From 130dc57f9d24951ee7a5065363cc2b9cd205ba90 Mon Sep 17 00:00:00 2001 From: brian Date: Wed, 29 Mar 2000 09:32:38 +0000 Subject: Log information about packets being dropped (probably due to ``nat deny_incoming yes'') by libalias. --- usr.sbin/ppp/ppp/ip.c | 16 ++++++++++------ usr.sbin/ppp/ppp/nat_cmd.c | 12 +++++++++++- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/usr.sbin/ppp/ppp/ip.c b/usr.sbin/ppp/ppp/ip.c index c769102105a..5a50a51d5c7 100644 --- a/usr.sbin/ppp/ppp/ip.c +++ b/usr.sbin/ppp/ppp/ip.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $OpenBSD: ip.c,v 1.21 2000/02/27 01:38:26 brian Exp $ + * $OpenBSD: ip.c,v 1.22 2000/03/29 09:32:37 brian Exp $ * * TODO: * o Return ICMP message for filterd packet @@ -443,7 +443,8 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter) int mask, len, n, pri, logit, loglen, result; char logbuf[200]; - logit = (log_IsKept(LogTCPIP) || log_IsKept(LogDNS)) && filter->logok; + logit = (log_IsKept(LogTCPIP) || log_IsKept(LogDNS)) && + (!filter || filter->logok); loglen = 0; pri = 0; @@ -451,7 +452,10 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter) uh = NULL; if (logit && loglen < sizeof logbuf) { - snprintf(logbuf + loglen, sizeof logbuf - loglen, "%s ", filter->name); + if (filter) + snprintf(logbuf + loglen, sizeof logbuf - loglen, "%s ", filter->name); + else + snprintf(logbuf + loglen, sizeof logbuf - loglen, " "); loglen += strlen(logbuf + loglen); } ptop = (cp + (pip->ip_hl << 2)); @@ -584,7 +588,7 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter) break; } - if (FilterCheck(pip, filter)) { + if (filter && FilterCheck(pip, filter)) { if (logit) log_Printf(LogTCPIP, "%s - BLOCKED\n", logbuf); #ifdef notdef @@ -595,7 +599,7 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter) } else { /* Check Keep Alive filter */ if (logit && log_IsKept(LogTCPIP)) { - if (FilterCheck(pip, &bundle->filter.alive)) + if (filter && FilterCheck(pip, &bundle->filter.alive)) log_Printf(LogTCPIP, "%s - NO KEEPALIVE\n", logbuf); else log_Printf(LogTCPIP, "%s\n", logbuf); @@ -603,7 +607,7 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter) result = pri; } - if (uh && ntohs(uh->uh_dport) == 53 && log_IsKept(LogDNS)) + if (filter && uh && ntohs(uh->uh_dport) == 53 && log_IsKept(LogDNS)) ip_LogDNS(uh, filter->name); return result; diff --git a/usr.sbin/ppp/ppp/nat_cmd.c b/usr.sbin/ppp/ppp/nat_cmd.c index 251c59bd4d8..702decfc9a0 100644 --- a/usr.sbin/ppp/ppp/nat_cmd.c +++ b/usr.sbin/ppp/ppp/nat_cmd.c @@ -2,7 +2,7 @@ * The code in this file was written by Eivind Eklund , * who places it in the public domain without restriction. * - * $OpenBSD: nat_cmd.c,v 1.7 2000/03/29 00:14:20 brian Exp $ + * $OpenBSD: nat_cmd.c,v 1.8 2000/03/29 09:32:37 brian Exp $ */ #include @@ -50,6 +50,7 @@ #ifndef NORADIUS #include "radius.h" #endif +#include "ip.h" #include "bundle.h" @@ -423,6 +424,15 @@ nat_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp, nfrags, gfrags); break; + case PKT_ALIAS_IGNORED: + if (log_IsKept(LogTCPIP)) { + log_Printf(LogTCPIP, "NAT engine ignored data:\n"); + PacketCheck(bundle, (char *)pip, ntohs(pip->ip_len), NULL); + } + m_freem(bp); + bp = NULL; + break; + default: log_Printf(LogWARN, "nat_LayerPull: Dropped a packet (%d)....\n", ret); m_freem(bp); -- cgit v1.2.3