Log information about packets being dropped (probably due to

``nat deny_incoming yes'') by libalias.

diff --git a/usr.sbin/ppp/ppp/ip.c b/usr.sbin/ppp/ppp/ip.c
index c769102..5a50a51 100644 (file)
--- a/usr.sbin/ppp/ppp/ip.c
+++ b/usr.sbin/ppp/ppp/ip.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $OpenBSD: ip.c,v 1.21 2000/02/27 01:38:26 brian Exp $
+ * $OpenBSD: ip.c,v 1.22 2000/03/29 09:32:37 brian Exp $
  *
  *     TODO:
  *             o Return ICMP message for filterd packet
@@ -443,7 +443,8 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter)
   int mask, len, n, pri, logit, loglen, result;
   char logbuf[200];
 
-  logit = (log_IsKept(LogTCPIP) || log_IsKept(LogDNS)) && filter->logok;
+  logit = (log_IsKept(LogTCPIP) || log_IsKept(LogDNS)) &&
+          (!filter || filter->logok);
   loglen = 0;
   pri = 0;
 
@@ -451,7 +452,10 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter)
   uh = NULL;
 
   if (logit && loglen < sizeof logbuf) {
-    snprintf(logbuf + loglen, sizeof logbuf - loglen, "%s ", filter->name);
+    if (filter)
+      snprintf(logbuf + loglen, sizeof logbuf - loglen, "%s ", filter->name);
+    else
+      snprintf(logbuf + loglen, sizeof logbuf - loglen, "  ");
     loglen += strlen(logbuf + loglen);
   }
   ptop = (cp + (pip->ip_hl << 2));
@@ -584,7 +588,7 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter)
     break;
   }
 
-  if (FilterCheck(pip, filter)) {
+  if (filter && FilterCheck(pip, filter)) {
     if (logit)
       log_Printf(LogTCPIP, "%s - BLOCKED\n", logbuf);
 #ifdef notdef
@@ -595,7 +599,7 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter)
   } else {
     /* Check Keep Alive filter */
     if (logit && log_IsKept(LogTCPIP)) {
-      if (FilterCheck(pip, &bundle->filter.alive))
+      if (filter && FilterCheck(pip, &bundle->filter.alive))
         log_Printf(LogTCPIP, "%s - NO KEEPALIVE\n", logbuf);
       else
         log_Printf(LogTCPIP, "%s\n", logbuf);
@@ -603,7 +607,7 @@ PacketCheck(struct bundle *bundle, char *cp, int nb, struct filter *filter)
     result = pri;
   }
 
-  if (uh && ntohs(uh->uh_dport) == 53 && log_IsKept(LogDNS))
+  if (filter && uh && ntohs(uh->uh_dport) == 53 && log_IsKept(LogDNS))
     ip_LogDNS(uh, filter->name);
 
   return result;

diff --git a/usr.sbin/ppp/ppp/nat_cmd.c b/usr.sbin/ppp/ppp/nat_cmd.c
index 251c59b..702decf 100644 (file)
--- a/usr.sbin/ppp/ppp/nat_cmd.c
+++ b/usr.sbin/ppp/ppp/nat_cmd.c
@@ -2,7 +2,7 @@
  * The code in this file was written by Eivind Eklund <perhaps@yes.no>,
  * who places it in the public domain without restriction.
  *
- *     $OpenBSD: nat_cmd.c,v 1.7 2000/03/29 00:14:20 brian Exp $
+ *     $OpenBSD: nat_cmd.c,v 1.8 2000/03/29 09:32:37 brian Exp $
  */
 
 #include <sys/param.h>
@@ -50,6 +50,7 @@
 #ifndef NORADIUS
 #include "radius.h"
 #endif
+#include "ip.h"
 #include "bundle.h"
 
 
@@ -423,6 +424,15 @@ nat_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
                  nfrags, gfrags);
       break;
 
+    case PKT_ALIAS_IGNORED:
+      if (log_IsKept(LogTCPIP)) {
+        log_Printf(LogTCPIP, "NAT engine ignored data:\n");
+        PacketCheck(bundle, (char *)pip, ntohs(pip->ip_len), NULL);
+      }
+      m_freem(bp);
+      bp = NULL;
+      break;
+
     default:
       log_Printf(LogWARN, "nat_LayerPull: Dropped a packet (%d)....\n", ret);
       m_freem(bp);