Functionality for IPFIREWALL_VERBOSE logging:

- State when we've reached the limit on a particular rule in the kernel logfile
- State when a rule or all rules have been zero'd.

This gives a log of all actions that occur w/regard to the firewall
occurances, and can explain why a particular break-in attempt might not
get logged due to the limit being reached.

Reviewed by:	alex

1 files changed, 7 insertions, 1 deletions

diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index 1bcc57b..c8b34ff 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -12,7 +12,7 @@
  *
  * This software is provided ``AS IS'' without any warranties of any kind.
  *
- *	$Id: ip_fw.c,v 1.42 1996/06/25 00:22:20 alex Exp $
+ *	$Id: ip_fw.c,v 1.43 1996/06/29 03:33:20 alex Exp $
  */
 
 /*
@@ -252,6 +252,8 @@ ipfw_report(char *txt, int rule, struct ip *ip, int counter)
 	if ((ip->ip_off & IP_OFFMASK)) 
 		printf(" Fragment = %d",ip->ip_off & IP_OFFMASK);
 	printf("\n");
+	if (fw_verbose_limit != 0 && counter == fw_verbose_limit)
+		printf("ipfw: limit reached on rule #%d\n", rule);
 }
 
 /*
@@ -592,6 +594,10 @@ zero_entry(struct mbuf *m)
 		}
 	splx(s);
 
+	if ( frwl )
+		printf("ipfw: Entry %d cleared.\n", frwl->fw_number);
+	else
+		printf("ipfw: Accounting cleared.\n");
 	return(0);
 }