From owner-freebsd-bugs Wed Nov 3 10: 1:31 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id ECB3714DD0 for ; Wed, 3 Nov 1999 10:01:28 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id KAA68063; Wed, 3 Nov 1999 10:00:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from monkeys.com (i180.value.net [206.14.136.180]) by hub.freebsd.org (Postfix) with ESMTP id 8EF52158D7 for ; Wed, 3 Nov 1999 09:55:48 -0800 (PST) (envelope-from rfg@monkeys.com) Received: (from rfg@localhost) by monkeys.com (8.9.3/8.9.3) id JAA11229; Wed, 3 Nov 1999 09:54:50 -0800 (PST) Message-Id: <199911031754.JAA11229@monkeys.com> Date: Wed, 3 Nov 1999 09:54:50 -0800 (PST) From: "Ronald F. Guilmette" Reply-To: rfg@monkeys.com (Ronald F. Guilmette) To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/14688: kernel firewall code doesn't log port #'s for `Fragment's Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 14688 >Category: kern >Synopsis: kernel firewall code doesn't log port #'s for `Fragment's >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Nov 3 10:00:01 PST 1999 >Closed-Date: >Last-Modified: >Originator: Ronald F. Guilmette >Release: FreeBSD 3.3-RELEASE i386 >Organization: E-Scrub Technologies, Inc. >Environment: >Description: A kernel that has been built with the IPFIREWALL option can be instructed to log instances of incoming packet fragments. When it is so configured, the kernel will dutifully log such packets, however the entries it writes to the syslog for such packets, while including the sources and destination IP addresses fail to also include the source and destination port numbers. The port numbner information may be helpful in various circum- stances, and should be included in the relevant log records. >How-To-Repeat: Configure a kernel with `option IPFIREWALL'. Built it. Install it. Then reboot. Insure that kernel logging messages are logged to either a file or to /dev/console by adding an appropriate entry to the local /etc/syslog.conf file. Restart or reinitialize syslogd. Then execute the following command (as root): ipfw add 30000 deny log tcp from any to any frag Then arrange to send some packet fragments to the system in question and look at the resulting log entries. >Fix: Modify the code for the IPPROTO_TCP & IPPROTO_UDP cases of the switch() statement beginning at line 363 of /usr/src/sys/netinet/ip_fw.c so that the port number is always printed, even if the value of the subexpression (ip->ip_off & IP_OFFMASK) is non-zero. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message