Date: Wed, 9 Jan 2002 05:00:04 -0800 (PST) From: Valentin Nechayev <netch@netch.kiev.ua> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/31034: regularly add original address logging for tcpwrappers a ddress mismatch diagnostics Message-ID: <200201091300.g09D04Y69763@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/31034; it has been noted by GNATS.
From: Valentin Nechayev <netch@netch.kiev.ua>
To: freebsd-gnats-submit@freebsd.org
Cc:
Subject: Re: bin/31034: regularly add original address logging for tcpwrappers a ddress mismatch diagnostics
Date: Wed, 9 Jan 2002 14:59:15 +0200
I want to update the patch from original report.
Now it uses syslog(allow_severity,...) instead of tcpd_warn(), because
tcpd_warn() uses LOG_ERR always, which is quite unreasonable fixed and too
high for this problem.
--- socket.c.0 Wed Jul 11 14:47:43 2001
+++ socket.c Wed Jan 9 12:38:59 2002
@@ -224,9 +224,9 @@
hints.ai_flags = AI_PASSIVE | AI_CANONNAME | AI_NUMERICHOST;
if ((err = getaddrinfo(host->name, NULL, &hints, &res0)) == 0) {
freeaddrinfo(res0);
- tcpd_warn("host name/name mismatch: "
- "reverse lookup results in non-FQDN %s",
- host->name);
+ syslog(allow_severity, "host name/name mismatch: "
+ "reverse lookup for %s results in non-FQDN %s",
+ host->addr, host->name);
strcpy(host->name, paranoid); /* name is bad, clobber it */
}
err = !err;
@@ -258,9 +258,11 @@
* may be a transient problem or a botched name server setup.
*/
- tcpd_warn("can't verify hostname: getaddrinfo(%s, %s) failed",
+ syslog(allow_severity,
+ "can't verify hostname: getaddrinfo(%s, %s) failed for %s",
host->name,
- (sin->sa_family == AF_INET) ? "AF_INET" : "AF_INET6");
+ (sin->sa_family == AF_INET) ? "AF_INET" : "AF_INET6",
+ host->addr);
} else if ((res0->ai_canonname == NULL
|| STR_NE(host->name, res0->ai_canonname))
@@ -272,9 +274,10 @@
* problem. It could also be that someone is trying to spoof us.
*/
- tcpd_warn("host name/name mismatch: %s != %.*s",
+ syslog(allow_severity, "host name/name mismatch: %s != %.*s, addr=%s",
host->name, STRING_LENGTH,
- (res0->ai_canonname == NULL) ? "" : res0->ai_canonname);
+ (res0->ai_canonname == NULL) ? "" : res0->ai_canonname,
+ host->addr);
} else {
@@ -317,9 +320,11 @@
getnameinfo(sin, salen, hname, sizeof(hname),
NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID);
- tcpd_warn("host name/address mismatch: %s != %.*s",
+ syslog(allow_severity,
+ "host name/address mismatch: %s != %.*s, origaddr=%s",
hname, STRING_LENGTH,
- (res0->ai_canonname == NULL) ? "" : res0->ai_canonname);
+ (res0->ai_canonname == NULL) ? "" : res0->ai_canonname,
+ host->addr);
}
strcpy(host->name, paranoid); /* name is bad, clobber it */
if (res0)
@@ -363,8 +368,9 @@
* may be a transient problem or a botched name server setup.
*/
- tcpd_warn("can't verify hostname: gethostbyname(%s) failed",
- host->name);
+ syslog(allow_severity,
+ "can't verify hostname: gethostbyname(%s) failed for origaddr %s",
+ host->name, host->addr);
} else if (STR_NE(host->name, hp->h_name)
&& STR_NE(host->name, "localhost")) {
@@ -375,8 +381,8 @@
* problem. It could also be that someone is trying to spoof us.
*/
- tcpd_warn("host name/name mismatch: %s != %.*s",
- host->name, STRING_LENGTH, hp->h_name);
+ syslog(allow_severity, "host name/name mismatch: %s != %.*s, addr=%s",
+ host->name, STRING_LENGTH, hp->h_name, host->addr);
} else {
@@ -400,8 +406,10 @@
* server.
*/
- tcpd_warn("host name/address mismatch: %s != %.*s",
- inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name);
+ syslog(allow_severity,
+ "host name/address mismatch: %s != %.*s, origaddr=%s",
+ inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name,
+ host->addr);
}
strcpy(host->name, paranoid); /* name is bad, clobber it */
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201091300.g09D04Y69763>