Date: Wed, 9 Jan 2002 05:00:04 -0800 (PST) From: Valentin Nechayev <netch@netch.kiev.ua> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/31034: regularly add original address logging for tcpwrappers a ddress mismatch diagnostics Message-ID: <200201091300.g09D04Y69763@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/31034; it has been noted by GNATS. From: Valentin Nechayev <netch@netch.kiev.ua> To: freebsd-gnats-submit@freebsd.org Cc: Subject: Re: bin/31034: regularly add original address logging for tcpwrappers a ddress mismatch diagnostics Date: Wed, 9 Jan 2002 14:59:15 +0200 I want to update the patch from original report. Now it uses syslog(allow_severity,...) instead of tcpd_warn(), because tcpd_warn() uses LOG_ERR always, which is quite unreasonable fixed and too high for this problem. --- socket.c.0 Wed Jul 11 14:47:43 2001 +++ socket.c Wed Jan 9 12:38:59 2002 @@ -224,9 +224,9 @@ hints.ai_flags = AI_PASSIVE | AI_CANONNAME | AI_NUMERICHOST; if ((err = getaddrinfo(host->name, NULL, &hints, &res0)) == 0) { freeaddrinfo(res0); - tcpd_warn("host name/name mismatch: " - "reverse lookup results in non-FQDN %s", - host->name); + syslog(allow_severity, "host name/name mismatch: " + "reverse lookup for %s results in non-FQDN %s", + host->addr, host->name); strcpy(host->name, paranoid); /* name is bad, clobber it */ } err = !err; @@ -258,9 +258,11 @@ * may be a transient problem or a botched name server setup. */ - tcpd_warn("can't verify hostname: getaddrinfo(%s, %s) failed", + syslog(allow_severity, + "can't verify hostname: getaddrinfo(%s, %s) failed for %s", host->name, - (sin->sa_family == AF_INET) ? "AF_INET" : "AF_INET6"); + (sin->sa_family == AF_INET) ? "AF_INET" : "AF_INET6", + host->addr); } else if ((res0->ai_canonname == NULL || STR_NE(host->name, res0->ai_canonname)) @@ -272,9 +274,10 @@ * problem. It could also be that someone is trying to spoof us. */ - tcpd_warn("host name/name mismatch: %s != %.*s", + syslog(allow_severity, "host name/name mismatch: %s != %.*s, addr=%s", host->name, STRING_LENGTH, - (res0->ai_canonname == NULL) ? "" : res0->ai_canonname); + (res0->ai_canonname == NULL) ? "" : res0->ai_canonname, + host->addr); } else { @@ -317,9 +320,11 @@ getnameinfo(sin, salen, hname, sizeof(hname), NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID); - tcpd_warn("host name/address mismatch: %s != %.*s", + syslog(allow_severity, + "host name/address mismatch: %s != %.*s, origaddr=%s", hname, STRING_LENGTH, - (res0->ai_canonname == NULL) ? "" : res0->ai_canonname); + (res0->ai_canonname == NULL) ? "" : res0->ai_canonname, + host->addr); } strcpy(host->name, paranoid); /* name is bad, clobber it */ if (res0) @@ -363,8 +368,9 @@ * may be a transient problem or a botched name server setup. */ - tcpd_warn("can't verify hostname: gethostbyname(%s) failed", - host->name); + syslog(allow_severity, + "can't verify hostname: gethostbyname(%s) failed for origaddr %s", + host->name, host->addr); } else if (STR_NE(host->name, hp->h_name) && STR_NE(host->name, "localhost")) { @@ -375,8 +381,8 @@ * problem. It could also be that someone is trying to spoof us. */ - tcpd_warn("host name/name mismatch: %s != %.*s", - host->name, STRING_LENGTH, hp->h_name); + syslog(allow_severity, "host name/name mismatch: %s != %.*s, addr=%s", + host->name, STRING_LENGTH, hp->h_name, host->addr); } else { @@ -400,8 +406,10 @@ * server. */ - tcpd_warn("host name/address mismatch: %s != %.*s", - inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name); + syslog(allow_severity, + "host name/address mismatch: %s != %.*s, origaddr=%s", + inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name, + host->addr); } strcpy(host->name, paranoid); /* name is bad, clobber it */ } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201091300.g09D04Y69763>