From 320099972051-0001@t-online.de  Tue Feb 11 04:59:32 2003
Return-Path: <320099972051-0001@t-online.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3DAF737B401
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 11 Feb 2003 04:59:32 -0800 (PST)
Received: from mailout01.sul.t-online.com (mailout01.sul.t-online.com [194.25.134.80])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7389E43FAF
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 11 Feb 2003 04:59:31 -0800 (PST)
	(envelope-from 320099972051-0001@t-online.de)
Received: from fwd09.sul.t-online.de 
	by mailout01.sul.t-online.com with smtp 
	id 18ia0Y-0007wB-03; Tue, 11 Feb 2003 13:59:30 +0100
Received: from cordoba.local.mediabase-gmbh.de. (320099972051-0001@[217.233.93.42]) by fwd09.sul.t-online.com
	with esmtp id 18ia0M-2KzRpYC; Tue, 11 Feb 2003 13:59:18 +0100
Received: from gargano.local.mediabase-gmbh.de (gargano.local.mediabase-gmbh.de [195.243.73.160])
	by cordoba.local.mediabase-gmbh.de. (8.12.2/8.12.2) with ESMTP id h1BCxFi4032674
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 11 Feb 2003 12:59:16 GMT
Received: from gargano.local.mediabase-gmbh.de (localhost.localdomain [127.0.0.1])
	by gargano.local.mediabase-gmbh.de (8.12.5/8.12.5) with ESMTP id h1BCxFdi028302
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 11 Feb 2003 12:59:15 GMT
Received: (from aw@localhost)
	by gargano.local.mediabase-gmbh.de (8.12.5/8.12.5/Submit) id h1BCxES4028301
	for FreeBSD-gnats-submit@freebsd.org; Tue, 11 Feb 2003 12:59:14 GMT
Message-Id: <200302111259.h1BCxES4028301@gargano.local.mediabase-gmbh.de>
Date: Tue, 11 Feb 2003 12:59:14 GMT
From: 320099972051-0001@t-online.de (Arne Woerner)
To: FreeBSD-gnats-submit@freebsd.org
Subject: ipfw does not log size and flags

>Number:         48172
>Category:       kern
>Synopsis:       [ipfw] [patch] ipfw does not log size and flags
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ipfw
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 11 05:00:20 PST 2003
>Closed-Date:    
>Last-Modified:  Mon Oct 24 04:38:40 GMT 2005
>Originator:     Arne Woerner
>Release:        FreeBSD 4.7-RELEASE i386
>Organization:
mediaBase GmbH, MUC, BY, FRG
>Environment:
System: FreeBSD actionman 4.7-RELEASE FreeBSD 4.7-RELEASE #2: Mon Jan 6 18:29:23 GMT 2003 aw@tiger.local.mediabase-gmbh.de:/usr/src/sys
/compile/RIDDICK i386

>Description:
	If you want to use syslog messages for traffic analysis
	it is useful if kernel/ipfw would log packet size and
	in case of a tcp packet the flags (maybe a new sysctl
	variable or value would be necessary for compatibility
	reasons).
>How-To-Repeat:
>Fix:
	netinet/ip_fw2.c contains a function ipfw_log()
	that could easily be changed...
	Of course I could send tcpdump's output through
	logger to the loghost...

>Release-Note:
>Audit-Trail:

From: "Dorr H. Clark" <dclark@applmath.scu.edu>
To: freebsd-gnats-submit@FreeBSD.org, 320099972051-0001@t-online.de
Cc:  
Subject: fix proposal Re: kern/48172: ipfw does not log size and flags
Date: Thu, 01 May 2003 18:09:35 -0700

 Logging example before change:
 Mar 12 10:02:56 COEN_284 /kernel: ipfw: 400 Deny UDP 127.0.0.1:1034 
 127.0.0.1 out via lo0
 Mar 12 10:02:56 COEN_284 /kernel: ipfw: 400 Deny TCP 192.168.0.101:1024 
 192.168.0.100 out via xl0
 
 The following command is helpful:
 sysctl -w net.inet.ip.fw.verbose=1
 
 Logging example after change:
 Mar 20 18:52:38 COEN_284 /kernel: ipfw: 400 Deny UDP 127.0.0.1:1034 
 127.0.0.1 id:10 ttl:64 size:67  out via lo0
 Mar 20 18:52:38 COEN_284 /kernel: ipfw: 400 Deny TCP 192.168.0.101:1024 
 192.168.0.100 id:11 flg:2 seq:1aff3139 ack:00000000 ttl:64 size:55 out
 via 
 xl0
 
 This bug is pretty simple to fix, but it still makes a great
 project because of the fun of staging and testing the change.
 
 NOTE:  This patch is compatible with 4.7-STABLE !
 
 Here is the code change for this bug:
 
 --- /usr/src/sys/netinet/ip_fw.c        Sun Jul 28 19:04:25 2002
 +++ ip_fw.c     Mon Apr 28 21:11:02 2003
 @@ -570,6 +570,16 @@
             if (offset == 0)
                     snprintf(SNPARGS(proto, len), ":%d",
                         ntohs(tcp->th_dport));
 +           else
 +                   len += snprintf(SNPARGS(proto,len), " ");
 +           len += snprintf(SNPARGS(proto,len), "id:%u
 ",ntohs(ip->ip_id));
 +           len += snprintf(SNPARGS(proto,len), "flg:%x
 ",tcp->th_flags);
 +           len += snprintf(SNPARGS(proto,len), "seq:%08x ",(unsigned
 int)ntohl(tcp->th_seq));
 +           len += snprintf(SNPARGS(proto,len), "ack:%08x ",(unsigned
 int)ntohl(tcp->th_ack));
 +           len += snprintf(SNPARGS(proto,len), "ttl:%u ",ip->ip_ttl);
 +           len += snprintf(SNPARGS(proto,len), "size:%u ",ip->ip_len - 
 +ip->ip_hl);
 +
             break;
      case IPPROTO_UDP:
             len = snprintf(SNPARGS(proto, 0), "UDP %s",
 @@ -584,6 +594,12 @@
             if (offset == 0)
                     snprintf(SNPARGS(proto, len), ":%d",
                         ntohs(udp->uh_dport));
 +
 +           len += snprintf(SNPARGS(proto,len), "id:%u
 ",ntohs(ip->ip_id));
 +           len += snprintf(SNPARGS(proto,len), "ttl:%u ",ip->ip_ttl);
 +           len += snprintf(SNPARGS(proto,len), "size:%u ",ip->ip_len - 
 +ip->ip_hl);
 +
             break;
      case IPPROTO_ICMP:
             if (offset == 0)
 
 Jagdish Patel, engineer
 Dorr H. Clark, advisor
 COEN 284 - Operating Systems Case Study 
 Santa Clara University, 
 Santa Clara CA.
Responsible-Changed-From-To: freebsd-bugs->ipfw 
Responsible-Changed-By: johan 
Responsible-Changed-When: Tue May 6 13:40:34 PDT 2003 
Responsible-Changed-Why:  
Over to maintainer group. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48172 
Responsible-Changed-From-To: ipfw->freebsd-ipfw 
Responsible-Changed-By: gnats 
Responsible-Changed-When: Mon Oct 24 04:38:05 GMT 2005 
Responsible-Changed-Why:  


http://www.freebsd.org/cgi/query-pr.cgi?pr=48172 
>Unformatted:
