From rene@tunix.nl  Thu Apr 17 01:10:24 2003
Return-Path: <rene@tunix.nl>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 48E8B37B401; Thu, 17 Apr 2003 01:10:24 -0700 (PDT)
Received: from bastix.tunix.nl (bastix.tunix.nl [193.79.201.39])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id A612543F75; Thu, 17 Apr 2003 01:10:21 -0700 (PDT)
	(envelope-from rene@tunix.nl)
Received: (from root@localhost) by bastix.tunix.nl (8.9.3c/8.6.12) id KAA93448; Thu, 17 Apr 2003 10:10:36 +0200 (CEST)
Received: by bastix.tunix.nl (TUNIX txp2/smap)
	id sma092807; Thu, 17 Apr 03 10:09:07 +0200
Received: from upsilix.tunix.nl (upsilix.tunix.nl [172.16.2.22])
	by fix.tunix.nl (8.10.2+Sun/8.10.2) with ESMTP id h3H88o922688;
	Thu, 17 Apr 2003 10:08:50 +0200 (MEST)
Received: from upsilix.tunix.nl (localhost.tunix.nl [127.0.0.1])
	by upsilix.tunix.nl (8.12.6/8.12.6) with ESMTP id h3H88kc5052851;
	Thu, 17 Apr 2003 10:08:46 +0200 (CEST)
	(envelope-from rene@upsilix.tunix.nl)
Received: (from rene@localhost)
	by upsilix.tunix.nl (8.12.6/8.12.6/Submit) id h3H88kpw052850;
	Thu, 17 Apr 2003 10:08:46 +0200 (CEST)
	(envelope-from rene)
Message-Id: <200304170808.h3H88kpw052850@upsilix.tunix.nl>
Date: Thu, 17 Apr 2003 10:08:46 +0200 (CEST)
From: Rene de Vries <rene@tunix.nl>
Reply-To: Rene de Vries <rene@tunix.nl>
To: FreeBSD-gnats-submit@freebsd.org
Cc: hsu@freebsd.org
Subject: FEATURE: More descriptive message on dropped tcp/udp attempts
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         51082
>Category:       kern
>Synopsis:       FEATURE: More descriptive message on dropped tcp/udp attempts
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bms
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 17 01:20:07 PDT 2003
>Closed-Date:    Tue Dec 13 00:52:54 GMT 2005
>Last-Modified:  Tue Dec 13 00:52:54 GMT 2005
>Originator:     Rene de Vries
>Release:        FreeBSD 4.7-RELEASE-p3 i386 / FreeBSD 5.0-20030401 i386
>Organization:
Tunix Internet Security & Training
>Environment:
	FreeBSD 5.0/4.7
>Description:
	Produce a more descriptive message when a tcp/udp packet is
	dropped. For readability source and destination are reversed.
	For TCP the flags are named (the current hexadecimal output is
	unreadable for humans).
>How-To-Repeat:
>Fix:

Files:
	sys/netinet/tcp_input.c
	sys/netinet/udp_usrreq.c

Diff against FreeBSD 5 (current as of 01 Apr 2003):

Index: sys/netinet/tcp_input.c
===================================================================
RCS file: /home/fbsd-cvsrepo/src/sys/netinet/tcp_input.c,v
retrieving revision 1.202
diff -u -r1.202 tcp_input.c
--- sys/netinet/tcp_input.c	13 Mar 2003 11:46:57 -0000	1.202
+++ sys/netinet/tcp_input.c	1 Apr 2003 13:51:06 -0000
@@ -627,6 +627,21 @@
 				    dbuf, ntohs(th->th_dport), sbuf,
 				    ntohs(th->th_sport), thflags);
 				break;
+ 			case 3:
+ 				log(LOG_INFO,
+ 				"dropped TCP %s:%d -> %s:%d %c%c%c%c%c%c%c%c (0x%02x)\n", 
+ 					sbuf, ntohs(th->th_sport),
+	 				dbuf, ntohs(th->th_dport),
+ 					((thflags & TH_CWR)?'C':'-'),
+ 					((thflags & TH_ECE)?'E':'-'),
+ 					((thflags & TH_URG)?'U':'-'),
+ 					((thflags & TH_ACK)?'A':'-'),
+ 					((thflags & TH_PUSH)?'P':'-'),
+ 					((thflags & TH_RST)?'R':'-'),
+ 					((thflags & TH_SYN)?'S':'-'),
+ 					((thflags & TH_FIN)?'F':'-'),
+ 					thflags);
+  				break;
 			default:
 				break;
 			}

Index: sys/netinet/udp_usrreq.c
===================================================================
RCS file: /home/fbsd-cvsrepo/src/sys/netinet/udp_usrreq.c,v
retrieving revision 1.133
diff -u -r1.133 udp_usrreq.c
--- sys/netinet/udp_usrreq.c	19 Feb 2003 05:47:34 -0000	1.133
+++ sys/netinet/udp_usrreq.c	1 Apr 2003 13:51:06 -0000
@@ -355,10 +355,23 @@
 			char buf[4*sizeof "123"];
 
 			strcpy(buf, inet_ntoa(ip->ip_dst));
-			log(LOG_INFO,
-			    "Connection attempt to UDP %s:%d from %s:%d\n",
-			    buf, ntohs(uh->uh_dport), inet_ntoa(ip->ip_src),
-			    ntohs(uh->uh_sport));
+			switch (log_in_vain) {
+				case 1:
+					log(LOG_INFO,
+			    			"Connection attempt to UDP %s:%d from %s:%d\n",
+			    			buf, ntohs(uh->uh_dport), inet_ntoa(ip->ip_src),
+			    			ntohs(uh->uh_sport));
+					break;
+				case 2:
+					log(LOG_INFO,
+						"dropped UDP %s:%d -> %s:%d\n", 
+						inet_ntoa(ip->ip_src),
+						ntohs(uh->uh_sport),
+			    			buf, ntohs(uh->uh_dport));
+					break;
+				default:
+					break;
+			}
 		}
 		udpstat.udps_noport++;
 		if (m->m_flags & (M_BCAST | M_MCAST)) {

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: bms 
State-Changed-When: Fri Jun 18 02:20:41 GMT 2004 
State-Changed-Why:  
In -CURRENT, we already have something like this for TCP, and the 
UDP portion of the provided patch looks like a no-op/duplication. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=51082 
Responsible-Changed-From-To: freebsd-bugs->bms 
Responsible-Changed-By: bms 
Responsible-Changed-When: Fri Jun 18 03:22:39 GMT 2004 
Responsible-Changed-Why:  
I may as well take htis PR for the time being, but need to discuss 
with other developers what changes, if any, should take place 
to the log_in_vain facility 

http://www.freebsd.org/cgi/query-pr.cgi?pr=51082 
State-Changed-From-To: patched->closed 
State-Changed-By: bms 
State-Changed-When: Tue Dec 13 00:52:41 UTC 2005 
State-Changed-Why:  
-CURRENT is now -STABLE 


http://www.freebsd.org/cgi/query-pr.cgi?pr=51082 
>Unformatted:
