From netch@iv.nn.kiev.ua  Sun Aug  4 02:34:17 2002
Return-Path: <netch@iv.nn.kiev.ua>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B4A3437B400
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  4 Aug 2002 02:34:17 -0700 (PDT)
Received: from segfault.kiev.ua (segfault.kiev.ua [193.193.193.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0F95743E6A
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  4 Aug 2002 02:34:15 -0700 (PDT)
	(envelope-from netch@iv.nn.kiev.ua)
Received: (from uucp@localhost)
	by segfault.kiev.ua (8) with UUCP id MND23045;
	Sun, 4 Aug 2002 12:34:11 +0300 (EEST)
	(envelope-from netch@iv.nn.kiev.ua)
Received: (from netch@localhost)
	by iv.nn.kiev.ua (8.12.3/8.12.3) id g749X5AI002822;
	Sun, 4 Aug 2002 12:33:05 +0300 (EEST)
	(envelope-from netch)
Message-Id: <200208040933.g749X5AI002822@iv.nn.kiev.ua>
Date: Sun, 4 Aug 2002 12:33:05 +0300 (EEST)
From: Valentin Nechayev <netch@netch.kiev.ua>
Reply-To: Valentin Nechayev <netch@netch.kiev.ua>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: libalias: logging of links lifecycle (add/delete/change)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         41307
>Category:       kern
>Synopsis:       [libalias] [patch] logging of links lifecycle (add/delete/change)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 04 02:40:02 PDT 2002
>Closed-Date:    
>Last-Modified:  Mon Jan 14 04:50:25 UTC 2008
>Originator:     Valentin Nechayev
>Release:        FreeBSD 4.6.1-RELEASE-p7 i386
>Organization:
Private
>Environment:
FreeBSD 5.0-CURRENT
>Description:

The following patch adds logging of creating and deleting libalias' "links"
which are mappings between connection from masqueraded source, and connection
which is visible at external network. Also it adds switch and command to
request this logging in natd.
Logging of mappings is highly needed when internal network divides to zones
of different responsibility and activity source (e.g., typical office network).
This can't be done in full manner in any agent external to libalias:
firewall can track only TCP SYNs and FINs without log flooding; UDP and
ICMP mappings can't be logged without flooding.

This patch was tested at Lucky Net (http://www.lucky.net) at real network
with quite high load of NAT'ing hosts (up to 100 loaded DSL links per host).

>How-To-Repeat:

>Fix:

The following patch is for 5.0-CURRENT (two days ago)

diff -rNu 0/lib/libalias/alias.h 1/lib/libalias/alias.h
--- 0/lib/libalias/alias.h	Sat Aug  3 13:46:50 2002
+++ 1/lib/libalias/alias.h	Sun Aug  4 12:08:32 2002
@@ -170,6 +170,11 @@
  */
 #define	PKT_ALIAS_REVERSE		0x80
 
+/* If PKT_ALIAS_LOG_LINK is set, creating, changing, and deleting
+ * of mappings are reported via syslog
+*/
+#define PKT_ALIAS_LOG_LINK 0x200
+
 /* Function return codes. */
 #define	PKT_ALIAS_ERROR			-1
 #define	PKT_ALIAS_OK			1
diff -rNu 0/lib/libalias/alias_db.c 1/lib/libalias/alias_db.c
--- 0/lib/libalias/alias_db.c	Sat Aug  3 13:46:50 2002
+++ 1/lib/libalias/alias_db.c	Sun Aug  4 12:10:06 2002
@@ -144,6 +144,7 @@
     See HISTORY file for additional revisions.
 */
 
+#include <sys/types.h>
 
 /* System include files */
 #include <errno.h>
@@ -154,7 +155,6 @@
 #include <sys/queue.h>
 #include <sys/socket.h>
 #include <sys/time.h>
-#include <sys/types.h>
 
 /* BSD network include files */
 #include <netinet/in_systm.h>
@@ -163,6 +163,9 @@
 #include <netinet/tcp.h>
 #include <arpa/inet.h>
 
+#include <syslog.h>
+#include <string.h>
+
 #include "alias.h"
 #include "alias_local.h"
 
@@ -439,6 +442,13 @@
 static void InitPacketAliasLog(void);
 static void UninitPacketAliasLog(void);
 
+/* Per-link logging */
+static void LogAddLink(const struct alias_link*);
+static void LogDeleteLink(const struct alias_link*);
+static void LogReLink(const struct alias_link*, const struct alias_link*);
+static void DumpLinkData(char*, size_t, const char*,
+	const struct alias_link *);
+
 static u_int
 StartPointIn(struct in_addr alias_addr,
              u_short alias_port,
@@ -919,6 +929,9 @@
     if (deleteAllLinks == 0 && link->flags & LINK_PERMANENT)
         return;
 
+    if (packetAliasMode & PKT_ALIAS_LOG_LINK)
+	LogDeleteLink(link);
+
 #ifndef NO_FW_PUNCH
 /* Delete associated firewall hole, if any */
     ClearFWHole(link);
@@ -1135,6 +1148,8 @@
     {
         ShowAliasStats();
     }
+    if (packetAliasMode & PKT_ALIAS_LOG_LINK)
+	LogAddLink(link);
 
     return(link);
 }
@@ -1154,6 +1169,8 @@
     new_link = AddLink(src_addr, dst_addr, alias_addr,
                        src_port, dst_port, alias_port_param,
                        link_type);
+    if (packetAliasMode & PKT_ALIAS_LOG_LINK)
+	LogReLink(new_link, old_link);
 #ifndef NO_FW_PUNCH
     if (new_link != NULL &&
         old_link->link_type == LINK_TCP &&
@@ -2921,6 +2938,74 @@
     memset(fireWallField, 0, fireWallNumNums);
 }
 #endif
+
+static void
+LogAddLink(const struct alias_link *link)
+{
+    char buffer[300];
+    DumpLinkData(buffer, sizeof buffer, "LINK", link);
+    syslog(LOG_INFO, "%s", buffer);
+}
+
+static void
+LogDeleteLink(const struct alias_link *link)
+{
+    char buffer[300];
+    DumpLinkData(buffer, sizeof buffer, "UNLINK", link);
+    syslog(LOG_INFO, "%s", buffer);
+}
+
+static void
+LogReLink(const struct alias_link *link_new,
+	const struct alias_link *link_old)
+{
+    char buffer_new[300], buffer_old[300];
+    DumpLinkData(buffer_new, sizeof buffer_new, "", link_new);
+    DumpLinkData(buffer_old, sizeof buffer_old, "", link_old);
+    syslog(LOG_INFO, "RELINK %s TO %s", buffer_old, buffer_new);
+}
+
+static void
+DumpLinkData(char* buffer, size_t bufsize,
+	const char* action, const struct alias_link* link)
+{
+    char proto_num[20];
+    const char* proto_name = proto_num;
+    char src_ip[20], dst_ip[20], alias_ip[20], proxy_ip[20];
+    if (!link) {
+	strlcpy(buffer, "((NONE))", bufsize);
+	return;
+    }
+    strlcpy(src_ip, inet_ntoa(link->src_addr), sizeof src_ip);
+    strlcpy(dst_ip, inet_ntoa(link->dst_addr), sizeof dst_ip);
+    strlcpy(alias_ip, inet_ntoa(link->alias_addr), sizeof alias_ip);
+    strlcpy(proxy_ip, inet_ntoa(link->proxy_addr), sizeof proxy_ip);
+    snprintf(proto_num, sizeof proto_num, "%d", link->link_type);
+    if (link->link_type == LINK_TCP)
+	proto_name = "TCP";
+    if (link->link_type == LINK_UDP)
+	proto_name = "UDP";
+    if (link->link_type == LINK_ICMP)
+	proto_name = "ICMP";
+    if (link->link_type == LINK_ADDR)
+	proto_name = "ADDR";
+    if (link->link_type == LINK_PPTP)
+	proto_name = "PPTP";
+    if (link->link_type == LINK_FRAGMENT_ID)
+	proto_name = "FRAGMENT_ID";
+    if (link->link_type == LINK_FRAGMENT_PTR)
+	proto_name = "FRAGMENT_PTR";
+    snprintf(buffer, bufsize,
+	"%p %s%s%s src=%s:%u dest=%s:%u "
+	"alias=%s:%u proxy=%s:%u server=%p flags=%d(0x%X)",
+	link, action, action ? " " : "", proto_name,
+	src_ip, (unsigned) ntohs(link->src_port),
+	dst_ip, (unsigned) ntohs(link->dst_port),
+	alias_ip, (unsigned) ntohs(link->alias_port),
+	proxy_ip, (unsigned) ntohs(link->proxy_port),
+	link->server, link->flags, link->flags);
+    buffer[bufsize-1] = 0;
+}
 
 void
 PacketAliasSetFWBase(unsigned int base, unsigned int num) {
diff -rNu 0/lib/libalias/libalias.3 1/lib/libalias/libalias.3
--- 0/lib/libalias/libalias.3	Mon Dec 31 12:01:34 2001
+++ 1/lib/libalias/libalias.3	Sun Aug  4 12:07:10 2002
@@ -167,6 +167,10 @@
 with the current number of ICMP, TCP and UDP links.
 Mainly useful for debugging when the log file is viewed continuously with
 .Xr tail 1 .
+.It Dv PKT_ALIAS_LOG_LINK
+Enables logging of creating, changing and deleting aliasing links via
+.Xr syslog 3
+with one message per such action.
 .It Dv PKT_ALIAS_DENY_INCOMING
 If this mode bit is set, all incoming packets associated with new TCP
 connections or new UDP transactions will be marked for being ignored
diff -rNu 0/sbin/natd/natd.c 1/sbin/natd/natd.c
--- 0/sbin/natd/natd.c	Tue Feb 12 21:44:02 2002
+++ 1/sbin/natd/natd.c	Sun Aug  4 12:07:10 2002
@@ -884,6 +884,14 @@
 		"l" },
 
 	{ PacketAliasOption,
+		PKT_ALIAS_LOG_LINK,
+		YesNo,
+		"[yes|no]",
+		"enable logging of links",
+		"log_link",
+		NULL },
+
+	{ PacketAliasOption,
 		PKT_ALIAS_PROXY_ONLY,
 		YesNo,
 		"[yes|no]",
--- 0/sbin/natd/natd.8	Sat Aug  3 13:48:49 2002
+++ 1/sbin/natd/natd.8	Sun Aug  4 12:31:25 2002
@@ -10,6 +10,7 @@
 .Bk -words
 .Op Fl unregistered_only | u
 .Op Fl log | l
+.Op Fl log_link
 .Op Fl proxy_only
 .Op Fl reverse
 .Op Fl deny_incoming | d
@@ -73,6 +74,8 @@
 This file is truncated each time
 .Nm
 is started.
+.It Fl log_link
+Log adding, deleting and changing of alias links via syslog.
 .It Fl deny_incoming | d
 Do not pass incoming packets that have no
 entry in the internal translation table.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->ru 
Responsible-Changed-By: kris 
Responsible-Changed-When: Fri Jul 18 15:12:10 PDT 2003 
Responsible-Changed-Why:  
Assign to libalias maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=41307 

From: Alexander Peresunko <alex@freeman.org.ua>
To: freebsd-gnats-submit@FreeBSD.org, netch@netch.kiev.ua
Cc:  
Subject: Re: bin/41307: libalias: logging of links lifecycle (add/delete/change)
Date: Fri, 26 Mar 2004 02:35:21 +0200

 I've adapted given patch to recent CURRENT (from 25, Marh 2004).
 
 Here it is.
 
 --- lib/libalias/alias.h.orig	Fri Mar 26 00:56:55 2004
 +++ lib/libalias/alias.h	Fri Mar 26 00:58:22 2004
 @@ -252,6 +252,11 @@
   */
  #define	PKT_ALIAS_REVERSE		0x80
  
 +/* If PKT_ALIAS_LOG_LINK is set, creating, changing, and deleting
 + * of mappings are reported via syslog
 + */
 +#define PKT_ALIAS_LOG_LINK 0x200
 +
  /* Function return codes. */
  #define	PKT_ALIAS_ERROR			-1
  #define	PKT_ALIAS_OK			1
 --- lib/libalias/alias_db.c.orig	Fri Mar 26 01:00:06 2004
 +++ lib/libalias/alias_db.c	Fri Mar 26 01:16:18 2004
 @@ -142,6 +142,7 @@
      See HISTORY file for additional revisions.
  */
  
 +#include <sys/types.h>
  
  /* System include files */
  #include <errno.h>
 @@ -152,7 +153,6 @@
  #include <sys/queue.h>
  #include <sys/socket.h>
  #include <sys/time.h>
 -#include <sys/types.h>
  
  /* BSD network include files */
  #include <netinet/in_systm.h>
 @@ -161,6 +161,9 @@
  #include <netinet/tcp.h>
  #include <arpa/inet.h>
  
 +#include <syslog.h>
 +#include <string.h>
 +
  #include "alias.h"
  #include "alias_local.h"
  
 @@ -364,6 +367,13 @@
  static void	InitPacketAliasLog(struct libalias *la);
  static void	UninitPacketAliasLog(struct libalias *la);
  
 +/* Per-link logging */
 +static void LogAddLink(const struct alias_link*);
 +static void LogDeleteLink(const struct alias_link*);
 +static void LogReLink(const struct alias_link*, const struct alias_link*);
 +static void DumpLinkData(char*, size_t, const char*, 
 +	const struct alias_link *);
 +
  static		u_int
  StartPointIn(struct in_addr alias_addr,
      u_short alias_port,
 @@ -815,6 +825,9 @@
  	if (la->deleteAllLinks == 0 && link->flags & LINK_PERMANENT)
  		return;
  
 +	if (la->packetAliasMode & PKT_ALIAS_LOG_LINK)
 +		LogDeleteLink(link);
 +
  #ifndef NO_FW_PUNCH
  /* Delete associated firewall hole, if any */
  	ClearFWHole(link);
 @@ -1017,6 +1030,10 @@
  	if (la->packetAliasMode & PKT_ALIAS_LOG) {
  		ShowAliasStats(la);
  	}
 +
 +	if (la->packetAliasMode & PKT_ALIAS_LOG_LINK)
 +		LogAddLink(link);
 +	
  	return (link);
  }
  
 @@ -1037,6 +1054,8 @@
  	new_link = AddLink(la, src_addr, dst_addr, alias_addr,
  	    src_port, dst_port, alias_port_param,
  	    link_type);
 +	if (la->packetAliasMode & PKT_ALIAS_LOG_LINK)
 +		LogReLink(new_link, old_link);
  #ifndef NO_FW_PUNCH
  	if (new_link != NULL &&
  	    old_link->link_type == LINK_TCP &&
 @@ -2767,6 +2786,78 @@
  }
  
  #endif
 +
 +static void
 +LogAddLink(const struct alias_link *link)
 +{
 +	char buffer[300];
 +	
 +	DumpLinkData(buffer, sizeof buffer, "LINK", link);
 +	syslog(LOG_INFO, "%s", buffer);
 +}
 +
 +static void
 +LogDeleteLink(const struct alias_link *link)
 +{
 +	char buffer[300];
 +	
 +	DumpLinkData(buffer, sizeof buffer, "UNLINK", link);
 +	syslog(LOG_INFO, "%s", buffer);
 +}
 +
 +static void
 +LogReLink(const struct alias_link *link_new,
 +	const struct alias_link *link_old)
 +{
 +	char buffer_new[300], buffer_old[300];
 +	
 +	DumpLinkData(buffer_new, sizeof buffer_new, "", link_new);
 +	DumpLinkData(buffer_old, sizeof buffer_old, "", link_old);
 +	syslog(LOG_INFO, "RELINK %s TO %s", buffer_old, buffer_new);
 +}
 +
 +static void
 +DumpLinkData(char* buffer, size_t bufsize,
 +	const char* action, const struct alias_link* link)
 +{
 +	char proto_num[20];
 +	const char* proto_name = proto_num;
 +	char src_ip[20], dst_ip[20], alias_ip[20], proxy_ip[20];
 +    
 +	if (!link) {
 +		strlcpy(buffer, "((NONE))", bufsize);
 +		return;
 +	}
 +	strlcpy(src_ip, inet_ntoa(link->src_addr), sizeof src_ip);
 +	strlcpy(dst_ip, inet_ntoa(link->dst_addr), sizeof dst_ip);
 +	strlcpy(alias_ip, inet_ntoa(link->alias_addr), sizeof alias_ip);
 +	strlcpy(proxy_ip, inet_ntoa(link->proxy_addr), sizeof proxy_ip);
 +	snprintf(proto_num, sizeof proto_num, "%d", link->link_type);
 +	if (link->link_type == LINK_TCP)
 +		proto_name = "TCP";
 +	if (link->link_type == LINK_UDP)
 +		proto_name = "UDP";
 +	if (link->link_type == LINK_ICMP)
 +		proto_name = "ICMP";
 +	if (link->link_type == LINK_ADDR)
 +		proto_name = "ADDR";
 +	if (link->link_type == LINK_PPTP)
 +		proto_name = "PPTP";
 +	if (link->link_type == LINK_FRAGMENT_ID)
 +		proto_name = "FRAGMENT_ID";
 +	if (link->link_type == LINK_FRAGMENT_PTR)
 +		proto_name = "FRAGMENT_PTR";
 +	snprintf(buffer, bufsize,
 +	"%p %s%s%s src=%s:%u dest=%s:%u "
 +	"alias=%s:%u proxy=%s:%u server=%p flags=%d(0x%X)",
 +	link, action, action ? " " : "", proto_name,
 +	src_ip, (unsigned) ntohs(link->src_port),
 +	dst_ip, (unsigned) ntohs(link->dst_port),
 +	alias_ip, (unsigned) ntohs(link->alias_port),
 +	proxy_ip, (unsigned) ntohs(link->proxy_port),
 +	link->server, link->flags, link->flags);
 +	buffer[bufsize-1] = 0;
 +}
  
  void
  LibAliasSetFWBase(struct libalias *la, unsigned int base, unsigned int num)
 --- lib/libalias/libalias.3.orig	Fri Mar 26 01:18:36 2004
 +++ lib/libalias/libalias.3	Fri Mar 26 01:18:17 2004
 @@ -172,6 +172,10 @@
  with the current number of ICMP, TCP and UDP links.
  Mainly useful for debugging when the log file is viewed continuously with
  .Xr tail 1 .
 +.It Dv PKT_ALIAS_LOG_LINK
 +Enables logging of creating, changing and deleting aliasing links via
 +.Xr syslog 3
 +with one message per such action.
  .It Dv PKT_ALIAS_DENY_INCOMING
  If this mode bit is set, all incoming packets associated with new TCP
  connections or new UDP transactions will be marked for being ignored
 --- sbin/natd/natd.c.orig	Fri Mar 26 01:19:59 2004
 +++ sbin/natd/natd.c	Fri Mar 26 01:24:36 2004
 @@ -892,6 +892,14 @@
  		"l" },
  
  	{ PacketAliasOption,
 +		PKT_ALIAS_LOG_LINK,
 +		YesNo,
 +		"[yes|no]",
 +		"enable logging of links",
 +		"log_link",
 +		NULL },
 +
 +	{ PacketAliasOption,
  		PKT_ALIAS_PROXY_ONLY,
  		YesNo,
  		"[yes|no]",
 --- sbin/natd/natd.8.orig	Fri Mar 26 01:26:17 2004
 +++ sbin/natd/natd.8	Fri Mar 26 01:27:06 2004
 @@ -10,6 +10,7 @@
  .Bk -words
  .Op Fl unregistered_only | u
  .Op Fl log | l
 +.Op Fl log_link
  .Op Fl proxy_only
  .Op Fl reverse
  .Op Fl deny_incoming | d
 @@ -80,6 +81,8 @@
  This file is truncated each time
  .Nm
  is started.
 +.It Fl log_link
 +Log adding, deleting and changing of alias links via syslog.
  .It Fl deny_incoming | d
  Do not pass incoming packets that have no
  entry in the internal translation table.
 
 
 Patch has been successfully tested.
 
 -- 
 FREE-UANIC
Responsible-Changed-From-To: ru->freebsd-bugs 
Responsible-Changed-By: ru 
Responsible-Changed-When: Fri Apr 16 23:17:20 PDT 2004 
Responsible-Changed-Why:  
ENOTIME 

http://www.freebsd.org/cgi/query-pr.cgi?pr=41307 
>Unformatted:
