In message <0012051408110.1526-100000@localhost> you write:
> Hi Linus,
>
> This tiny patch extends ipchains logging. This way one can distinguish
> (plain) connection attempts and (Xmas, Fin,...) scans. E.g.
> kernel: Packet log: input - lo PROTO=6 127.0.0.1:40326 127.0.0.1:80
> L=40 S=0x00 I=5808 F=0x0000 T=51 (#1)
> vs.
> L=40 S=0x00 I=5808 F=0x0000 T=51 (#1) B=-s--a-
> and
> L=40 S=0x00 I=5808 F=0x0000 T=51 (#1) B=fs-p-u
>
> Please comment on the format (B=...) and implementation details (speed).
> The patch is against 2.2.17's /net/ipv4/ip_fw.c
Looks OK, but CC'ing the maintainer is simple politeness.
> + if (ip->protocol == IPPROTO_TCP)
You probably want to insert `&& !(ip->frag_off & htons(IP_OFFSET))'
> + tcp-syn ? 's' : '-', tcp->rst ? 'r' : '-',
You mean `tcp->syn' not `tcp-syn'.
I like the fact that it doesn't disturb the format, simply appends,
and it has been a not-uncommon request.
But application is up to Alan Cox, who ruleth the 2.2 series.
Rusty.
--
Hacking time.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
