From owner-freebsd-bugs Sun Aug 4 2:40:23 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2F6037B401 for ; Sun, 4 Aug 2002 02:40:04 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03FA743E42 for ; Sun, 4 Aug 2002 02:40:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g749e3JU087328 for ; Sun, 4 Aug 2002 02:40:03 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g749e3lU087327; Sun, 4 Aug 2002 02:40:03 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4A3437B400 for ; Sun, 4 Aug 2002 02:34:17 -0700 (PDT) Received: from segfault.kiev.ua (segfault.kiev.ua [193.193.193.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F95743E6A for ; Sun, 4 Aug 2002 02:34:15 -0700 (PDT) (envelope-from netch@iv.nn.kiev.ua) Received: (from uucp@localhost) by segfault.kiev.ua (8) with UUCP id MND23045; Sun, 4 Aug 2002 12:34:11 +0300 (EEST) (envelope-from netch@iv.nn.kiev.ua) Received: (from netch@localhost) by iv.nn.kiev.ua (8.12.3/8.12.3) id g749X5AI002822; Sun, 4 Aug 2002 12:33:05 +0300 (EEST) (envelope-from netch) Message-Id: <200208040933.g749X5AI002822@iv.nn.kiev.ua> Date: Sun, 4 Aug 2002 12:33:05 +0300 (EEST) From: Valentin Nechayev Reply-To: Valentin Nechayev To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/41307: libalias: logging of links lifecycle (add/delete/change) Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 41307 >Category: bin >Synopsis: libalias: logging of links lifecycle (add/delete/change) >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Aug 04 02:40:02 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Valentin Nechayev >Release: FreeBSD 4.6.1-RELEASE-p7 i386 >Organization: Private >Environment: FreeBSD 5.0-CURRENT >Description: The following patch adds logging of creating and deleting libalias' "links" which are mappings between connection from masqueraded source, and connection which is visible at external network. Also it adds switch and command to request this logging in natd. Logging of mappings is highly needed when internal network divides to zones of different responsibility and activity source (e.g., typical office network). This can't be done in full manner in any agent external to libalias: firewall can track only TCP SYNs and FINs without log flooding; UDP and ICMP mappings can't be logged without flooding. This patch was tested at Lucky Net (http://www.lucky.net) at real network with quite high load of NAT'ing hosts (up to 100 loaded DSL links per host). >How-To-Repeat: >Fix: The following patch is for 5.0-CURRENT (two days ago) diff -rNu 0/lib/libalias/alias.h 1/lib/libalias/alias.h --- 0/lib/libalias/alias.h Sat Aug 3 13:46:50 2002 +++ 1/lib/libalias/alias.h Sun Aug 4 12:08:32 2002 @@ -170,6 +170,11 @@ */ #define PKT_ALIAS_REVERSE 0x80 +/* If PKT_ALIAS_LOG_LINK is set, creating, changing, and deleting + * of mappings are reported via syslog +*/ +#define PKT_ALIAS_LOG_LINK 0x200 + /* Function return codes. */ #define PKT_ALIAS_ERROR -1 #define PKT_ALIAS_OK 1 diff -rNu 0/lib/libalias/alias_db.c 1/lib/libalias/alias_db.c --- 0/lib/libalias/alias_db.c Sat Aug 3 13:46:50 2002 +++ 1/lib/libalias/alias_db.c Sun Aug 4 12:10:06 2002 @@ -144,6 +144,7 @@ See HISTORY file for additional revisions. */ +#include /* System include files */ #include @@ -154,7 +155,6 @@ #include #include #include -#include /* BSD network include files */ #include @@ -163,6 +163,9 @@ #include #include +#include +#include + #include "alias.h" #include "alias_local.h" @@ -439,6 +442,13 @@ static void InitPacketAliasLog(void); static void UninitPacketAliasLog(void); +/* Per-link logging */ +static void LogAddLink(const struct alias_link*); +static void LogDeleteLink(const struct alias_link*); +static void LogReLink(const struct alias_link*, const struct alias_link*); +static void DumpLinkData(char*, size_t, const char*, + const struct alias_link *); + static u_int StartPointIn(struct in_addr alias_addr, u_short alias_port, @@ -919,6 +929,9 @@ if (deleteAllLinks == 0 && link->flags & LINK_PERMANENT) return; + if (packetAliasMode & PKT_ALIAS_LOG_LINK) + LogDeleteLink(link); + #ifndef NO_FW_PUNCH /* Delete associated firewall hole, if any */ ClearFWHole(link); @@ -1135,6 +1148,8 @@ { ShowAliasStats(); } + if (packetAliasMode & PKT_ALIAS_LOG_LINK) + LogAddLink(link); return(link); } @@ -1154,6 +1169,8 @@ new_link = AddLink(src_addr, dst_addr, alias_addr, src_port, dst_port, alias_port_param, link_type); + if (packetAliasMode & PKT_ALIAS_LOG_LINK) + LogReLink(new_link, old_link); #ifndef NO_FW_PUNCH if (new_link != NULL && old_link->link_type == LINK_TCP && @@ -2921,6 +2938,74 @@ memset(fireWallField, 0, fireWallNumNums); } #endif + +static void +LogAddLink(const struct alias_link *link) +{ + char buffer[300]; + DumpLinkData(buffer, sizeof buffer, "LINK", link); + syslog(LOG_INFO, "%s", buffer); +} + +static void +LogDeleteLink(const struct alias_link *link) +{ + char buffer[300]; + DumpLinkData(buffer, sizeof buffer, "UNLINK", link); + syslog(LOG_INFO, "%s", buffer); +} + +static void +LogReLink(const struct alias_link *link_new, + const struct alias_link *link_old) +{ + char buffer_new[300], buffer_old[300]; + DumpLinkData(buffer_new, sizeof buffer_new, "", link_new); + DumpLinkData(buffer_old, sizeof buffer_old, "", link_old); + syslog(LOG_INFO, "RELINK %s TO %s", buffer_old, buffer_new); +} + +static void +DumpLinkData(char* buffer, size_t bufsize, + const char* action, const struct alias_link* link) +{ + char proto_num[20]; + const char* proto_name = proto_num; + char src_ip[20], dst_ip[20], alias_ip[20], proxy_ip[20]; + if (!link) { + strlcpy(buffer, "((NONE))", bufsize); + return; + } + strlcpy(src_ip, inet_ntoa(link->src_addr), sizeof src_ip); + strlcpy(dst_ip, inet_ntoa(link->dst_addr), sizeof dst_ip); + strlcpy(alias_ip, inet_ntoa(link->alias_addr), sizeof alias_ip); + strlcpy(proxy_ip, inet_ntoa(link->proxy_addr), sizeof proxy_ip); + snprintf(proto_num, sizeof proto_num, "%d", link->link_type); + if (link->link_type == LINK_TCP) + proto_name = "TCP"; + if (link->link_type == LINK_UDP) + proto_name = "UDP"; + if (link->link_type == LINK_ICMP) + proto_name = "ICMP"; + if (link->link_type == LINK_ADDR) + proto_name = "ADDR"; + if (link->link_type == LINK_PPTP) + proto_name = "PPTP"; + if (link->link_type == LINK_FRAGMENT_ID) + proto_name = "FRAGMENT_ID"; + if (link->link_type == LINK_FRAGMENT_PTR) + proto_name = "FRAGMENT_PTR"; + snprintf(buffer, bufsize, + "%p %s%s%s src=%s:%u dest=%s:%u " + "alias=%s:%u proxy=%s:%u server=%p flags=%d(0x%X)", + link, action, action ? " " : "", proto_name, + src_ip, (unsigned) ntohs(link->src_port), + dst_ip, (unsigned) ntohs(link->dst_port), + alias_ip, (unsigned) ntohs(link->alias_port), + proxy_ip, (unsigned) ntohs(link->proxy_port), + link->server, link->flags, link->flags); + buffer[bufsize-1] = 0; +} void PacketAliasSetFWBase(unsigned int base, unsigned int num) { diff -rNu 0/lib/libalias/libalias.3 1/lib/libalias/libalias.3 --- 0/lib/libalias/libalias.3 Mon Dec 31 12:01:34 2001 +++ 1/lib/libalias/libalias.3 Sun Aug 4 12:07:10 2002 @@ -167,6 +167,10 @@ with the current number of ICMP, TCP and UDP links. Mainly useful for debugging when the log file is viewed continuously with .Xr tail 1 . +.It Dv PKT_ALIAS_LOG_LINK +Enables logging of creating, changing and deleting aliasing links via +.Xr syslog 3 +with one message per such action. .It Dv PKT_ALIAS_DENY_INCOMING If this mode bit is set, all incoming packets associated with new TCP connections or new UDP transactions will be marked for being ignored diff -rNu 0/sbin/natd/natd.c 1/sbin/natd/natd.c --- 0/sbin/natd/natd.c Tue Feb 12 21:44:02 2002 +++ 1/sbin/natd/natd.c Sun Aug 4 12:07:10 2002 @@ -884,6 +884,14 @@ "l" }, { PacketAliasOption, + PKT_ALIAS_LOG_LINK, + YesNo, + "[yes|no]", + "enable logging of links", + "log_link", + NULL }, + + { PacketAliasOption, PKT_ALIAS_PROXY_ONLY, YesNo, "[yes|no]", --- 0/sbin/natd/natd.8 Sat Aug 3 13:48:49 2002 +++ 1/sbin/natd/natd.8 Sun Aug 4 12:31:25 2002 @@ -10,6 +10,7 @@ .Bk -words .Op Fl unregistered_only | u .Op Fl log | l +.Op Fl log_link .Op Fl proxy_only .Op Fl reverse .Op Fl deny_incoming | d @@ -73,6 +74,8 @@ This file is truncated each time .Nm is started. +.It Fl log_link +Log adding, deleting and changing of alias links via syslog. .It Fl deny_incoming | d Do not pass incoming packets that have no entry in the internal translation table. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message