Date: Sun, 4 Aug 2002 12:33:05 +0300 (EEST) From: Valentin Nechayev <netch@netch.kiev.ua> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/41307: libalias: logging of links lifecycle (add/delete/change) Message-ID: <200208040933.g749X5AI002822@iv.nn.kiev.ua>
next in thread | raw e-mail | index | archive | help
>Number: 41307 >Category: bin >Synopsis: libalias: logging of links lifecycle (add/delete/change) >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Aug 04 02:40:02 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Valentin Nechayev >Release: FreeBSD 4.6.1-RELEASE-p7 i386 >Organization: Private >Environment: FreeBSD 5.0-CURRENT >Description: The following patch adds logging of creating and deleting libalias' "links" which are mappings between connection from masqueraded source, and connection which is visible at external network. Also it adds switch and command to request this logging in natd. Logging of mappings is highly needed when internal network divides to zones of different responsibility and activity source (e.g., typical office network). This can't be done in full manner in any agent external to libalias: firewall can track only TCP SYNs and FINs without log flooding; UDP and ICMP mappings can't be logged without flooding. This patch was tested at Lucky Net (http://www.lucky.net) at real network with quite high load of NAT'ing hosts (up to 100 loaded DSL links per host). >How-To-Repeat: >Fix: The following patch is for 5.0-CURRENT (two days ago) diff -rNu 0/lib/libalias/alias.h 1/lib/libalias/alias.h --- 0/lib/libalias/alias.h Sat Aug 3 13:46:50 2002 +++ 1/lib/libalias/alias.h Sun Aug 4 12:08:32 2002 @@ -170,6 +170,11 @@ */ #define PKT_ALIAS_REVERSE 0x80 +/* If PKT_ALIAS_LOG_LINK is set, creating, changing, and deleting + * of mappings are reported via syslog +*/ +#define PKT_ALIAS_LOG_LINK 0x200 + /* Function return codes. */ #define PKT_ALIAS_ERROR -1 #define PKT_ALIAS_OK 1 diff -rNu 0/lib/libalias/alias_db.c 1/lib/libalias/alias_db.c --- 0/lib/libalias/alias_db.c Sat Aug 3 13:46:50 2002 +++ 1/lib/libalias/alias_db.c Sun Aug 4 12:10:06 2002 @@ -144,6 +144,7 @@ See HISTORY file for additional revisions. */ +#include <sys/types.h> /* System include files */ #include <errno.h> @@ -154,7 +155,6 @@ #include <sys/queue.h> #include <sys/socket.h> #include <sys/time.h> -#include <sys/types.h> /* BSD network include files */ #include <netinet/in_systm.h> @@ -163,6 +163,9 @@ #include <netinet/tcp.h> #include <arpa/inet.h> +#include <syslog.h> +#include <string.h> + #include "alias.h" #include "alias_local.h" @@ -439,6 +442,13 @@ static void InitPacketAliasLog(void); static void UninitPacketAliasLog(void); +/* Per-link logging */ +static void LogAddLink(const struct alias_link*); +static void LogDeleteLink(const struct alias_link*); +static void LogReLink(const struct alias_link*, const struct alias_link*); +static void DumpLinkData(char*, size_t, const char*, + const struct alias_link *); + static u_int StartPointIn(struct in_addr alias_addr, u_short alias_port, @@ -919,6 +929,9 @@ if (deleteAllLinks == 0 && link->flags & LINK_PERMANENT) return; + if (packetAliasMode & PKT_ALIAS_LOG_LINK) + LogDeleteLink(link); + #ifndef NO_FW_PUNCH /* Delete associated firewall hole, if any */ ClearFWHole(link); @@ -1135,6 +1148,8 @@ { ShowAliasStats(); } + if (packetAliasMode & PKT_ALIAS_LOG_LINK) + LogAddLink(link); return(link); } @@ -1154,6 +1169,8 @@ new_link = AddLink(src_addr, dst_addr, alias_addr, src_port, dst_port, alias_port_param, link_type); + if (packetAliasMode & PKT_ALIAS_LOG_LINK) + LogReLink(new_link, old_link); #ifndef NO_FW_PUNCH if (new_link != NULL && old_link->link_type == LINK_TCP && @@ -2921,6 +2938,74 @@ memset(fireWallField, 0, fireWallNumNums); } #endif + +static void +LogAddLink(const struct alias_link *link) +{ + char buffer[300]; + DumpLinkData(buffer, sizeof buffer, "LINK", link); + syslog(LOG_INFO, "%s", buffer); +} + +static void +LogDeleteLink(const struct alias_link *link) +{ + char buffer[300]; + DumpLinkData(buffer, sizeof buffer, "UNLINK", link); + syslog(LOG_INFO, "%s", buffer); +} + +static void +LogReLink(const struct alias_link *link_new, + const struct alias_link *link_old) +{ + char buffer_new[300], buffer_old[300]; + DumpLinkData(buffer_new, sizeof buffer_new, "", link_new); + DumpLinkData(buffer_old, sizeof buffer_old, "", link_old); + syslog(LOG_INFO, "RELINK %s TO %s", buffer_old, buffer_new); +} + +static void +DumpLinkData(char* buffer, size_t bufsize, + const char* action, const struct alias_link* link) +{ + char proto_num[20]; + const char* proto_name = proto_num; + char src_ip[20], dst_ip[20], alias_ip[20], proxy_ip[20]; + if (!link) { + strlcpy(buffer, "((NONE))", bufsize); + return; + } + strlcpy(src_ip, inet_ntoa(link->src_addr), sizeof src_ip); + strlcpy(dst_ip, inet_ntoa(link->dst_addr), sizeof dst_ip); + strlcpy(alias_ip, inet_ntoa(link->alias_addr), sizeof alias_ip); + strlcpy(proxy_ip, inet_ntoa(link->proxy_addr), sizeof proxy_ip); + snprintf(proto_num, sizeof proto_num, "%d", link->link_type); + if (link->link_type == LINK_TCP) + proto_name = "TCP"; + if (link->link_type == LINK_UDP) + proto_name = "UDP"; + if (link->link_type == LINK_ICMP) + proto_name = "ICMP"; + if (link->link_type == LINK_ADDR) + proto_name = "ADDR"; + if (link->link_type == LINK_PPTP) + proto_name = "PPTP"; + if (link->link_type == LINK_FRAGMENT_ID) + proto_name = "FRAGMENT_ID"; + if (link->link_type == LINK_FRAGMENT_PTR) + proto_name = "FRAGMENT_PTR"; + snprintf(buffer, bufsize, + "%p %s%s%s src=%s:%u dest=%s:%u " + "alias=%s:%u proxy=%s:%u server=%p flags=%d(0x%X)", + link, action, action ? " " : "", proto_name, + src_ip, (unsigned) ntohs(link->src_port), + dst_ip, (unsigned) ntohs(link->dst_port), + alias_ip, (unsigned) ntohs(link->alias_port), + proxy_ip, (unsigned) ntohs(link->proxy_port), + link->server, link->flags, link->flags); + buffer[bufsize-1] = 0; +} void PacketAliasSetFWBase(unsigned int base, unsigned int num) { diff -rNu 0/lib/libalias/libalias.3 1/lib/libalias/libalias.3 --- 0/lib/libalias/libalias.3 Mon Dec 31 12:01:34 2001 +++ 1/lib/libalias/libalias.3 Sun Aug 4 12:07:10 2002 @@ -167,6 +167,10 @@ with the current number of ICMP, TCP and UDP links. Mainly useful for debugging when the log file is viewed continuously with .Xr tail 1 . +.It Dv PKT_ALIAS_LOG_LINK +Enables logging of creating, changing and deleting aliasing links via +.Xr syslog 3 +with one message per such action. .It Dv PKT_ALIAS_DENY_INCOMING If this mode bit is set, all incoming packets associated with new TCP connections or new UDP transactions will be marked for being ignored diff -rNu 0/sbin/natd/natd.c 1/sbin/natd/natd.c --- 0/sbin/natd/natd.c Tue Feb 12 21:44:02 2002 +++ 1/sbin/natd/natd.c Sun Aug 4 12:07:10 2002 @@ -884,6 +884,14 @@ "l" }, { PacketAliasOption, + PKT_ALIAS_LOG_LINK, + YesNo, + "[yes|no]", + "enable logging of links", + "log_link", + NULL }, + + { PacketAliasOption, PKT_ALIAS_PROXY_ONLY, YesNo, "[yes|no]", --- 0/sbin/natd/natd.8 Sat Aug 3 13:48:49 2002 +++ 1/sbin/natd/natd.8 Sun Aug 4 12:31:25 2002 @@ -10,6 +10,7 @@ .Bk -words .Op Fl unregistered_only | u .Op Fl log | l +.Op Fl log_link .Op Fl proxy_only .Op Fl reverse .Op Fl deny_incoming | d @@ -73,6 +74,8 @@ This file is truncated each time .Nm is started. +.It Fl log_link +Log adding, deleting and changing of alias links via syslog. .It Fl deny_incoming | d Do not pass incoming packets that have no entry in the internal translation table. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208040933.g749X5AI002822>