Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 16 Nov 2001 17:53:04 +0100
From:      Poul-Henning Kamp <phk@critter.freebsd.dk>
To:        Sheldon Hearn <sheldonh@starjuice.net>
Cc:        ru@FreeBSD.org, audit@FreeBSD.org
Subject:   Re: cvs commit: src/sbin/natd natd.8 natd.c 
Message-ID:  <16863.1005929584@critter.freebsd.dk>
In-Reply-To: Your message of "Fri, 16 Nov 2001 18:53:37 %2B0200." <71404.1005929617@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <71404.1005929617@axl.seasidesoftware.co.za>, Sheldon Hearn writes:
>
>
>On Wed, 31 Oct 2001 08:08:49 PST, Poul-Henning Kamp wrote:
>
>>   Modified files:
>>     sbin/natd            natd.8 natd.c 
>>   Log:
>>   Do not uselessly whine in syslog about packets denied by ipfw rules.
>>   
>>   Set 'log_ipfw_denied' option if you want the old behaviour.
>
>Yuk.  Wouldn't a better idea simply to make the whining more useful,
>with something like this?

You are not proposing a log message per packet that people cannot
turn off are you ?

Poul-Henning

>
>Ciao,
>Sheldon.
>
>Index: natd.c
>===================================================================
>RCS file: /home/ncvs/src/sbin/natd/natd.c,v
>retrieving revision 1.36
>diff -u -d -r1.36 natd.c
>--- natd.c	31 Oct 2001 16:08:49 -0000	1.36
>+++ natd.c	16 Nov 2001 16:50:08 -0000
>@@ -589,6 +589,8 @@
> {
> 	int			wrote;
> 	char			msgBuf[80];
>+	char			hostBuf[NI_MAXHOST];
>+	char			servBuf[NI_MAXSERV];
> /*
>  * Put packet back for processing.
>  */
>@@ -618,7 +620,15 @@
> 		}
> 		else if (errno == EACCES && log_ipfw_denied) {
> 
>-			sprintf (msgBuf, "failed to write packet back");
>+			if (getnameinfo((struct sockaddr *)&packetAddr,
>+			    packetAddr.sin_len, hostBuf, sizeof(hostBuf),
>+			    servBuf, sizeof(servBuf),
>+			    NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
>+				sprintf(hostBuf, "unknown");
>+				sprintf(servBuf, "unknown");
>+			}
>+			sprintf (msgBuf, "failed to write packet to %s:%s",
>+			    hostBuf, servBuf);
> 			Warn (msgBuf);
> 		}
> 	}
>

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16863.1005929584>