Tzafrir Cohen wrote:
> Hi
>
> I'm trying to understand a certain reoccouring denied packet. The trouble
> is I can't find any reference to the meaning of all the fields in the
> syslog message. Can anybody point me to such a reference?
Use the source, Luke: ;-)
printk("%s PROTO=%d %d.%d.%d.%d:%hu %d.%d.%d.%d:%hu"
" L=%hu S=0x%2.2hX I=%hu F=0x%4.4hX T=%hu",
ifname, ip->protocol,
(ntohl(ip->saddr)>>24)&0xFF,
(ntohl(ip->saddr)>>16)&0xFF,
(ntohl(ip->saddr)>>8)&0xFF,
(ntohl(ip->saddr))&0xFF,
src_port,
(ntohl(ip->daddr)>>24)&0xFF,
(ntohl(ip->daddr)>>16)&0xFF,
(ntohl(ip->daddr)>>8)&0xFF,
(ntohl(ip->daddr))&0xFF,
dst_port,
ntohs(ip->tot_len), ip->tos, ntohs(ip->id),
ntohs(ip->frag_off), ip->ttl);
for (opti = 0; opti < (ip->ihl - sizeof(struct iphdr) / 4); opti++)
printk(" O=0x%8.8X", *opt++);
printk(" %s(#%d)\n", syn ? "SYN " : /* "PENANCE" */ "", count);
It goes like this:
Packet log: <ipchains label that caught packet> <ipchains action name>
[if action=FW_REDIRECT then destniation ip] <interface name (like
"eth0")> <IP protocol (like 6)>
<source ip> <source port> <dest ip> <dest port> <Total lenght of packet
as adevertised in header>
< the Terms of Service bit field> <IP packet id> <The fragment offset
field from header>
<Time to live field from header> [IP options mambo jumob, if exists] [
SYN, if it is]
(#<count - probably the real packet length>)
Hope this helps,
Gilad.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
