From owner-freebsd-audit  Fri Nov 16  8:52:26 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201])
	by hub.freebsd.org (Postfix) with ESMTP
	id DD8FE37B418; Fri, 16 Nov 2001 08:52:22 -0800 (PST)
Received: from sheldonh (helo=axl.seasidesoftware.co.za)
	by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1)
	id 164mFF-000IZh-00; Fri, 16 Nov 2001 18:53:37 +0200
From: Sheldon Hearn <sheldonh@starjuice.net>
To: Poul-Henning Kamp <phk@FreeBSD.org>
Cc: ru@FreeBSD.org, audit@FreeBSD.org
Subject: Re: cvs commit: src/sbin/natd natd.8 natd.c 
In-reply-to: Your message of "Wed, 31 Oct 2001 08:08:49 PST."
             <200110311608.f9VG8nd19655@freefall.freebsd.org> 
Date: Fri, 16 Nov 2001 18:53:37 +0200
Message-ID: <71404.1005929617@axl.seasidesoftware.co.za>
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG



On Wed, 31 Oct 2001 08:08:49 PST, Poul-Henning Kamp wrote:

>   Modified files:
>     sbin/natd            natd.8 natd.c 
>   Log:
>   Do not uselessly whine in syslog about packets denied by ipfw rules.
>   
>   Set 'log_ipfw_denied' option if you want the old behaviour.

Yuk.  Wouldn't a better idea simply to make the whining more useful,
with something like this?

Ciao,
Sheldon.

Index: natd.c
===================================================================
RCS file: /home/ncvs/src/sbin/natd/natd.c,v
retrieving revision 1.36
diff -u -d -r1.36 natd.c
--- natd.c	31 Oct 2001 16:08:49 -0000	1.36
+++ natd.c	16 Nov 2001 16:50:08 -0000
@@ -589,6 +589,8 @@
 {
 	int			wrote;
 	char			msgBuf[80];
+	char			hostBuf[NI_MAXHOST];
+	char			servBuf[NI_MAXSERV];
 /*
  * Put packet back for processing.
  */
@@ -618,7 +620,15 @@
 		}
 		else if (errno == EACCES && log_ipfw_denied) {
 
-			sprintf (msgBuf, "failed to write packet back");
+			if (getnameinfo((struct sockaddr *)&packetAddr,
+			    packetAddr.sin_len, hostBuf, sizeof(hostBuf),
+			    servBuf, sizeof(servBuf),
+			    NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
+				sprintf(hostBuf, "unknown");
+				sprintf(servBuf, "unknown");
+			}
+			sprintf (msgBuf, "failed to write packet to %s:%s",
+			    hostBuf, servBuf);
 			Warn (msgBuf);
 		}
 	}

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message