Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 5 Dec 2000 09:26:17 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 5 Dec 2000 09:26:06 -0500 Received: from CPE-61-9-151-208.vic.bigpond.net.au ([61.9.151.208]:61961 "HELO halfway.linuxcare.com.au") by vger.kernel.org with SMTP id ; Tue, 5 Dec 2000 09:25:47 -0500 From: Rusty Russell To: "Christian W. Zuckschwerdt" Cc: linux-kernel@vger.kernel.org Subject: Re: [PATCH] ipchains log will show all flags In-Reply-To: Your message of "Tue, 05 Dec 2000 14:22:00 BST." <0012051408110.1526-100000@localhost> Date: Wed, 06 Dec 2000 00:55:09 +1100 Message-Id: <20001205135519.9747C813F@halfway.linuxcare.com.au> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org In message <0012051408110.1526-100000@localhost> you write: > Hi Linus, > > This tiny patch extends ipchains logging. This way one can distinguish > (plain) connection attempts and (Xmas, Fin,...) scans. E.g. > kernel: Packet log: input - lo PROTO=6 127.0.0.1:40326 127.0.0.1:80 > L=40 S=0x00 I=5808 F=0x0000 T=51 (#1) > vs. > L=40 S=0x00 I=5808 F=0x0000 T=51 (#1) B=-s--a- > and > L=40 S=0x00 I=5808 F=0x0000 T=51 (#1) B=fs-p-u > > Please comment on the format (B=...) and implementation details (speed). > The patch is against 2.2.17's /net/ipv4/ip_fw.c Looks OK, but CC'ing the maintainer is simple politeness. > + if (ip->protocol == IPPROTO_TCP) You probably want to insert `&& !(ip->frag_off & htons(IP_OFFSET))' > + tcp-syn ? 's' : '-', tcp->rst ? 'r' : '-', You mean `tcp->syn' not `tcp-syn'. I like the fact that it doesn't disturb the format, simply appends, and it has been a not-uncommon request. But application is up to Alan Cox, who ruleth the 2.2 series. Rusty. -- Hacking time. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/