Date: Fri, 16 Nov 2001 18:53:37 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: Poul-Henning Kamp <phk@FreeBSD.org> Cc: ru@FreeBSD.org, audit@FreeBSD.org Subject: Re: cvs commit: src/sbin/natd natd.8 natd.c Message-ID: <71404.1005929617@axl.seasidesoftware.co.za> In-Reply-To: Your message of "Wed, 31 Oct 2001 08:08:49 PST." <200110311608.f9VG8nd19655@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 31 Oct 2001 08:08:49 PST, Poul-Henning Kamp wrote:
> Modified files:
> sbin/natd natd.8 natd.c
> Log:
> Do not uselessly whine in syslog about packets denied by ipfw rules.
>
> Set 'log_ipfw_denied' option if you want the old behaviour.
Yuk. Wouldn't a better idea simply to make the whining more useful,
with something like this?
Ciao,
Sheldon.
Index: natd.c
===================================================================
RCS file: /home/ncvs/src/sbin/natd/natd.c,v
retrieving revision 1.36
diff -u -d -r1.36 natd.c
--- natd.c 31 Oct 2001 16:08:49 -0000 1.36
+++ natd.c 16 Nov 2001 16:50:08 -0000
@@ -589,6 +589,8 @@
{
int wrote;
char msgBuf[80];
+ char hostBuf[NI_MAXHOST];
+ char servBuf[NI_MAXSERV];
/*
* Put packet back for processing.
*/
@@ -618,7 +620,15 @@
}
else if (errno == EACCES && log_ipfw_denied) {
- sprintf (msgBuf, "failed to write packet back");
+ if (getnameinfo((struct sockaddr *)&packetAddr,
+ packetAddr.sin_len, hostBuf, sizeof(hostBuf),
+ servBuf, sizeof(servBuf),
+ NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
+ sprintf(hostBuf, "unknown");
+ sprintf(servBuf, "unknown");
+ }
+ sprintf (msgBuf, "failed to write packet to %s:%s",
+ hostBuf, servBuf);
Warn (msgBuf);
}
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?71404.1005929617>