diff options
| author | cjc <cjc@FreeBSD.org> | 2001-07-02 15:50:31 +0000 |
|---|---|---|
| committer | cjc <cjc@FreeBSD.org> | 2001-07-02 15:50:31 +0000 |
| commit | a00bbf94c23eddd1788f0f481eebc82fa366bf17 (patch) | |
| tree | d3e15753565fd6fb7ae7216c9589435afeb55dbd /sys/netinet | |
| parent | 894add3bd003f1bc6ac5015e40202049972c57ab (diff) | |
| download | FreeBSD-src-a00bbf94c23eddd1788f0f481eebc82fa366bf17.zip FreeBSD-src-a00bbf94c23eddd1788f0f481eebc82fa366bf17.tar.gz | |
While in there fixing a fragment logging bug, fix it so we log
fragments "right." Log fragment information tcpdump(8)-style,
Jul 1 19:38:45 bubbles /boot/kernel/kernel: ipfw: 1000 Accept ICMP:8.0 192.168.64.60 192.168.64.20 in via ep0 (frag 53113:1480@0+)
That is, instead of the old,
... Fragment = <offset/8>
Do,
... (frag <IP ID>:<data len>@<offset>[+])
PR: kern/23446
Approved by: ru
MFC after: 1 week
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_fw.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index 78c79cf..818e745 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -206,7 +206,8 @@ static __inline int static int tcpflg_match __P((struct tcphdr *tcp, struct ip_fw *f)); static int icmptype_match __P((struct icmp * icmp, struct ip_fw * f)); static void ipfw_report __P((struct ip_fw *f, struct ip *ip, int offset, - struct ifnet *rif, struct ifnet *oif)); + int ip_len, struct ifnet *rif, + struct ifnet *oif)); static void flush_rule_ptrs(void); @@ -492,7 +493,7 @@ iface_match(struct ifnet *ifp, union ip_fw_if *ifu, int byname) } static void -ipfw_report(struct ip_fw *f, struct ip *ip, int offset, +ipfw_report(struct ip_fw *f, struct ip *ip, int offset, int ip_len, struct ifnet *rif, struct ifnet *oif) { struct tcphdr *const tcp = (struct tcphdr *) ((u_int32_t *) ip+ ip->ip_hl); @@ -500,7 +501,7 @@ ipfw_report(struct ip_fw *f, struct ip *ip, int offset, struct icmp *const icmp = (struct icmp *) ((u_int32_t *) ip + ip->ip_hl); u_int64_t count; char *action; - char action2[32], proto[47], name[18], fragment[17]; + char action2[32], proto[47], name[18], fragment[27]; int len; count = f ? f->fw_pcnt : ++counter; @@ -619,9 +620,11 @@ ipfw_report(struct ip_fw *f, struct ip *ip, int offset, break; } - if (offset != 0) - snprintf(SNPARGS(fragment, 0), " Fragment = %d", - offset); + if (ip->ip_off & (IP_MF | IP_OFFMASK)) + snprintf(SNPARGS(fragment, 0), " (frag %d:%d@%d%s)", + ntohs(ip->ip_id), ip_len - (ip->ip_hl << 2), + offset << 3, + (ip->ip_off & IP_MF) ? "+" : ""); else fragment[0] = '\0'; if (oif) @@ -1326,7 +1329,7 @@ check_ports: bogusfrag: if (fw_verbose && ip != NULL) - ipfw_report(NULL, ip, offset, rif, oif); + ipfw_report(NULL, ip, offset, ip_len, rif, oif); goto dropit; } @@ -1349,7 +1352,7 @@ got_match: /* Log to console if desired */ if ((f->fw_flg & IP_FW_F_PRN) && fw_verbose) - ipfw_report(f, ip, offset, rif, oif); + ipfw_report(f, ip, offset, ip_len, rif, oif); /* Take appropriate action */ switch (f->fw_flg & IP_FW_F_COMMAND) { |
