From owner-freebsd-audit  Fri Nov 16  8:54:43 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by hub.freebsd.org (Postfix) with ESMTP
	id ED3A537B416; Fri, 16 Nov 2001 08:54:37 -0800 (PST)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.11.6/8.11.6) with ESMTP id fAGGr5e16865;
	Fri, 16 Nov 2001 17:53:05 +0100 (CET)
	(envelope-from phk@critter.freebsd.dk)
To: Sheldon Hearn <sheldonh@starjuice.net>
Cc: ru@FreeBSD.org, audit@FreeBSD.org
Subject: Re: cvs commit: src/sbin/natd natd.8 natd.c 
In-Reply-To: Your message of "Fri, 16 Nov 2001 18:53:37 +0200."
             <71404.1005929617@axl.seasidesoftware.co.za> 
Date: Fri, 16 Nov 2001 17:53:04 +0100
Message-ID: <16863.1005929584@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

In message <71404.1005929617@axl.seasidesoftware.co.za>, Sheldon Hearn writes:
>
>
>On Wed, 31 Oct 2001 08:08:49 PST, Poul-Henning Kamp wrote:
>
>>   Modified files:
>>     sbin/natd            natd.8 natd.c 
>>   Log:
>>   Do not uselessly whine in syslog about packets denied by ipfw rules.
>>   
>>   Set 'log_ipfw_denied' option if you want the old behaviour.
>
>Yuk.  Wouldn't a better idea simply to make the whining more useful,
>with something like this?

You are not proposing a log message per packet that people cannot
turn off are you ?

Poul-Henning

>
>Ciao,
>Sheldon.
>
>Index: natd.c
>===================================================================
>RCS file: /home/ncvs/src/sbin/natd/natd.c,v
>retrieving revision 1.36
>diff -u -d -r1.36 natd.c
>--- natd.c	31 Oct 2001 16:08:49 -0000	1.36
>+++ natd.c	16 Nov 2001 16:50:08 -0000
>@@ -589,6 +589,8 @@
> {
> 	int			wrote;
> 	char			msgBuf[80];
>+	char			hostBuf[NI_MAXHOST];
>+	char			servBuf[NI_MAXSERV];
> /*
>  * Put packet back for processing.
>  */
>@@ -618,7 +620,15 @@
> 		}
> 		else if (errno == EACCES && log_ipfw_denied) {
> 
>-			sprintf (msgBuf, "failed to write packet back");
>+			if (getnameinfo((struct sockaddr *)&packetAddr,
>+			    packetAddr.sin_len, hostBuf, sizeof(hostBuf),
>+			    servBuf, sizeof(servBuf),
>+			    NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
>+				sprintf(hostBuf, "unknown");
>+				sprintf(servBuf, "unknown");
>+			}
>+			sprintf (msgBuf, "failed to write packet to %s:%s",
>+			    hostBuf, servBuf);
> 			Warn (msgBuf);
> 		}
> 	}
>

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message