Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 Nov 1999 09:54:50 -0800 (PST)
From:      "Ronald F. Guilmette" <rfg@monkeys.com>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/14688: kernel firewall code doesn't log port #'s for `Fragment's
Message-ID:  <199911031754.JAA11229@monkeys.com>
index | next in thread | raw e-mail 


>Number:         14688
>Category:       kern
>Synopsis:       kernel firewall code doesn't log port #'s for `Fragment's
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov  3 10:00:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator:     Ronald F. Guilmette
>Release:        FreeBSD 3.3-RELEASE i386
>Organization:
E-Scrub Technologies, Inc.
>Environment:

>Description:

	A kernel that has been built with the IPFIREWALL option can be
	instructed to log instances of incoming packet fragments.

	When it is so configured, the kernel will dutifully log such
	packets, however the entries it writes to the syslog for such
	packets, while including the sources and destination IP addresses
	fail to also include the source and destination port numbers.

	The port numbner information may be helpful in various circum-
	stances, and should be included in the relevant log records.

>How-To-Repeat:

	Configure a kernel with `option IPFIREWALL'.  Built it.  Install it.
	Then reboot.  Insure that kernel logging messages are logged to
	either a file or to /dev/console by adding an appropriate entry
	to the local /etc/syslog.conf file.  Restart or reinitialize syslogd.
	Then execute the following command (as root):

	ipfw add 30000 deny log tcp from any to any frag

	Then arrange to send some packet fragments to the system in question
	and look at the resulting log entries.

>Fix:
	
	Modify the code for the IPPROTO_TCP & IPPROTO_UDP cases of the switch()
	statement beginning at line 363 of /usr/src/sys/netinet/ip_fw.c so
	that the port number is always printed, even if the value of the
	subexpression (ip->ip_off & IP_OFFMASK) is non-zero.

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911031754.JAA11229>