From owner-freebsd-hackers  Thu Feb  5 12:07:57 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA18402
          for hackers-outgoing; Thu, 5 Feb 1998 12:07:57 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from whistle.com (s205m131.whistle.com [207.76.205.131])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA18372
          for <hackers@FreeBSD.ORG>; Thu, 5 Feb 1998 12:07:27 -0800 (PST)
          (envelope-from archie@whistle.com)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id MAA28813; Thu, 5 Feb 1998 12:06:56 -0800 (PST)
Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3)
	id sma028809; Thu Feb  5 12:06:28 1998
Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id MAA10605; Thu, 5 Feb 1998 12:06:28 -0800 (PST)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199802052006.MAA10605@bubba.whistle.com>
Subject: Re: ipfw logs ports for fragments
In-Reply-To: <Pine.BSF.3.95.980204205855.2304D-100000@alive.znep.com> from Marc Slemko at "Feb 4, 98 09:01:47 pm"
To: marcs@znep.com (Marc Slemko)
Date: Thu, 5 Feb 1998 12:06:28 -0800 (PST)
Cc: hackers@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL31 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG
X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe hackers"

Marc Slemko writes:
> Feb  4 16:08:27 zaius /kernel: ipfw: 320 Deny UDP 199.170.121.15:14592 198.161.84.2:2 in via de0 Fragment = 29
> 
> Trust me, those port numbers are not right.  ipfw should not log the
> port number if a packet is a fragment.

Good point... patch below fixes it.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com

Index: ip_fw.c
===================================================================
RCS file: /cvs/freebsd/src/sys/netinet/ip_fw.c,v
retrieving revision 1.51.2.6
diff -u -r1.51.2.6 ip_fw.c
--- ip_fw.c	1997/11/22 13:00:48	1.51.2.6
+++ ip_fw.c	1998/02/05 20:06:10
@@ -303,16 +303,20 @@
 	case IPPROTO_TCP:
 		printf("TCP ");
 		print_ip(ip->ip_src);
-		printf(":%d ", ntohs(tcp->th_sport));
+		if ((ip->ip_off & IP_OFFMASK) == 0) 
+			printf(":%d ", ntohs(tcp->th_sport));
 		print_ip(ip->ip_dst);
-		printf(":%d", ntohs(tcp->th_dport));
+		if ((ip->ip_off & IP_OFFMASK) == 0) 
+			printf(":%d", ntohs(tcp->th_dport));
 		break;
 	case IPPROTO_UDP:
 		printf("UDP ");
 		print_ip(ip->ip_src);
-		printf(":%d ", ntohs(udp->uh_sport));
+		if ((ip->ip_off & IP_OFFMASK) == 0) 
+			printf(":%d ", ntohs(udp->uh_sport));
 		print_ip(ip->ip_dst);
-		printf(":%d", ntohs(udp->uh_dport));
+		if ((ip->ip_off & IP_OFFMASK) == 0) 
+			printf(":%d", ntohs(udp->uh_dport));
 		break;
 	case IPPROTO_ICMP:
 		printf("ICMP:%u.%u ", icmp->icmp_type, icmp->icmp_code);