSD.org
Delivered-To: freebsd-bugs@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2FFEE16A4DA;
	Tue, 11 Jul 2006 09:46:41 +0000 (UTC)
	(envelope-from turutani@scphys.kyoto-u.ac.jp)
Received: from polymer3.scphys.kyoto-u.ac.jp (polymer3.scphys.kyoto-u.ac.jp
	[130.54.55.55])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9B33243D45;
	Tue, 11 Jul 2006 09:46:39 +0000 (GMT)
	(envelope-from turutani@scphys.kyoto-u.ac.jp)
Received: from POLYMER5.scphys.kyoto-u.ac.jp
	(h118.65.226.10.32118.vlan.kuins.net [10.226.65.118])
	by polymer3.scphys.kyoto-u.ac.jp (8.13.6/8.13.6/20060227-1) with SMTP
	id k6B9kWQ1017469; Tue, 11 Jul 2006 18:46:33 +0900 (JST)
	(envelope-from turutani@scphys.kyoto-u.ac.jp)
Message-Id: <200607110946.AA00167@POLYMER5.scphys.kyoto-u.ac.jp>
From: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Date: Tue, 11 Jul 2006 18:46:31 +0900
To: bug-followup@FreeBSD.org, matteo@FreeBSD.org, freebsd-bugs@FreeBSD.org
MIME-Version: 1.0
X-Mailer: AL-Mail32 Version 1.13
Content-Type: text/plain; charset=us-ascii
X-Spam-Status: No, score=-4.4 required=7.0 tests=ALL_TRUSTED,BAYES_00 
	autolearn=ham version=3.1.3
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on 
	polymer3.scphys.kyoto-u.ac.jp
Cc: 
Subject: Re: conf/96247: [patch] 550.ipfwlimit reports logs even if log size
	is not limited.
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jul 2006 09:46:41 -0000

In either case of logamount is set to 0 or net.inet.ip.fw.verbose_limit is 0,
the limit of loging should be removed; 0 is not "0",
and "ipfw log limit" is not reached.

Here is a new patch:

--- etc/periodic/security/550.ipfwlimit.orig   Mon Apr 24 13:27:37 2006
+++ etc/periodic/security/550.ipfwlimit	Wed May 10 07:00:10 2006
@@ -51,10 +51,10 @@
 	grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \
 	awk -v limit="$IPFW_LOG_LIMIT" \
 		'{if ($6 == "logamount") {
-			if ($2 > $7)
+			if ($7 != 0 && $2 > $7)
 				{print $0}
 		} else {
-			if ($2 > limit)
+			if (limit != 0 && $2 > limit)
 				{print $0}}
 		}' > ${TMP}