From bc328144f149af07139a0f2c1329018cd85b86b7 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 19 Sep 2025 01:32:45 +0000
Subject: [PATCH] upstream: log at level INFO when PerSourcePenalties actually
 blocks

access to a source address range. Previously this was logged at level
VERBOSE, which hid enforcement actions under default config settings.

ok dtucker, markus

OpenBSD-Commit-ID: ea2b0d7c2253ff5205719d74b526cf2870df894d
---
 srclimit.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/srclimit.c b/srclimit.c
index 8a47588e4..c62763724 100644
--- a/srclimit.c
+++ b/srclimit.c
@@ -427,7 +427,9 @@ srclimit_penalise(struct xaddr *addr, int penalty_type)
 			penalty->active = 1;
 		if (RB_INSERT(penalties_by_expiry, by_expiry, penalty) != NULL)
 			fatal_f("internal error: %s penalty tables corrupt", t);
-		verbose_f("%s: new %s %s penalty of %d seconds for %s", t,
+		do_log2_f(penalty->active ?
+		    SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE,
+		    "%s: new %s %s penalty of %d seconds for %s", t,
 		    addrnetmask, penalty->active ? "active" : "deferred",
 		    penalty_secs, reason);
 		if (++(*npenaltiesp) > (size_t)max_sources)
@@ -446,7 +448,7 @@ srclimit_penalise(struct xaddr *addr, int penalty_type)
 		existing->expiry = now + penalty_cfg.penalty_max;
 	if (existing->expiry - now > penalty_cfg.penalty_min &&
 	    !existing->active) {
-		verbose_f("%s: activating %s penalty of %lld seconds for %s",
+		logit_f("%s: activating %s penalty of %lld seconds for %s",
 		    addrnetmask, t, (long long)(existing->expiry - now),
 		    reason);
 		existing->active = 1;
-- 
2.47.3