Date: Thu, 14 Dec 2000 20:58:54 +0100 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-security@freebsd.org Subject: Re: Extended ipfw Logging Message-ID: <20001214205854.J253@speedy.gsinet> In-Reply-To: <20001214003219.K96105@149.211.6.64.reflexcom.com>; from cjclark@reflexnet.net on Thu, Dec 14, 2000 at 12:32:19AM -0800 References: <20001214003219.K96105@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 14, 2000 at 00:32 -0800, Crist J. Clark wrote: > > INTRODUCTION > > I wanted to add some detail to the ipfw logging. Specificially, > I wanted TCP flags. However, once I started coding, I decided > why not toss just about every field of interest in. I have > attached patches. > > > WHAT THE PATCHES DO > > There are new fields for all packets. Data from the IP header, > the IP ID, TTL, and extra fragmentation information is printed > for all types of datagrams. TCP packets include additional > information on sequence number, acknowledgement number, and > flags. Why not have the "verbosity" written in the matching rule? One surely doesn't want to bloat *all* logged entries (not even log all denials, and maybe log some accepted packets too). Expand the filter description for the log verbosity level and reference this field when the match is meant to log something. I'm not saying that ipf(4) is the cure for everything. But looking at "man 5 ipf" here's what I really like about it and you might, too: log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] . Although the above "loglevel" is different from your verbosity idea (it's a syslog facility.level pair) you might want to have the best of both worlds in ipfw(4) and code syslog levels as well as your verbosity controlling what packet characteristics to print out and where to do so? :) virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001214205854.J253>