Date: Thu, 5 Feb 1998 12:06:28 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: marcs@znep.com (Marc Slemko) Cc: hackers@FreeBSD.ORG Subject: Re: ipfw logs ports for fragments Message-ID: <199802052006.MAA10605@bubba.whistle.com> In-Reply-To: <Pine.BSF.3.95.980204205855.2304D-100000@alive.znep.com> from Marc Slemko at "Feb 4, 98 09:01:47 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Marc Slemko writes: > Feb 4 16:08:27 zaius /kernel: ipfw: 320 Deny UDP 199.170.121.15:14592 198.161.84.2:2 in via de0 Fragment = 29 > > Trust me, those port numbers are not right. ipfw should not log the > port number if a packet is a fragment. Good point... patch below fixes it. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com Index: ip_fw.c =================================================================== RCS file: /cvs/freebsd/src/sys/netinet/ip_fw.c,v retrieving revision 1.51.2.6 diff -u -r1.51.2.6 ip_fw.c --- ip_fw.c 1997/11/22 13:00:48 1.51.2.6 +++ ip_fw.c 1998/02/05 20:06:10 @@ -303,16 +303,20 @@ case IPPROTO_TCP: printf("TCP "); print_ip(ip->ip_src); - printf(":%d ", ntohs(tcp->th_sport)); + if ((ip->ip_off & IP_OFFMASK) == 0) + printf(":%d ", ntohs(tcp->th_sport)); print_ip(ip->ip_dst); - printf(":%d", ntohs(tcp->th_dport)); + if ((ip->ip_off & IP_OFFMASK) == 0) + printf(":%d", ntohs(tcp->th_dport)); break; case IPPROTO_UDP: printf("UDP "); print_ip(ip->ip_src); - printf(":%d ", ntohs(udp->uh_sport)); + if ((ip->ip_off & IP_OFFMASK) == 0) + printf(":%d ", ntohs(udp->uh_sport)); print_ip(ip->ip_dst); - printf(":%d", ntohs(udp->uh_dport)); + if ((ip->ip_off & IP_OFFMASK) == 0) + printf(":%d", ntohs(udp->uh_dport)); break; case IPPROTO_ICMP: printf("ICMP:%u.%u ", icmp->icmp_type, icmp->icmp_code);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802052006.MAA10605>