Subject: net.inet.udp.log_refused
To: None <tech-net@netbsd.org>
From: Johan Danielsson <joda@pdc.kth.se>
List: tech-net
Date: 12/01/2002 18:36:45
Is there a particular reason why there is no option to log
"unsolicited" udp packets?
/Johan
--- netinet/udp_var.h 2002/06/30 22:40:38 1.19
+++ netinet/udp_var.h 2002/12/01 17:31:53
@@ -75,13 +75,15 @@
#define UDPCTL_CHECKSUM 1 /* checksum UDP packets */
#define UDPCTL_SENDSPACE 2 /* default send buffer */
#define UDPCTL_RECVSPACE 3 /* default recv buffer */
-#define UDPCTL_MAXID 4
+#define UDPCTL_LOG_REFUSED 4 /* log refused connections */
+#define UDPCTL_MAXID 5
#define UDPCTL_NAMES { \
{ 0, 0 }, \
{ "checksum", CTLTYPE_INT }, \
{ "sendspace", CTLTYPE_INT }, \
{ "recvspace", CTLTYPE_INT }, \
+ { "log_refused", CTLTYPE_INT }, \
}
#ifdef _KERNEL
--- netinet/udp_usrreq.c 2002/08/14 00:23:36 1.96
+++ netinet/udp_usrreq.c 2002/12/01 17:31:53
@@ -79,6 +79,7 @@
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/errno.h>
+#include <sys/syslog.h>
#include <sys/stat.h>
#include <sys/systm.h>
#include <sys/proc.h>
@@ -200,6 +201,52 @@
}
#ifdef INET
+static void
+udp4_log_refused(const struct ip *ip, const struct udphdr *uh)
+{
+ char src[4*sizeof "123"];
+ char dst[4*sizeof "123"];
+
+ if (ip) {
+ strcpy(src, inet_ntoa(ip->ip_src));
+ strcpy(dst, inet_ntoa(ip->ip_dst));
+ }
+ else {
+ strcpy(src, "(unknown)");
+ strcpy(dst, "(unknown)");
+ }
+ log(LOG_INFO,
+ "Unhandled UDP packet to %s:%d from %s:%d\n",
+ dst, ntohs(uh->uh_dport),
+ src, ntohs(uh->uh_sport));
+}
+#endif
+
+#ifdef INET6
+static void
+udp6_log_refused(const struct ip6_hdr *ip6, const struct udphdr *uh)
+{
+ char src[INET6_ADDRSTRLEN];
+ char dst[INET6_ADDRSTRLEN];
+
+ if (ip6) {
+ strcpy(src, ip6_sprintf(&ip6->ip6_src));
+ strcpy(dst, ip6_sprintf(&ip6->ip6_dst));
+ }
+ else {
+ strcpy(src, "(unknown v6)");
+ strcpy(dst, "(unknown v6)");
+ }
+ log(LOG_INFO,
+ "Unhandled UDP packet to [%s]:%d from [%s]:%d\n",
+ dst, ntohs(uh->uh_dport),
+ src, ntohs(uh->uh_sport));
+}
+#endif
+
+int udp_log_refused;
+
+#ifdef INET
void
#if __STDC__
udp_input(struct mbuf *m, ...)
@@ -367,6 +414,8 @@
goto bad;
}
#endif
+ if (udp_log_refused)
+ udp4_log_refused(ip, uh);
icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 0, 0);
m = NULL;
}
@@ -479,6 +528,8 @@
goto bad;
}
udp6stat.udp6s_noport++;
+ if (udp_log_refused)
+ udp6_log_refused(ip, uh);
icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0);
m = NULL;
}
@@ -1143,6 +1194,9 @@
case UDPCTL_RECVSPACE:
return (sysctl_int(oldp, oldlenp, newp, newlen,
&udp_recvspace));
+ case UDPCTL_LOG_REFUSED:
+ return (sysctl_int(oldp, oldlenp, newp, newlen,
+ &udp_log_refused));
default:
return (ENOPROTOOPT);
}