[openssh-commits] [openssh] branch master updated: upstream: log at level INFO when PerSourcePenalties actually blocks

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Sep 19 13:40:04 AEST 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

The following commit(s) were added to refs/heads/master by this push:
     new bc328144f upstream: log at level INFO when PerSourcePenalties actually blocks
bc328144f is described below

commit bc328144f149af07139a0f2c1329018cd85b86b7
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Fri Sep 19 01:32:45 2025 +0000

    upstream: log at level INFO when PerSourcePenalties actually blocks
    
    access to a source address range. Previously this was logged at level
    VERBOSE, which hid enforcement actions under default config settings.
    
    ok dtucker, markus
    
    OpenBSD-Commit-ID: ea2b0d7c2253ff5205719d74b526cf2870df894d
---
 srclimit.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/srclimit.c b/srclimit.c
index 8a47588e4..c62763724 100644
--- a/srclimit.c
+++ b/srclimit.c
@@ -427,7 +427,9 @@ srclimit_penalise(struct xaddr *addr, int penalty_type)
 			penalty->active = 1;
 		if (RB_INSERT(penalties_by_expiry, by_expiry, penalty) != NULL)
 			fatal_f("internal error: %s penalty tables corrupt", t);
-		verbose_f("%s: new %s %s penalty of %d seconds for %s", t,
+		do_log2_f(penalty->active ?
+		    SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE,
+		    "%s: new %s %s penalty of %d seconds for %s", t,
 		    addrnetmask, penalty->active ? "active" : "deferred",
 		    penalty_secs, reason);
 		if (++(*npenaltiesp) > (size_t)max_sources)
@@ -446,7 +448,7 @@ srclimit_penalise(struct xaddr *addr, int penalty_type)
 		existing->expiry = now + penalty_cfg.penalty_max;
 	if (existing->expiry - now > penalty_cfg.penalty_min &&
 	    !existing->active) {
-		verbose_f("%s: activating %s penalty of %lld seconds for %s",
+		logit_f("%s: activating %s penalty of %lld seconds for %s",
 		    addrnetmask, t, (long long)(existing->expiry - now),
 		    reason);
 		existing->active = 1;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list