Hi Mark,
Mark Bucciarelli wrote on Thu, Mar 12, 2009 at 05:30:37PM -0500:
> On Thu, Mar 12, 2009 at 4:42 PM, Ingo Schwarze <[email protected]> wrote:
>> Mark Bucciarelli wrote on Thu, Mar 12, 2009 at 03:51:18PM -0500:
>>> Can I tell ftpd to log the IP of the remote host instead of the
>>> remote host name?
>> No.
> Is there any good reason to log the remote host name rather than
> the IP?
Not sure; people might be used to it and have log analyzer scripts
relying on this behaviour.
> The http, secure shell, network time protocol, and mail daemons
> all log the IP of the remote host.
>
> Is this ftpd code a legacy from when PTR records were not spoofed?
>
> Should I submit a patch? The change seems easy enough :)
The following is minimally intrusive:
It only changes the message "connection from",
and it only appends the numeric address in square brackets,
so chances are most scripts will be unaffected.
The second call to getnameinfo(3) ought to cheap, in any case
cheaper than the first one without NI_NUMERICHOST.
The additional bytes in the log are few and might sometimes
come in handy.
Tested on i386-current.
Comments?
Yours,
Ingo
Index: ftpd.c
===================================================================
RCS file: /cvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.185
diff -u -p -r1.185 ftpd.c
--- ftpd.c 30 Sep 2008 16:16:21 -0000 1.185
+++ ftpd.c 12 Mar 2009 23:28:35 -0000
@@ -2174,8 +2174,13 @@ dolog(struct sockaddr *sa)
setproctitle("%s", proctitle);
#endif /* HASSETPROCTITLE */
- if (logging)
- syslog(LOG_INFO, "connection from %s", remotehost);
+ if (logging) {
+ int error;
+ error = getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf),
+ NULL, 0, NI_NUMERICHOST);
+ syslog(LOG_INFO, "connection from %s [%s]", remotehost,
+ error ? gai_strerror(error) : hbuf);
+ }
}
/*
